Ron Lieber analyzes the fallout and aftermath of Equifax’s security breach in an article titled “Why the Equifax Breach Stings So Bad” Equifax is one of the major credit-reporting agencies here in the U.S. There was a data breach back in 2017 that leaked the sensitive information of over 140 million people. Over 2,000 consumers called for immediate changes to the company’s leadership. Social security numbers, birth dates, street addresses, credit card numbers, and more were revealed as a result of the breach. This raised an alarm about the security of companies like Equifax and concerns about consumers’ inability to control what data is collected and what happens afterward. After the breach, Equifax provided little support to those trying to recover from the data leak. This leak resulted in a deeper mistrust of credit-reporting agencies. In this case analysis I will argue that utilitarianism shows that the Equifax breach harmed the trust of society and failed to fulfill their social responsibility.
Milton Friedman discussed the idea of social responsibilities in our reading. This concept states that a company’s primary responsibility is to maximize profits on behalf of its shareholders. He also notes that all actions taken by a company must be legal and ethical as it attempts to increase monetary gain. Aside from this, Friedman believes that it is not a business’s responsibility to address social issues. This approach is said to be beneficial to society because it promotes economic growth and efficiency above all. We can use this concept to analyze the Equifax breach.
As previously mentioned, Friedman believes that a company should maximize its profits to drive the economy in a positive direction. The Equifax breach did the opposite by leaving customers helpless in their attempts to recover from it. In general, you can not increase profits and assure shareholders that their money is safe if you are the victim of such a detrimental breach. Public image plays a major role in how a company is perceived. That said, the insecurity and general distrust that this even caused tainted their reputation. Equifax settled to pay 700 million dollars in compensation and fines. As you can imagine, this lost the backing of many shareholders, thus defeating Friedman and his idea of social responsibility. The general public was hurt as well. Friedman insists that his concept of social responsibility is good because it promotes a healthy economy, but the distrust that the breach created made navigating the economy more difficult. Lieber’s article shares that Equifax forced their customers to pay a fee before they were able to freeze their credit files. In the article, a man named Richard Russell went as far as calling this fee extortion. This incident underminds Friedman’s desire for business.
This type of incident is one of the greatest fears of utilitarianism. It takes all of its ideas and tramples over them in one fell swoop. For context, a utilitarian believes that all lives are just as important as the next. In this context, any given business has the responsibility of ensuring that they maximize the amount of people that can benefit from their decisions. Equifax’s breach violated this idea and the idea that no one is more important than another. This loss of data sent hundreds of millions into panic as mentioned before. Those who were not affected directly likely lost trust in the company as well. The general decline in their trustworthiness led to a worsened state for the majority of people. This is the opposite of what a utilitarian would want in terms of the economy. Stability, transparency, and trustworthiness create a sense of security and would benefit society as a whole. This should have been on the forefront of Equifax’s mind instead of cutting corners which led to weak cybersecurity. A more robust effort to protect the data of its consumers is seen as an obligation to a utilitarian. Equifax forcing customers to pay to freeze their credit files took even more of their ability to control their information away. Equifax could have taken a more utilitarian approach by being more transparent with how they were using consumer data and made it easier for them to change how and if it was sold and used.
Melvin Anshen introduces and discusses the idea of a social contract in his body of work. This idea is more of an implied agreement between businesses and consumers that asserts that businesses have to contribute to society in a positive way to be deemed trustworthy. It is the idea that businesses are “allowed” to operate because they benefit society in some way and must make decisions based on this principle. This concept is similar to utilitarianism but with an added hierarchy of sorts. It is almost as if the business works for society and is dependent on it for approval. This lens can help us analyze the Equifax breach from a preventative perspective as opposed to analyzing the fallout.
Equifax failed to allow users the opportunity to control if and how their data is used. Lieber’s article highlights the issue customers had with Equifax selling their information. Their failure to allow customers the opportunity to opt out of this resulted in outrage when the breach occurred. Not only could the consumers not protect their private information but neither could Equifax. People should be allowed to decide what happens to their information. Failing to meet this standard would be a breach of contract. Equifax also failed to protect the data that it did have which leaves a bad connotation regardless if they allowed people to control their data or not. To put it into perspective, let’s imagine that Equifax did allow their customers to opt out of the selling of their information but they still gave it to Equifax. As per the contract, Equifax now has the responsibility to protect it. Any failure to do so is a breach of contract and could lead to a loss of business. We know that Equifax did not allow consumer data control or exhaust all efforts to protect their information. Let’s say they did allow information to fall into the hands of their consumers and they had the strongest security available to protect the information; they still failed to uphold the social contract by making credit recovery such a difficult task. Equifax had a chance to uphold some of its reputation by having a solid disaster recovery plan in place. They decided to make the lives of their customers harder by charging them to freeze their credit files. Choices on how to recover are almost if not more important than preventing a fall in the first place.
Using the utilitarian lens, Equifax failed to work in the best interest of the whole. The social contract does well to outline the beliefs of a utilitarian. (Every life is equal, overall happiness matters more than individual pleasures, etc.) Failure to meet the requirements of the contract resulted in widespread mistrust and left a lasting, harmful impression. It damaged the relationship between society and corporate America. Credit-reporting agencies are not the only ones who were affected. Companies of various niches will be looked at differently and held to a different standard.
Both Friedman and Anshen can be combined with utilitarianism to determine that Equifax’s actions, or lack thereof, harmed society by failing to protect the information of its users. It was irresponsible of them to neglect their cybersecurity and fail to provide their customers the ability to take control of their data. Some may argue that companies should not have to answer to the public but the public is what allows them to do business and make money. The more corporations abuse their power and act selfishly the more they will be held under a microscope and lose their freedoms. Overall this breach caused many issues in 2017 and continues to affect the way corporations are viewed today.