Newsletter: Consumers would be more forgiving of data breaches if companies just came clean

Equifax was involved in a massive security breach but didn't tell the public for nearly six weeks.
(Smith Collection/Gado/Getty Images)

Welcome to the weekly newsletter of the L.A. Times Business Section. I’m consumer columnist David Lazarus, here today with a look at data breaches.

It won’t be news to anyone that our privacy has never been at greater risk. Hardly a day goes by without word of yet another data breach or security lapse.

Last week, Facebook was caught yet again with its hand in the cookie jar. Hundreds of millions of Facebook users’ phone numbers were found in an unprotected online database, accessible to anyone who knew where to look. A number of state attorneys general announced an investigation into the company’s actions.

Does that make you angry? A recent report from the credit reporting agency Experian found that consumers would be more likely to forgive privacy incidents if they’re notified in a timely fashion.

Ninety percent of survey respondents said they’d be more forgiving of a company or organization that responded to a breach in a prompt and transparent manner. Conversely, two-thirds of respondents said they’d stop doing business with a company that dithered in the face of a security lapse.

This is understandable. Consumers are justifiably wary of businesses that insist they take people’s privacy seriously and then are shocked, shocked to discover that their systems were vulnerable to hackers.


A California law set to take effect in January will allow state residents to find out what kinds of information a business has collected. The Consumer Privacy Act also permits customers to request that a company delete any personal information it holds.

In Europe, a privacy law known as the General Data Protection Regulation goes ever further. It requires companies to obtain consent from customers before using or sharing their personal information.

It also gives consumers the right to be notified of a security breach within 72 hours.

That last provision shouldn’t have to be legislated, but it’s become standard operating procedure for many businesses to keep privacy snafus under wraps for as long as possible. God forbid people think they’re negligent.

Perhaps coincidentally — or perhaps it’s a deliberate poke in the eye — one of Experian’s chief rivals, Equifax, was involved in a massive security breach, and one of the biggest problems was that the company didn’t tell the public about it for nearly six weeks.

I’m not sure if any of the 147 million people affected by the Equifax breach would have been more forgiving if the company had come clean in a timely fashion. But it would have helped.

Meanwhile, here are some upcoming events and stories that caught my eye:


Costly call: Tom Gores made billions buying up struggling enterprises and flipping them for profit. But his latest trouble company might be more than he bargained for. The private equity billionaire is taking heat for his firm’s acquisition of one of the nation’s leading prison phone companies, which has been accused of charging inmates and their families exorbitant rates.

The race is on: Tesla got a huge head start, rolling out its luxury Model S electric sedan in 2012. Other high-end automakers are now following its lead, with Porsche unveiling its electric Taycan sports car. Expect more competition in all segments of the electric car market.

The new kingdom: The Egyptian Theatre in Hollywood is a Los Angeles historical-cultural monument beloved by movie-lovers for its commitment to spread the art of cinema to the widest possible audience on the big screen. So what will happen at the Egyptian when Netflix takes over?


Delivery’s downside: Amazon has revolutionized the way we shop, establishing the expectation that anything and everything can be delivered to our doors, as soon as possible. According to BuzzFeed and ProPublica, there’s a major consequence to this focus on fast, cheap delivery: lots and lots of crashes.

Data for sale: Washington Post technology columnist Geoffrey Fowler recently conducted a novel experiment, making a simple purchase — a banana — with different credit cards to find out who is selling his data, and who is buying it. His findings are alarming.


Send in the Cloud: Tech’s next big initial public offering could come next week when Cloudflare — a San Francisco internet security firm — is expected to begin trading on the New York Stock Exchange. The company has been in the news recently not so much for the network infrastructure it provides but for debates about hate speech and content moderation.

Let me know what you think of the newsletter. My email is, or you can find me on Twitter @Davidlaz. Also, tell all your social media pals to join the party.

Until next time, see you in the Business section.