A few months ago, I noted a lawsuit by a former Winn-Dixie employee against Purchasing Power. The complaint in Burrows v. Purchasing Power alleged that Winn-Dixie shared employee data with Purchasing Power to administer its employee benefits program, but also sent them data on employees not enrolled in the program. The complaint also alleged that although Purchasing Power had an insider breach in October 2011, Winn-Dixie employees were not notified until January 27, 2012.
Today, Al Saikali writes:
Late last week, another Federal District Court (the Southern District of Florida) weighed in on the circumstances under which a plaintiff may sue a breached entity civilly for damages when the plaintiff’s personally identifiable information (PII) is inappropriately accessed or acquired. The Court allowed the case to proceed with counts for violation of Florida’s Unfair and Deceptive Trade Practices Act and negligence (assuming Plaintiff can clarify the damages he is seeking).
Read more on Data Security Law Journal.