DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

$1.4M jury verdict against Walgreens for violating customer privacy upheld in appellate court (update)

Posted on November 17, 2014 by Dissent

As this blog noted in July 2013,  a jury awarded a Walgreens customer $1.44 million after finding Walgreens and one of their pharmacists violated the customer’s privacy. In this case, a female pharmacist had looked up and shared the customer’s records when she suspected the female customer had shared a sexually transmitted disease with a man who was the customer’s ex-boyfriend and the pharmacist’s now-husband. The customer first discovered the breach when her ex-boyfriend (and father of her child) texted her that he had a printout of her prescription history that showed she had not renewed her birth control prescription for the two months prior to conception.

When the customer subsequently discovered that her ex-boyfriend was living with a Walgreens pharmacist, she contacted Walgreens to report the breach. Walgreens investigated and confirmed there had been a breach, but could not confirm that the pharmacist had shared the information with anyone else. The pharmacist was given a written warning and required to retake some HIPAA training.

The customer, Abigail Hinchy, subsequently filed a lawsuit against Walgreens and the pharmacist, Audra Withers.

As I also noted at the time of the jury verdict, I was impressed that the employer, Walgreens, was also held liable for the breach.

Not surprisingly, Walgreens appealed the judgement. One of its four arguments on appeal was that the trial court erred by refusing to grant summary judgment or a directed verdict in Walgreen’s favor on claims based on respondeat superior and negligent retention and supervision of an employee. Its fourth argument was that the jury verdict was excessive and based on improper factors.

On November 14, Judge Baker of the Court of Appeals of Indiana issued the court’s opinion in Walgreens v. Hinchy, rejecting all of Walgreen’s arguments and affirming the judgement.

Readers may find the court’s discussion of the respondeat superior aspect interesting, as well as the types of harm the jury had considered in determining their award (pp. 21-23).

Although I do not have any information on this, I do wonder what the jury might have done about Walgreens’ liability if Walgreens had fired the pharmacist promptly on learning of the breach.

h/t, Law360

Update: Carrie Dettmer Slye of BakerHostetler asks the same question I did about whether Walgreens’ disciplinary response influenced the jury’s award. Read her commentary on the court opinion and case on Data Privacy Monitor.

 

 

 

 

Category: Uncategorized

Post navigation

← Attack reveals 81 percent of Tor users but admins call for calm
Belgian activist files complaint with Belgian Privacy Commissioner over hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.