Wednesday, October 11, 2017

Stephen L. Carter ― Equifax Bungles the Details Over and Over Again

The fine print on its consumer protection website is befuddling even to a professor of contract law.

(BloombergView)Here’s a word of advice for companies in trouble: Don’t make the public any angrier than necessary. That’s the mistake Equifax Inc. repeated several times over in its careless handling of its careless loss of detailed identifying data on 143 million consumers, a breach widely described as the worst in history. The company made a number of missteps, such as taking months to make the break-in public, and apparently running web server software with a known vulnerability.

But the biggest question since the news broke has involved whether Equifax was trying to pull a fast one: Were worried consumers being forced to surrender their right to sue before they could find out if they were among the victims of the hack, or was that an urban myth? I’ve been teaching contract law for a quarter of a century, and I’m not entirely sure.

The issue arose after some people actually read the boilerplate on the special site Equifax set up so that worried consumers could find out whether their data was in the wind. 2  The readers discovered -- or at least thought they discovered -- that consumers who clicked on “I agree” were giving up their right to sue the company over the hack, and consenting to arbitration instead. Social media erupted with fury.

Read more: