Search      Advanced Search | Browse By Topic
Magazine Content
Home
Features
Columnists
Industry Risk Reports
In-Depth Series
Special Reports
Point/Counterpoint
R&I One® Content
News & Analysis
Editor's Choice Stories
Resources and Tools
Power Broker® Directory
Risk InnovatorTM
Emerging Risks
Top Employee Benefits Consultant
Executives To Watch
Insights
Industry Events
WorkersComp Forum
Award Nominations
Webinars
RSS
R&I Information
Subscription Center
Advertiser Information
About Us
Contact Us
 

Newsletter Sign-up

Click on the name of the free newsletter below to preview:

R&I One®
WORKERSCOMP Forum TM Update
HTML Text
E-Mail Address:


Click here to unsubscribe
Privacy Policy
Preferences
 

How Much Are Privacy Breaches Worth in the Courts?

How Much Are Privacy Breaches Worth in the Courts? | Risk & Insurance | While privacy breaches have filled the newspapers in the last few years, few plaintiffs have seen much redress in the courts.

Print Email Add to Facebook Add to Twitter Add to LinkedIn Write to the Editor Reprints

By STEVE TUCKEY, who has written on insurance issues for a decade for several national media outlets

The most recent case involved the security breach announced by Heartland Payment Systems Inc. in January. The breach, considered to be one of the largest ever disclosed, has already impacted an estimated 500 financial institutions.

Five financial institutions filed a lawsuit in federal district court in New Jersey in February, seeking to recover damages from the security breach. It remains way too early to tell just how any software manufacturer connected to the breach will fare in any verdict or possible settlement. But it remains one example of the privacy breach liability threats faced today.

Class-action suits in similar cases have not fared too well over the years. The massive breach disclosed by TJX companies in 2007 also lead to many such suits. But attempts at getting a federal district judge in Boston to grant class-action status to such plaintiffs failed.

Such class suits on behalf of consumers have not fared too much better, if the dismissal of one such suit in a federal court in Minnesota against a company that had a laptop stolen is any example. The individual plaintiff, acting on behalf 550,000 consumers, claimed that the Brazos Education Service Corp. was negligent when it failed to encrypt the data.

Jim Cochran, president of Dallas-based TechInsurance brokers, said that, while such breaches may make a great splash in the headlines, oftentimes no real financial damage ends up inflicted on the thousands of consumers purportedly put at risk.

"For example, there is not a high volume of people stealing this information and making airline ticket purchases. Sometimes it can just be a guy who left his laptop in the backseat of his car and someone just stole it and sold it for $25 and had no idea what was in it," he said.

While the courts may not have offered much solace, the Federal Trade Commission has stepped into the breach with enforcement actions against companies that fail to implement reasonable security measures. Such actions have led to settlement agreements and concessions, according to attorney Joel Hanson writing in the University of Washington law school journal.

In the case of security breaches by the BJ's wholesale chain, the FTC for the first time held a company liable for such breaches even when they had no privacy policy in place to violate.

"It should be noted that while businesses that fail to implement appropriate security precautions have generally not been held liable in private lawsuits, the law is developing and there has been some success in private lawsuits," Hanson wrote.

April 15, 2009

Copyright 2009© LRP Publications
 
 
 
 
 
 
 
 
 
 
 
RISK logo
 

Back to top

Entire contents copyright © 2013 Risk and Insurance® All rights reserved. May not be reproduced in any form without written permission.