In a precedent setting case a Florida Court has approved a settlement against Avmed for a data loss.The decision was handed down by the U.S. Court of Appeals for the 11th District of Florida.
AvMed, a health insurer, had two laptop c0mputers stolen in 2009 that contained the names and personal health information of as many as 1.2 million of its customers. But only 460,000 will receive payments. The information was not encrypted. None of the consumer/plaintiffs suffered identity theft or any other direct losses. However they blamed AvMed for breach of contract and fiduciary duty, negligence and unjust enrichment.
Courts do not normally side with the consumer in data breach cases. Most rulings have been decided on the fact that, although information was lost, no direct harm came to the consumer. At least none that could be proven and the court would not rule on future damages. This was the first case where the plaintiffs won without evidence of actual loss. The U.S. District Court for the Southern District of Florida originally dismissed the case. The case was appealed and the plaintiffs won that appeal. AvMed’s second attempt at a dismissal failed forcing the $3 million settlement. Other requirement of the settlement are;
- Mandatory security awareness and training programs for all company employees;
- Mandatory training on appropriate laptop use and security for all company employees whose employment responsibilities include accessing information stored on company laptop computers;
- Upgrading of all company laptop computers with additional security mechanisms, including GPS tracking technology;
- New password protocols and full disk encryption technology on all company desktops and laptops so that electronic data stored on such devices would be encrypted at rest;
- Physical security upgrades at company facilities and offices to further safeguard workstations from theft;
- Review and revision of written policies and procedures to enhance information security.
This ruling is a clear precedent for future data breach cases. The decision sends the message that customers’ expect companies to protect their information and invest in data security.
Breaking It Down!
How many black people have lost data? Do you shop at Target? How about Sally Beauty Supply? Then you have. Here is where the game changes people. If you get a letter in the mail saying someone you do business with has suffered a data breach and your information was compromised; you have a case. Get a lawyer! This decision means that precedent has been set and believe me a lot of companies will take notice. In the past they would offer you credit monitoring. Let me tell you, credit monitoring is nothing! Now a court has agreed with the consumer that data breaches have become intolerable. The key to this decision, and why it is so important, is no evidence of loss was present. In the past you had to prove some damage. This settlement has changed that.
The Florida Court of appeals has changed the legal landscape and the lawyers will be all over the next major data breach. Or any data breach. Companies that suffer data breaches will begin bleed cash and they know it. OK, $3 million isn’t much but no no company wants to be next to face a court after this decision. The courts have to consider the legal precedent set here. You, as a consumer, need to get in on the next class action lawsuit that involves a data breach. It’s money that these corporations understand and if they have to pay you when they lose data then maybe things will change. Go get ’em!