Well, well well. It looks like companies that store and/or transmit PII had better redouble their efforts. According to this article , the U.S. Court of Appeals for the Ninth Circuit ruled November 20 that a plaintiff whose PII was stolen from Tri-West Health Care Alliance Corporation, and later became an identity theft victim, may proceed with a lawsuit against the company, because it is reasonable considering the facts of the case that the burglary may have resulted in his identity theft.
Whoa! Can you say "punitive damages"? Apparently the courts are starting to accept circumstantial evidence, based upon a chronology of events following a privacy breach, to hold organizations accountable for bad things happening. IT security pros now have even more of a reason to lobby management to do what to takes to secure their PII. However, human nature being what it is, I'm sure this is not the last case of this kind we'll see.
No related articles.
