Wired News reports that citizens who fall victim to ID theft becuase of the ChoicePoint debacle will find it difficult to recover damages for their losses if they decide to seek recourse against ChoicePoint:
Legal experts say that people who suffered losses as a result of the breach will find it difficult to get compensation from ChoicePoint for selling their personal data to con artists, even if the victims can prove that ChoicePoint was negligent in screening customers who purchased their data. That’s because courts have been unwilling to penalize companies when victims of identity theft are not their direct customers.
Experts are hoping the ChoicePoint case may begin to swing court opinion, which could force companies like ChoicePoint to take better care of consumer privacy and data in the absence of federal legislation.
The “absence of federal legislation” hits the nail right on the head. I agree with Daniel Solove’s suggestion that “the law should hold that companies collecting and using our personal information stand in a fiduciary relationship with us.” Further, the scope of the Code of Fair Information Practices should be extended beyond only government collection of personal information to include all private sector activities as well.