from the big-questions dept
This leads to a series of interesting questions. Congress has considered at times creating privacy legislation that could potentially include statutory damages for privacy breaches (and there are a few ideas for such legislation floating around with lobbyists). The problem with this, though, is that in some cases breaches really are inevitable -- and including a monetary reward could clearly (as Goldman notes) "overcompensate the victim or overdeter the defendant." That could have pretty significant unintended consequences, including significantly limiting the availability of certain services as companies don't want to take on the potential liability. At the same time, without any chance of monetary damages, there's a question about leaving little in the way of incentives for companies to actually take privacy seriously.
There's something to be said for the fact that a privacy breach does have a negative reputational impact on the companies who violate people's privacy, but it's reaching a point of saturation, where so many people's private info has been breached so often, that many people don't even register who's involved each time the latest breach comes along. So, it's not clear that there's a really good answer here -- though, I'm sure some folks in the comments will have some strong opinions. Should there be monetary awards for privacy breaches? Should Congress create a privacy law?