NEW Professional Member Special>>> Save $20 and receive a SHRM tote bag
More companies are recognizing the importance of giving employees the time and space they need to navigate personal loss.
Save $20 on a New Professional Membership and receive a FREE Tote bag when you join SHRM today!
Learn to overcome challenges and meet your 2017 goals through competency-based HR education. Available in-person and virtually.
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
The theft of two unencrypted laptops from a company’s conference room has resulted in a $3 million settlement in
Resnick/Curry v. AvMed, Inc., a data-breach class-action lawsuit entering its final stage in the Southern District of Florida.
The plaintiffs’ claims arose from a December 2009 data breach at the corporate headquarters of defendant AvMed Inc., a Florida-based health insurance provider. The plaintiffs alleged that two laptop computers containing the unencrypted private information of AvMed’s 1.2 million customers—including their names, addresses, Social Security numbers and medical information—were stolen from a conference room.
In their complaint the plaintiffs sought damages and injunctive relief from the company for failing to properly safeguard their personal health information in accordance with the Health Insurance Portability and Accountability Act.
They also claimed that as a result of the defendant’s failure to properly secure their information, they have become victims of identity theft. Bank accounts and credit cards were opened in their names, unauthorized purchases were made, and one claimant’s home address was changed with the U.S. Postal Service.
In addition to the multimillion-dollar settlement, AvMed has agreed to implement the following measures to protect its customers’ sensitive personal information:
These prospective measures are the most valuable part of the settlement, said Al Saikali, a partner and co-chair of Shook Hardy & Bacon’s Data Security and Data Privacy Practice Group, based in Miami.
“They provide a road map for what companies should do to minimize the risk of similar litigation,” he said. “They also make good business sense and are likely compatible with the expectations of a company’s consumers.”
If the laptops in the case had been encrypted, the lawsuit might never have been filed, he added.
Saikali noted that this settlement is in sharp contrast to the vast majority of data-breach cases, which have been dismissed for lack of standing and damages.
Roy Maurer is an online editor/manager for SHRM.
Follow him on Twitter
SHRM Online Safety & Security page
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies