DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

$1.4M jury verdict against Walgreens for violating customer privacy upheld in appellate court (update)

Posted on November 17, 2014 by Dissent

As this blog noted in July 2013,  a jury awarded a Walgreens customer $1.44 million after finding Walgreens and one of their pharmacists violated the customer’s privacy. In this case, a female pharmacist had looked up and shared the customer’s records when she suspected the female customer had shared a sexually transmitted disease with a man who was the customer’s ex-boyfriend and the pharmacist’s now-husband. The customer first discovered the breach when her ex-boyfriend (and father of her child) texted her that he had a printout of her prescription history that showed she had not renewed her birth control prescription for the two months prior to conception.

When the customer subsequently discovered that her ex-boyfriend was living with a Walgreens pharmacist, she contacted Walgreens to report the breach. Walgreens investigated and confirmed there had been a breach, but could not confirm that the pharmacist had shared the information with anyone else. The pharmacist was given a written warning and required to retake some HIPAA training.

The customer, Abigail Hinchy, subsequently filed a lawsuit against Walgreens and the pharmacist, Audra Withers.

As I also noted at the time of the jury verdict, I was impressed that the employer, Walgreens, was also held liable for the breach.

Not surprisingly, Walgreens appealed the judgement. One of its four arguments on appeal was that the trial court erred by refusing to grant summary judgment or a directed verdict in Walgreen’s favor on claims based on respondeat superior and negligent retention and supervision of an employee. Its fourth argument was that the jury verdict was excessive and based on improper factors.

On November 14, Judge Baker of the Court of Appeals of Indiana issued the court’s opinion in Walgreens v. Hinchy, rejecting all of Walgreen’s arguments and affirming the judgement.

Readers may find the court’s discussion of the respondeat superior aspect interesting, as well as the types of harm the jury had considered in determining their award (pp. 21-23).

Although I do not have any information on this, I do wonder what the jury might have done about Walgreens’ liability if Walgreens had fired the pharmacist promptly on learning of the breach.

h/t, Law360

Update: Carrie Dettmer Slye of BakerHostetler asks the same question I did about whether Walgreens’ disciplinary response influenced the jury’s award. Read her commentary on the court opinion and case on Data Privacy Monitor.

 

 

 

 

Category: Uncategorized

Post navigation

← Attack reveals 81 percent of Tor users but admins call for calm
Belgian activist files complaint with Belgian Privacy Commissioner over hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.