We're already seeing the usual form of strident calls for a vague government 'intervention into the failed market' through sweeping regulatory control, including empowering the FTC. Here is a prominent call for such action in response to the Equifax scandal at CNN http://www.cnn.com/2017/09/11/opinion...

There is no mention of defining what rights of the individual are violated or how to objectively enforce them, just vague, open-ended "complain to your government", "Market failures like this can only be solved through government intervention", etc.

Here we go again, but no one should be surprised.

There has been no "market failure", only the usual failure of government to objectively define civil rights in the context of a new technology and enforce them. The Orren Boyles of big business, which is rarely any defender of the rights of the individual and political freedom, have simply exploited that. It's another failure of government, not the market.

Putting government bureaucrats in charge of "regulating" what people can and must do in the name of "security" through non-objective laws would be the usual regulatory disaster, including in this case the crippling of unapproved innovative security, arbitrary edicts, time- and resource-consuming bureaucratic red tape, posturing and delays by bureaucrats to protect themselves from responsibility (as at the FDA) -- all driving up costs artificially -- and a mechanism giving government surveillance agencies their long sought "back doors" and security-crippling intervention for their own benefit at the expense of our rights.

The big data brokers like Equifax, Facebook and Google have a lot invested in surveilling, compiling, buying, and selling other people's private information, with us as their product, and will not easily surrender any of it. This has been let go for so long that much of the internet economy is now exploiting it.

At first, regulations would be heavily influenced by such companies writing regulations to regulate themselves, with their own privacy-violating goals built in as they rush to 'compromise' by being part of a new regime -- just as the big health insurance companies 'pragmatically' allied themselves with the secret planning of "single payer" Hillary Care in the 1990s when they thought there was political momentum to put it over. It isn't correcting a market; it's literally fascistic.

Under changing administrations in the future, the usual ideological turf battles would cause wild swings in policy and in what interests are being served by fiat (as with the history of the FTC and FDA), until another government bureaucracy eventually becomes thoroughly entrenched, sitting on an entire field of technology, destroying our freedom and hobbling our ability to produce, use it, innovate, and protect ourselves.

Yet the author of this CNN article calling for vague government intervention and control is Bruce Scheier, an internationally respected security expert with strong civil liberties leanings and support of privacy. He has written numerous books, including a classic text on the mathematics of cryptography, is the Chief Technology Officer of IBM Resilient -- a security company he founded and sold to IBM, is an expert on and has personally reviewed the Snowden documents, is a critic of the massive government invasion of privacy while supporting the need for government security agencies in principle, and is on the board of the Electronic Freedom Foundation.

But with his well-deserved fame has come his affiliation with establishment academics such as the Kennedy School of Government at Harvard, where he lectures, and the Berkman Klein Center for Internet and Society at Harvard Law School https://cyber.harvard.edu/ -- where the influence of progressive Pragmatism and statist economics reigns and is glad to ideologically influence him while exploiting his reputation and genuine desire to solve a problem. They don't know any better either.

In Scheier's defense of privacy he has, despite his inclinations for freedom, indicated no understanding of the proper principles of government to protect the rights of the individual under objective law with limits on power -- like most people he makes no distinction between protecting objectively defined rights versus vague powers of government regulation naively expected to somehow address a real problem without creating more and worse problems.

Once again, we are expected to believe that a bureaucracy of 'technical experts' who know what is best can be trusted and expected to tell others what to do under non-objective powers.

Schneier has called for government intervention against what he is calls the "market failures" previously, but with the latest Equifax scandal and the growing public anger over a real problem, the danger of destructive government regulation without protecting the rights of both consumers and technology producers is growing.

At least some private information, such as that used to protect yourself and your finances, should be legally protected. When it is released there are enormous personal damages through the threat of or actual theft, the nightmare of cleaning it up and changing your account identification, and the fact that once it is out there is no way to reverse it. This is in addition to the damage caused by false information disseminated.

There are zealous laws against hacking computer systems -- some of which improperly make legitimate private activities illegal -- but organizations are allowed to collect whatever they want through surveillance with no accountability for what they do with it and how they carelessly expose it.

This is not a matter of a "natural right" but a problem of how to formulate laws protecting rights when new technology is developed. It is crucial that it be pursued in that form and not allowed to become another excuse for government regulation controlling how companies or anyone else operates as opposed to defining and enforcing the relevant civil rights. The government establishment approach is 'never let a crisis go to waste' for gaining more power.

Credit reports contain a large volume of information on sources of income and debt, detailed payment history, names and addresses, and other personal information. Some of this is useful in assessing the meaning of the credit score, especially since it is now illegal to base a score on some factors like bankruptcy and accounts written off as uncollectable, but the reports are disseminating much much more than credit risk assessment. It seems that the wrong information is being made illegal.

Is Equifax in the business of providing a persons credit risk assessment, or their personal information?
Equaifax can provide a credit evaluation without divulging any other information. I think it's very dangerous, to us, to allow them to be a source of personal information.
If someone already knows your phone number, and address, you do not need to fill-in missing information for them.
No need to reply back with: "and their birthday xx/yy/zzzz".

"Perception", I would agree.
Who has the right to hold your personal information (SS, phone, mothers maiden) what responsibility do they have to secure it (or sell it)?
Can a receipt be sold? Is that not a record of a "private" transaction? Why is selling my SS# or CreditC# wrong, but not the fact I bought a bottle of whiskey? What is the agreement between customer and merchant regarding our transaction? Why is it ok to sell my birth date?
What about these funny, ambiguous Terms of Use agreements, "by using our service you agree we may disclose certain information to other 3rds parties 'we feel may be of service to you'". Nope, no disclosure as to who, when and what. Shouldn't we have the right to first refusal?

I agree with what WS said.

Some of the responsibility is on the person who buys info from a credit bureau or social media company. One company might hire people based on credit score, figuring if their credit's all messed up, their life might be too. Another company might dig in deeper, not using the score. Maybe someone tricked the bank into lending them money by forging someone's signature, commonly called "identity theft". The bank might wrongly trash the credit of the person whose signature was forged because they want to collect from someone and the impostor is broke, hiding, etc.

I don't call it identity theft b/c it's a case of Party A impersonating Party B to get Party C to give money to Party A. Party A is a crook. Party C got defrauded. Party B's good name is at risk if everyone believes B took the money instead of an impostor.

These are age-old problems of people tarnishing someone's good name based on an honest misunderstanding/disagreement or intentional slander. The information doesn't travel by horseback anymore, but it's the an age-old problem.

I don't think that you own other people's or organizations perception of you. If you buy something from a store on credit, you don't own the record of your bill payments to them. That's a real world observation that they have made, they are free to divulge it.

Of course there can be liabilities with respect to making inaccurate negative statements about someone.