Breton Leone-Quick writes:
… The legal liability of employers for data breaches by its employees is generally an underdeveloped area of the law. But a case currently pending before the Massachusetts Appeals Court will help determine the scope of this liability in Massachusetts.
In the Superior Court case, Adams v. Congress Auto Insurance Agency, Inc., No. MICV2013-01322-D (Mass. Super. Ct.), plaintiff Mark Adams sued Congress Auto Insurance Agency Inc. over the alleged actions of Congress’ employee, Elizabeth Burgos. The rather incredible fact-pattern began when Burgos’ boyfriend, Daniel Thomas, was driving Burgos’ vehicle and struck a vehicle operated by Adams. Thomas fled the scene but Burgos’ abandoned vehicle was found shortly thereafter. Adams first contacted the police and told them he could identify the perpetrator. Adams then filed a claim from the collision with Burgos’ insurance company, Safety Insurance.
As the police search for Thomas began, Burgos allegedly used her employer’s access to Safety’s electronic database platform to obtain Adams’ private information. She then passed this information on to Thomas who made intimidating phone calls to Adams in an attempt to dissuade him from cooperating with the police in the search for Thomas. When Thomas was eventually apprehended, police suspected that Burgos had been the one who passed Thomas Adams’ contact information. Adams sued Congress for alleged emotional harm stemming from the intimidating phone calls by claiming Congress negligently permitted Burgos to access and misappropriate his private information.
Read more on MintzLevin Privacy & Security Matters.