A Data Breach Liability Case You Need to Know About
When you’re busy, things can slip under your radar. That’s why we strive to keep you informed of the latest data security developments. A recent court ruling has increased your company’s data breach liability exposure. In this blog, we discuss the specifics of the ruling and what steps you can take to protect your data.
CareFirst Breach of Customer Records
In 2014, Maryland-based healthcare insurance provider, CareFirst, was the victim of a cyberattack. The resulting breach compromised 1.1 million customer records. Following the breach, CareFirst offered the affected victims two years of free credit monitoring and identity theft protection.
Attias v. CareFirst
In 2017, the CareFirst breach victims filed a case in a U.S. District Court, claiming CareFirst’s negligence substantially heightened their risk of identity theft. The U.S. District Court judge ruled in that the plaintiffs failed to prove how they had suffered harm from the breach and dismissed the claim. A U.S. Court of Appeals then overturned the District Court’s judgment, ruling that the CareFirst members’ risk of future injury was sufficient to allow the class action lawsuit to proceed.
This January, CareFirst asked the U.S. Supreme Court to review the case, arguing that if the decision made by the Court of Appeals was allowed to stand, companies could be sued for breaches of customer information “even if the plaintiff suffered no harm whatsoever.” The Supreme Court refused to hear CareFirst’s case, allowing the U.S. Court of Appeals’ ruling to stand.
Fallout and Solutions
The Attias v. CareFirst ruling means if your company fails to protect personal information, the affected individuals can sue your business without having to prove actual loss or damage. Subsequent litigation costs and legal fees can bankrupt your company. So what should you do in the wake of a data breach?
First, know where your customer data resides. Perform regular inventory audits of all company-owned and company-used software and hardware. Partner with a provider who can offer information management solutions for your documents and data. Invest in a breach reporting and privacy compliance service. For instance, our privacy toolkit helps you fulfill your legal requirement to report the loss of personally identifiable information (PII) to authorities and notify affected individuals. You have access to a team of privacy experts who assess and reduce your liability exposure.
We’ll continue to keep you updated on the latest data security developments. In the meantime, we hope you implement the solutions we’ve provided in this blog article.
Kent Record Management provides records and information management services for businesses throughout Michigan. To learn more, please contact us by phone or complete the form on this page.
"We are all very impressed with Kent Records! From the beginning, everyone has been helpful and available, via email or phone. The simple, easy-to-use platform and personal customer service make all the difference in the world!"
Operations Assistant /American Board of Emergency Medicine
"When the decision was made to expand our Traverse City office as well as improve office efficiencies, we called Kent Records Management. Their exceptional service and reputation that is prevalent in the Grand Rapids area made the call an easy one. Kent Records Management works with the customer to make sure all needs are met while they maintain the utmost professionalism and confidentiality."
– Diane Zandstra
Vice President, Access Point
"You make it so easy to do business with you!"
Post Closing Specialist & Title Coordinator, Member Advantage Mortgage
"I just wanted to drop you a quick line to let you know that we have been a very satisfied customer of Kent records for about 10 years now. The service we receive for hardcopy and media from the Kalamazoo location is excellent!"
Team Member, Coca-Cola
"Your staff came so quickly to take care of our shredding needs! We appreciate who they are and what they do in your business!"
"We really enjoyed working with [Kent Record Management] on our shredding project. Your staff were extremely pleasant and very helpful – it was a true pleasure! We were amazed at how fast it went!"
Vail Rubber Works
"Thank you for providing such great customer service. Our documents are very sensitive and I never have to worry about them getting into the wrong hands. Today (a courier) picked up my shred container. He was polite, professional and got the job done quickly. He was also very thorough in making sure that my documents were locked and secure as he took them from our storage to the truck. I was very impressed with his service."
“MANN+HUMMEL USA INC has been using Kent Records for the storage of a wide variety of business records for more than 10 years. We find the people at Kent Records deliver a high level of customer service. We find them very responsive to our requests and the timely and efficient service has been greatly appreciated. When we request record retrieval, we find the records to be well maintained and in excellent condition. We feel confident that record destruction is being accomplished safely, securely and within the specifications established by our company. We feel confident in the reliability, safety, security, and efficient services provided to us by Kent Records.”
"Our courier from Kent Records is always pleasant and we enjoy seeing him! He also solved my personal shredding problem by selling me two of your shredding bags that I can fill up and deliver to your offices."
“Always good working with KRM - everyone is so helpful and pleasant.”
– Honey Blemaster
Sparrow Health System