Every time there’s a big breach that has consumers or patients outraged, I see rumblings in the Comments section of posts about class-action lawsuits. An article by John Devine, Edward McAndrew, and Gregory Szewczy of Ballard Spahr about a recent opinion in District Court for the D.C. Circuit is a timely reminder of the uphill battle plaintiffs may face in any such litigation.
The court’s reasoning in dismissing the claims [against CareFirst BlueCross BlueShield] is yet another step in defining which data breaches are actionable—a significant question in an environment where every major breach seems to give rise to a class action lawsuit. In keeping with the current trend among federal courts, the court in CareFirst found that data breach plaintiffs cannot bring lawsuits without evidence that sensitive data has been—or will be—misused in a harmful manner.
Simply having your personal information stolen in a data breach isn’t enough.
Read more on JD Supra.
While the facts of the CareFirst breach are different than the Athens Orthopedic Clinic case, and the cases are in different jurisdictions, I always encourage site readers to realize that just because there’s a breach, it doesn’t mean you can sue successfully – and even if you prevail, you generally do not win much.
The best solution instead of suing is to become an advocate and become educated in data breaches and hacking (as a consumer, not as professional)
The two are not mutually exclusive. Entities do need to be held accountable.
No they don’t.. which is why I think it’s a good idea for people to educate themselves
Also were your site’s having technical difficulties? There were a few issues checking in browser.
Yes, there are problems with server… not sure why and we’re still working on it.