In general, courts don’t tend to side with consumers in data breach incidents. However, a federal court in Florida is the apple among the oranges. It approved a $3 million settlement for victims whose data was on a stolen laptop in December 2009, that contained personal health information.
The laptops belonged to AvMed, a health insurer, and the unencrypted data involved records of tens of thousands of the company’s customers.
Though the consumer-plaintiffs suffered no identity theft or other direct losses, they blamed AvMed of breach of contract and fiduciary duty, negligence and unjust enrichment.
These claims were dismissed by the U.S. District Court for the Southern District of Florida, but the plaintiffs appealed. The U.S. Court of Appeals for the Eleventh Circuit remanded the case.
AvMed’s attempt for another dismissal went down the tubes, prompting the company to enter into settlement talks with the plaintiffs.
The agreement says that each victim will get up to $10 for every year they made an insurance payment to AvMed, with a cap at $30. This is money, say the victims, that AvMed could have spent on better data security. The agreement also requires AvMed to pay damages to anyone who gets stung with identity theft.
AvMed will also employ encryption and new password protocols, plus GPS technology for its laptops.
Apparently, this settlement is the first in which the awarded victims didn’t have to show tangible evidence of loss.
Traditionally, courts nationwide don’t take on such claims, and that a claim lacks merit if it’s based on the possibility of future damages rather than actual concrete losses that have already occurred.
The ruling serves as a precedent for future data breach cases, to support customers’ stance that a segment of their health insurance premiums should fund data security placements.
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Cyber Insurance vs. General Liability
One of the biggest data breaches of all time involved that of Sony Corp. The hackers stole confidential information from tens of millions of Sony PlayStation Network users. Despite this humongous breach, something surprising happened: New York Supreme Court Jeffrey Oing ruled that Mitsui Sumitomo Insurance Co. and Zurich American Insurance Co. owed NO defense
- Cyber Security Insurance Difficult for Business to Navigate
Cyber insurance is now booming, with about 50 carriers in the industry. An increasing number of companies have cyber insurance to protect against cyber crime. However, businesses claim it’s not easy to get adequate coverage. Losses from data breaches are difficult to quantify. The tangible losses are more easily insured, says a New York Times online
- Data Breach Notification Bill goes to the House
H.B. 224, a newly introduced data breach notification bill for New Mexico, would mandate that organizations notify breached individuals within 10 days of breach discovery (unencrypted credit card data); and within 10 business days notifying the state attorney general if more than 50 NM residents are affected. The bill allows for a shorter notification deadline and
- Insurance Company fined BIG for Breach
Why would an insurance company be fined for a data breach? There was a security breach at Triple-S Salud, Inc. (TSS), which is a subsidiary of Triple-S Management GTS. The Puerto Rico Health Insurance Administration plans on imposing a $6.8 million fine on TSS. The breach involved 13,336 of TSS’s Dual Eligible Medicare beneficiaries. The penalty includes
- The Scourge of Medical Identity Theft
Robert Siciliano Identity Theft Expert Medical identity theft can make you sick. As I once eloquently explained on CBS’s Early Show, if medical identity theft happens to you, “you’re screwed.” And it’s true. Medical identity theft occurs when the perpetrator uses your name and, in some cases, other aspects of your identity, such as insurance information, to obtain medical