The "information rush" which is characterizing the current phase of the information age calls for actions aimed at enforcing the citizens' right to privacy. Since the entire information life-cycle (collection, manipulation, storing) is now carried out by digital technologies, most of such actions consists of the adoption of severe measures (both organizational and technological) aimed at improving the security of computer systems, as in the case of the EU General Data Protection Regulation. Usually, data processors which comply with these requirements are exempted by any other duty. Unfortunately recent trends in the computer attack field show that even the adoption of strongest cybersecurity protection measures cannot be enough for avoiding data breaches. Thus we must get used to the idea that due to a computer attack we can loose our privacy, and if the hacked system was compliant to law requirements we have no right to complain.
In this paper we argue that in all these cases measures have to be provided for supporting data breaches’ victims. In this regard, we believe that a remedy based on the inspiring principles of the Fair Credit Billing Act can be a first step in the right direction.