96 N.C. L. Rev. 711 (2018)
Businesses, healthcare providers, and others gather, store, and use our data every day. In the process, these entities may end up committing privacy harms. For example, Equifax might fail to utilize proper measures to safeguard your credit information, leaving it vulnerable to hacking. Or a Health Maintenance Organization employee might negligently leave a laptop with your health information on an airplane. Perhaps a retail store decides to sell information about your purchases to a third party without your permission. What should be the consequence of these privacy harms? And what is the best legal mechanism for addressing them?