Just two years ago, Google’s market valuation hit $1 trillion, etching its name into an exclusive tech-giant club alongside internet behemoths like Apple and Microsoft.

The amount of revenue Google generates from internet advertising is more than any other company worldwide. Its advertising business side reported over $53 billion in sales in the fourth quarter of 2021 alone.

As a consumer, the likelihood that you added a small portion to that statistic? Fairly high. With such high profit margins, can Google afford to lose a customer or two? Yes.

As per one estimate, Google makes $9 per user per year. If the way in which Google handles a customer’s data is deemed unsatisfactory, the customer can leave.

If Google mishandles one person’s data, they simply lose $9 in revenue. Will that $9 make a big difference to a company worth $1 trillion? In terms of customer loyalty, potentially. That one customer could snowball into multiple users. This then becomes a reputational risk for Google. However, in terms of finances, they are happy to let go of that $9 and simply adjust their marketing strategy accordingly.

For you, the user, a mishandling of data could mean the loss of your career, it could impact your finances or even your identity.

The Life of a LifeLock CEO

LifeLock is a company that offers identity theft protection services. The CEO of LifeLock, Todd Davis, shared his social security number in numerous LifeLock advertisements. From billboards to the sides of truck panels, his personal information was pasted for the world to see. This form of advertising was used as a tactic to guarantee the safety and security of LifeLock’s services.

You can guess what happened. His social security number was inevitably stolen not just once but multiple times. There are quite a few things wrong with this tactic, the most blatant being that your security can indeed be compromised swiftly by anyone at any time.

While the CEO of a major company can generally come out the other side unscathed with corrected credit reports and no significant financial loss, the average user might not be so lucky.

At the end of the day, many company guarantees exist to protect the company’s bottom line. In the case of LifeLock, much of its small print indicates it is not financially liable for any losses that a user may incur as a result of failed protection services. As of today, LifeLock remains in business.

The LifeLock story is one out of hundreds in which internet stalkers and thieves are adept at finessing such systems.

On a broader scale, we regularly share our data such as social security numbers with the government whether we want to or not.  How our data gets collected and stored is murky, and the risks that accompany how much we share vary widely. The more of our data we continue to freely give, the more power government agencies and large corporations have over us as consumers.

Furthermore, the more our data gets shared around and “bought” by third parties, the higher the likelihood that our data is being leaked or breached.  The ushering in of the CCPA is a promising step forward, however, current disparate laws aren’t necessarily strongly implemented. They tend to maintain the status quo more than anything, and recourse falls away from companies onto individual consumers.

As discussed in previous posts, the US has a sort of grab-bag of laws that cover various types of data. Think HIPAA, ECPA, and now the CCPA. Yet, the vast majority of data isn’t strongly covered under these laws.

Does Filing a Claim Work?

Data breaches are common in today’s world. As consumers, we have the ability to sue a company for negligence when it comes to data handling. Yet, as more and more consumers file a claim, the case could turn into a class-action lawsuit.

For certain corporations, class-action lawsuit sizes can reach into the millions of plaintiffs. Depending on the situation, you might opt-out entirely. If you don’t opt-out, you might receive a settlement amount back. However, settlement amounts for large class-action lawsuits with a large number of plaintiffs do not pay well. Any monetary payments as they relate to claim compensation depend on the number of claims received. Costs of the settlement administration, attorneys’ fees and expenses need to be deducted before claims get paid out as well.

Historically, class action lawsuits have minimal impact on a company’s reputation. Data breaches happen all the time, and yet, companies remain in business while individuals deal with the fallout of compromised personal data.

Equifax is an excellent example of getting hit with a breach while suffering minor reputational damage. One of the three major credit bureaus in the United States, Equifax experienced a large data breach in 2017. Millions of people had their personal and financial data exposed. Customers were offered free credit monitoring for some time and that was that.

Five years on and Equifax is still doing business. It remains one of the largest credit bureaus in the US.

More recently, one of the largest mobile phone providers experienced a massive data breach in which systems were compromised and personal customer information was stolen. The company? T-Mobile. The attack allegedly affected 54 million customers. Phone numbers, social security numbers, and dates of birth were just a few of the personally sensitive pieces of information stolen.

Currently, T-Mobile is facing multiple class-actions due to the breach. Yet, T-Mobile is a huge corporation with high-profile lawyers on their side. It’s hard to say for certain whether or not the case will go to trial. However, many class-action lawsuits don’t ever make it into the courtroom. Why? Part of the reason is due to optics.

Many data breaches happen as a result of poor security implementation. Companies would rather settle than take a case to court where details become public facing. At that stage, bad press is inevitable. The onus then falls on the company in question for their inability to implement strong security measures.

No company wants to seem incompetent. Nor do they want information to get out that the initial breach could have been prevented if only the suits that made the decisions had simply cared about their customers’ personal information from the get go.

In overly simplified terms, data breaches may hurt companies financially and that seems to be the extent of it. Settlements are the norm, as many class-action data breach claims never make it to trial. So…

What Do They Have to Lose?

Ask yourself, what do they have to lose if they misplace your data? Reputational loss and financial loss, sure. However, there is a third branch of thought. The losses felt by companies when customer data is breached could be greater if, as a collective, consumers take privacy matters more seriously into their own hands.

Think back to a time you’ve received an email that “XYZ company” had a data breach and now your “XYZ information” has been compromised. Maybe they suggested you to change your passwords and be on the lookout for suspicious activity. This is essentially a poor approach by companies to keeping your data safe.

Better privacy legislation would be more helpful in deterring poor security and incentive companies to implement better security measures than a class-action lawsuit. Class-action lawsuits generally take up time and money, and ultimately don’t do much by way of customer privacy. As of now, it seems companies are willing to fork out settlement claims rather than moving their focus to bettering their privacy practices. 

As consumers, we have the ability to call into question how our data is being handled and how much of it we actually should be giving away. More to the point, we not only have the ability, but we should be exercising it at every turn. Better education on data security is crucial in making sure legislation is pushed forward in order to combat the issue.