104 Iowa L. Rev. 417 (2018)

Download PDF

Abstract

The 2017 Equifax breach, which endangered the personal financial information of 147 million Americans, was one of the worst data breaches in U.S. history. In light of this catastrophe and the growing number of mass data breaches, many privacy advocates and U.S. consumers have begun to advocate for federal data protection legislation. However, companies that thrive off big data, such as Facebook, Amazon, Google, and Equifax, have spent millions lobbying against data protection laws. As a result, the United States has no universal, federal data protection law. Many states and specific sectors of the economy, such as healthcare and finance, have tried to bridge this gap in legislation with their own data protection laws. However, businesses continue to collect, store, and sell the personal information of consumers with few consumer protections. In comparison, the EU recently passed the General Data Protection Regulation (“GDPR”), which guarantees EU citizens the fundamental right to data protection and forces companies to implement data protection regulations and baseline security measures when collecting personal information. Because of the growing risks to consumers due to recent mass-data breaches and the growth of “big-data” companies, this Note asserts that Congress should enact a federal data protection law, similar to the GDPR, that will adequately protect consumers from future mass breaches like the 2017 Equifax.