Personal infomation lost by dealership and was not notified until I agreed the deal

[miserea]

Not sure if this is the right place to post but an auto dealership told me my files were lost only when I decided to proceed with the deal. That file includes my name, address, phone number, SSN etc. As well as my credit check result. What law can protect me?

 

[Zigner]

Not sure if this is the right place to post but an auto dealership told me my files were lost only when I decided to proceed with the deal. That file includes my name, address, phone number, SSN etc. As well as my credit check result. What law can protect me?

Protect you from what?

Also, this site is for US law only.

 

[miserea]

Protect you from what?

Also, this site is for US law only.

The lost of my PII could allowed identity theft, is the dealership not hold accountable if such thing happened?
Yes this happened in US.

 

[Zigner]

The lost of my PII could allowed identity theft, is the dealership not hold accountable if such thing happened?
Yes this happened in US.

What state?

If such a thing happens, and if you can show it was because of the loss of your information, then you can talk to them...

 

[Just Blue]

The lost of my PII could allowed identity theft, is the dealership not hold accountable if such thing happened?
Yes this happened in US.

The site asks you to post the name of your state when you start a thread. Please do so.

 

[miserea]

What state?

If such a thing happens, and if you can show it was because of the loss of your information, then you can talk to them...

Maryland.

So there isn't any law stating consequence for their failure of protecting consumer's personal information?

 

[Ohiogal]

Maryland.

So there isn't any law stating consequence for their failure of protecting consumer's personal information?

Not really. No.

 

[Silverplum]

Maryland.

So there isn't any law stating consequence for their failure of protecting consumer's personal information?

Your state name mattered, as you were repeatedly told.

Now you may have specific info. Go here to complain and ask questions: http://www.oag.state.md.us/Consumer/index.htm

 

[tranquility]

http://www.oag.state.md.us/idtheft/businessGL.htm

Components of the statute:

PIPA defines “Personal information” as an individual's first and last name in combination with a: Social Security Number, Driver's License Number, Financial Account Number or Individual Taxpayer Identification Number unless the information is encrypted, redacted or otherwise rendered unusable. A “security breach” is defined as the unauthorized acquisition of computerized data that compromises the security, confidentiality or integrity of personal information. If a business experiences a security breach where personal information that, combined, may pose a threat to a consumer if misused, that business must notify any affected consumers residing in Maryland. Once a security breach is detected, a business must conduct in good-faith a reasonable and prompt investigation to determine whether the information that has been compromised has been or is likely to be misused, i.e. for identity theft. If the investigation shows that there is a reasonable chance that the data will be misused, that business must notify the affected consumers.

In the event of a security breach, notice must be given to consumers as soon as reasonably practicable following the investigation. A business may delay notification if requested by a law enforcement agency or to determine the scope of the breach, identify all the affected individuals or restore the integrity of the system. Notice to affected consumer must be given in writing and sent to the most recent address of the individual, or by telephone to the most recent phone number. Notice may be sent via e-mail if an individual has already consented to receive electronic notice or the business primarily conducts its business via the Internet. The law also contains a provision for substitute notice, allowing a business to provide notice of a security breach by e-mail, posting on its website and notice to statewide media if the cost of notice would exceed $100,000 or the number of consumers to be notified exceeds 175,000 individuals.

The notice sent to consumer must include the following:

Description of the information compromised.
Contact information for the business, including a toll-free number if the business has one.
Toll-free numbers and addresses for each of the three credit reporting agencies: Equifax, Experian and TransUnion.
Toll-free numbers, addresses and Websites for the Federal Trade Commission (FTC) and the Office of the Attorney General (OAG).
A statement that the individual can obtain information from these sources about steps to avoid identity theft.

 

[Silverplum]

...an auto dealership told me my files were lost...That file includes my name, address, phone number, SSN etc. As well as my credit check result.

How did you expect them to contact you? Telepathically?

 

[miserea]

How did you expect them to contact you? Telepathically?

They have my number and email, I assume once they realized they should have notified me.