With all the uproar about Facebook’s use of our data and businesses bracing to deal with the EU’s GDPR, it is easy to forget there is no general obligation to protect your personal information. The Third Circuit Court of Appeal’s decision last week in Enslin v. Coca-Cola, et al. is the latest reminder of that fact.
Shane Enslin is a former employee of Coca-Cola. As part of his employment, he submitted, as we all do, personal information including his social security number. Coca-Cola discovered that one of its IT staffers was stealing company laptops and taking them home for his own use or giving them to others. Among the devices stolen were machines used by human resources employees that contained sensitive personal information, like Enslin’s social security number. After the devices were stolen, Enslin was the victim of identity theft.