Venkat Balasubramani discusses two recent court decisions that turned data breach plaintiffs away. The first case is the Hannaford case, discussed previously on this blog, but I was surprised to learn that the Providence Health System breach finally was decided:
Paul v. Providence Health System-Oregon, (Ore. Ct. App. Oct. 6, 2010): this case involved the theft of patient care information, which was stolen as a result of an employee’s decision to take data-laden disks and tapes home and leave them in his car overnight. [I’m guessing he will never leave anything valuable overnight in a vehicle ever again.] “The disks and tapes contained unencrypted patient records for approximately 365,000 individuals; the records included names, addresses, phone numbers, social security numbers, and patient care information.” Plaintiffs asserted claims under negligence and an unfair trade practices statute.
Read more about why the plaintiffs lost on Eric Goldman.