Not a Member? Get access to HR news and resources that you can trust.
HR professionals share their advice for minimizing worker stress and boosting retention.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Virtual SHRM-CP/SHRM-SCP Certification Prep Seminars kick off September 12 and fill up fast!
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
The theft of two unencrypted laptops from a company’s conference room has resulted in a $3 million settlement in
Resnick/Curry v. AvMed, Inc., a data-breach class-action lawsuit entering its final stage in the Southern District of Florida.
The plaintiffs’ claims arose from a December 2009 data breach at the corporate headquarters of defendant AvMed Inc., a Florida-based health insurance provider. The plaintiffs alleged that two laptop computers containing the unencrypted private information of AvMed’s 1.2 million customers—including their names, addresses, Social Security numbers and medical information—were stolen from a conference room.
In their complaint the plaintiffs sought damages and injunctive relief from the company for failing to properly safeguard their personal health information in accordance with the Health Insurance Portability and Accountability Act.
They also claimed that as a result of the defendant’s failure to properly secure their information, they have become victims of identity theft. Bank accounts and credit cards were opened in their names, unauthorized purchases were made, and one claimant’s home address was changed with the U.S. Postal Service.
In addition to the multimillion-dollar settlement, AvMed has agreed to implement the following measures to protect its customers’ sensitive personal information:
These prospective measures are the most valuable part of the settlement, said Al Saikali, a partner and co-chair of Shook Hardy & Bacon’s Data Security and Data Privacy Practice Group, based in Miami.
“They provide a road map for what companies should do to minimize the risk of similar litigation,” he said. “They also make good business sense and are likely compatible with the expectations of a company’s consumers.”
If the laptops in the case had been encrypted, the lawsuit might never have been filed, he added.
Saikali noted that this settlement is in sharp contrast to the vast majority of data-breach cases, which have been dismissed for lack of standing and damages.
Roy Maurer is an online editor/manager for SHRM.
Follow him on Twitter
SHRM Online Safety & Security page
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies