Tags:




One year of protection, hey thanks!
February 19, 2009 6:11 PM   RSS feed for this thread Subscribe

I applied for a scholarship in October, got my rejection in December. Now I get a letter telling me that my "name and social security number was inadvertently exposed to third parties." Can I sue?

Here's the contents of the letter, with the organization's name x'd out:
We are writing to inform you that we recently discovered that you are among a group of individuals whose personally identifiable information, such as name and social security number, were inadvertently exposed to third parties. We regret this incident and have no reason to believe that your personal information has or will be shared with others; nonetheless, as a precaution, we are notifying you of this situation.

In this particular instance, your name and social security number were on a document that was inadvertently attached to an email transmitted to several non-commercial third-party recipients.

When this was discovered, the xxxxxxx Scholarship Program, LLC took immediate action to notify the recipients to destroy the document.

Recognizing the seriousness of this incident and the concern we share for the personal security of our applicants, we have made arrangements to provide you with *a free year of identity protection* (their emphasis) with TrustedID. TrustedID will help you proactively protect your identity by placing fraud flags on your credit reports, which will ensure that no new credit is opened in your name without your consent, and provide you with a copy of your free annual credit report. The TrustedID service is backed by a $1,000,000 limited service warranty, so in the unlikely even that anything may happen, you are covered.

Sincerely,
And yes, I do understand that "nothing is likely to happen" and such. And that only non-profit organizations received them. But, you know, actual people work at non-profits, too. People are far from perfect. Anyone who actually still has these names/numbers could easily call the organization asking about the leak (it lists a number to call with any questions, it's merely the organizations public phone number) and figure out "I just have to wait a year."

One year of protection is a nice gesture, but I don't believe it should be enough for them to waive liability after that. I've yet to sign up for it, so I haven't accepted their offer or any implicit agreement therein. I'm eighteen years old. I have a life to live, and they opened the identity theft crack just a little bit more.

I live in Arizona, the identity theft capital of the world, if that's relevant. Thanks!
posted by Precision to law & government (15 comments total)
Of course you can sue!

You might get more satisfaction and the same effect from building a big money bonfire in your yard, though. Bonfires are rather pretty whereas lawsuits tend to be ugly.

Call them up and ask for...two years of identity theft protection. Or a pony. Or whatever it is you want because it is totally unclear what you think they should be doing for you.
posted by phoenixy at 6:21 PM on February 19


What are your damages?
posted by sanko at 6:21 PM on February 19 [5 favorites has favorites]


I am not a lawyer by any stretch of the imagination, but wouldn't you have to demonstrate that you have experienced some sort of loss in order to sue for damages?
posted by CRM114 at 6:22 PM on February 19


I'm not really sure, to be honest. Got the letter all of twenty minutes ago. I just don't feel that one year is fair. Is this a reasonable thing as it is? It felt kind of... insufficient to me, but I'm young and I don't know much about the law except what I've read in Grisham books.
posted by Precision at 6:23 PM on February 19


So would I have grounds to sue them in five years if something happened? Do I need to sign up for their TrustedID protection right now?
posted by Precision at 6:23 PM on February 19


I'm not sure why the mere fact that you ended up with a full ride elsewhere, proves that you aren't experiencing sour grapes now, all of twenty minutes after you receved this unhappy information.
posted by Coatlicue at 6:32 PM on February 19


K, I got my rejection in December... I'm over it. Really. I've paid my enrollment deposit already. I have a roommate picked out.
posted by Precision at 6:34 PM on February 19


You can always sue... you can sue people you've never met for things they haven't done, but if you've suffered no loss, it's pointless.

This is not a ticket to Big Cash Prizes.
posted by pompomtom at 6:34 PM on February 19


You know, you can put your own fraud alerts on your credit reports totally free of charge, and you can get a copy of your credit reports every year for free as well.

I wouldn't bother with whatever third party agency they're offering you, because then that's just one more company with access to your business. Go to each credit bureau's website to find out how to put a fraud flag on your report, then go to annualcreditreport.com for your free, legitimate, no strings attached report.

I'm pretty sure a lawsuit isn't where you're going to go with this one, honestly.
posted by padraigin at 6:35 PM on February 19 [3 favorites has favorites]


Go easy on the lawsuit sauce there. That's one of the things that's making us a less civil society.

Your data can be seen by any number of people in a number of institutions; permanent staff, technicians, temps, etc. These people were responsible enough to notice the problem, give you a heads up, and offer you some free protection. Take them up on it and learn how to monitor your own information in the future, like people ought to do anyway.

Please don't let your immediate response to things be, "I'LL SUE!"
posted by codswallop at 6:37 PM on February 19


padraigin, thanks for the advice/help/acknowledgment of my question. I'm going to go put those fraud flags on now. Thanks for the help again.
posted by Precision at 6:38 PM on February 19


Typically, you can sue for damages. Considering you have not experienced any, I just saved you 500 dollars talking to a lawyer about this.

Of course, this being the US you can sue anyone for anything, but expecting to win or have a lawyer even take your case is the tough part.

>So would I have grounds to sue them in five years if something happened?

Probably, but you'll probably just end up in some class action suit like this one, which sounds promising but will end up with coupons and apologies instead of 75k per head. Depending on your state there are laws on how much liability these companies hold when they reveal you data.
posted by damn dirty ape at 6:41 PM on February 19


Daniel - you've already posted your name and birthday on the internet - how secret you think your SS number actually is? (clue: $5.95 is enough to find out).

I don't think you should worry. You will soon lose count of the number of organizations that you give that number to.
posted by Xhris at 7:29 PM on February 19


In order to sue you have to show "standing":
There are three requirements for Article III standing: (1) injury in fact, which means an invasion of a legally protected interest that is (a) concrete and particularized, and (b) actual or imminent, not conjectural or hypothetical; (2) a causal relationship between the injury and the challenged conduct, which means that the injury fairly can be traced to the challenged action of the defendant, and has not resulted from the independent action of some third party not before the court; and (3) a likelihood that the injury will be redressed by a favorable decision, which means that the prospect of obtaining relief from the injury as a result of a favorable ruling is not too speculative.
So you can sue but only after you can prove that you've suffered ill effects from identity theft. "I might be a victim of identity theft someday, maybe" isn't sufficient grounds for suit.
posted by Chocolate Pickle at 7:40 PM on February 19


We are writing to inform you that we recently discovered that you are among a group of individuals whose personally identifiable information, such as name and social security number, were inadvertently exposed to third parties. We regret this incident and have no reason to believe that your personal information has or will be shared with others; nonetheless, as a precaution, we are notifying you of this situation.

You haven't suffered any damage. In fact, you're actually two "maybes" away from damage.

Maybe someone saw/stole your information, and (if so) maybe they'll use it to steal your identity.
posted by toomuchpete at 10:10 PM on February 19


« Older What shops shouldn't I miss in...   |   How do I let you know that I g... Newer »

You are not logged in, either login or create an account to post comments