The consolation is that, save for a few exceptions, no information about the medicines purchased by the persons fell prey to criminals. However, the same email says with ruthless bluntness: «The names of other pharmacy products are visible in the purchase history, which may also provide information about your medical condition.»
This means that the criminals may not know what illnesses you suffer from, but now they know exactly what type of condoms you prefer or how often you buy lubricant from a pharmacy.
But let's be honest – this email is still very pleasant compared to the emails you might receive in the future. Every day, someone in Estonia falls victim to cyber criminals, and every year our people are defrauded out of millions of euros.
Therefore, stolen data can easily become stolen money. Pille Lehis, director general of the Data Protection Inspectorate, said to Postimees when commenting on the Apotheka case that «data has become the most valuable currency that people have.»
And from here arises the justified question: what is the responsibility of companies in keeping this currency?
Corporate liability can be at least of three kinds. One is bureaucratic, which means fines if companies fail to comply with the Personal Data Protection Act. The second is judicial, where victims seek compensation through the courts. And the third is economic, when a company's customers leave en masse.