Sarah Bloom Raskin

Data breaches and computer hacks are occurring at an alarming pace, exposing consumers’ financial information—as well as other information—to misappropriation. Where does this data go? Why do we feel so exposed and vulnerable? Should we care, especially in light of the fact that we voluntarily turn over personal data to social media firms and financial institutions anyway? How do we describe the harms, and how do we find data that can document such harm? Little has been done to begin to analyze this inchoate form of anxiety as it pertains in particular to personal financial data. One way to begin to assess harm is to consider “evidence of harm,” which is a term that has been deployed in other contexts and disciplines. Indeed, “evidence of harm” is a term of art coming from methodologies employed in different legal and policy realms. One useful policy realm is the realm of environmental policy. Looking to the example of environmental policy sheds light on understanding the harms that occur from a misappropriation of financial data because of at least one similar feature: in both the environmental context and the financial context, parts of the harm are experienced further out in time from the original event, making the causal connection to the original event difficult to discern. As in the case of an environmental contaminant whose health and environmental effects may not be exhibited until many years have passed, some of the harms associated with misappropriated financial information—such as the effects on credit scores and the effects of impersonation involved in identity theft—may not exhibit themselves immediately.