This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
The theft of two unencrypted laptops from a company’s conference room has resulted in a $3 million settlement in
Resnick/Curry v. AvMed, Inc., a data-breach class-action lawsuit entering its final stage in the Southern District of Florida.
The plaintiffs’ claims arose from a December 2009 data breach at the corporate headquarters of defendant AvMed Inc., a Florida-based health insurance provider. The plaintiffs alleged that two laptop computers containing the unencrypted private information of AvMed’s 1.2 million customers—including their names, addresses, Social Security numbers and medical information—were stolen from a conference room.
In their complaint the plaintiffs sought damages and injunctive relief from the company for failing to properly safeguard their personal health information in accordance with the Health Insurance Portability and Accountability Act.
They also claimed that as a result of the defendant’s failure to properly secure their information, they have become victims of identity theft. Bank accounts and credit cards were opened in their names, unauthorized purchases were made, and one claimant’s home address was changed with the U.S. Postal Service.
In addition to the multimillion-dollar settlement, AvMed has agreed to implement the following measures to protect its customers’ sensitive personal information:
These prospective measures are the most valuable part of the settlement, said Al Saikali, a partner and co-chair of Shook Hardy & Bacon’s Data Security and Data Privacy Practice Group, based in Miami.
“They provide a road map for what companies should do to minimize the risk of similar litigation,” he said. “They also make good business sense and are likely compatible with the expectations of a company’s consumers.”
If the laptops in the case had been encrypted, the lawsuit might never have been filed, he added.
Saikali noted that this settlement is in sharp contrast to the vast majority of data-breach cases, which have been dismissed for lack of standing and damages.
Roy Maurer is an online editor/manager for SHRM.
Follow him on Twitter
SHRM Online Safety & Security page
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 10,000 companies