Well, well well.  It looks like companies that store and/or transmit PII had better redouble their efforts.  According to this article , the U.S. Court of Appeals for the Ninth Circuit ruled November 20 that a plaintiff whose PII was stolen from Tri-West Health Care Alliance Corporation, and later became an identity theft victim, may proceed with a lawsuit against the company, because it is reasonable considering the facts of the case that the burglary may have resulted in his identity theft.

Whoa!  Can you say "punitive damages"?  Apparently the courts are starting to accept circumstantial evidence, based upon a chronology of events following a privacy breach, to hold organizations accountable for bad things happening.  IT security pros now have even more of a reason to lobby management to do what to takes to secure their PII.  However, human nature being what it is, I'm sure this is not the last case of this kind we'll see.

Related articles:

1. IT Pros Routinely Break the Rules According to a recent survey, most IT professionals admit to personally breaking security policies at some time, knowingly or otherwise....
2. New FTC Requirement! Not too long ago I posted a story about how the Federal Trade Commission has been going after companies with...
3. TD Ameritrade Breach A database breach at TD Ameritrade Holdings, Inc. exposed approximately 6.3 million account holders to an increase in spam. Account...
4. Beware the FTC! Apparently the FTC is aggressively targeting companies with poor information security postures.  The author of this article states, “Of all...
5. Max Butler Busted Again Max Butler, better known in the infosec community as “Max Vision,” creator of the open-source vulnerability database known as arachNIDS...