Not a Member? Get access to HR news and resources that you can trust.
Here is how HR can help prevent the missteps that could cost your company big in court.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
60+ new SHRM Seminar dates in 10 U.S. cities and virtually.
Expand your influence and learn how to become an effective leader -- Join us in Phoenix, AZ, October 2-4, 2017.
The theft of two unencrypted laptops from a company’s conference room has resulted in a $3 million settlement in
Resnick/Curry v. AvMed, Inc., a data-breach class-action lawsuit entering its final stage in the Southern District of Florida.
The plaintiffs’ claims arose from a December 2009 data breach at the corporate headquarters of defendant AvMed Inc., a Florida-based health insurance provider. The plaintiffs alleged that two laptop computers containing the unencrypted private information of AvMed’s 1.2 million customers—including their names, addresses, Social Security numbers and medical information—were stolen from a conference room.
In their complaint the plaintiffs sought damages and injunctive relief from the company for failing to properly safeguard their personal health information in accordance with the Health Insurance Portability and Accountability Act.
They also claimed that as a result of the defendant’s failure to properly secure their information, they have become victims of identity theft. Bank accounts and credit cards were opened in their names, unauthorized purchases were made, and one claimant’s home address was changed with the U.S. Postal Service.
In addition to the multimillion-dollar settlement, AvMed has agreed to implement the following measures to protect its customers’ sensitive personal information:
These prospective measures are the most valuable part of the settlement, said Al Saikali, a partner and co-chair of Shook Hardy & Bacon’s Data Security and Data Privacy Practice Group, based in Miami.
“They provide a road map for what companies should do to minimize the risk of similar litigation,” he said. “They also make good business sense and are likely compatible with the expectations of a company’s consumers.”
If the laptops in the case had been encrypted, the lawsuit might never have been filed, he added.
Saikali noted that this settlement is in sharp contrast to the vast majority of data-breach cases, which have been dismissed for lack of standing and damages.
Roy Maurer is an online editor/manager for SHRM.
Follow him on Twitter
SHRM Online Safety & Security page
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Don’t Lose Sight! What Does Poor Preventive Care Cost Your Business?
CA Resources at Your Fingertips
SHRM’s HR Vendor Directory contains over 3,200 companies