The settlement payment "is based on a theory that the class had an expectation that some portion of their insurance premium would go to data security," said security attorney Ronald Raether, who was not involved in the case,
The plaintiffs' attorneys said "the plaintiffs should be refunded the portion of their premium that should have been spent on security but apparently wasn't."According to Raether this settlement could lead to similar cases. "..and thus the likelihood that companies will settle to avoid the catastrophic losses posed by a class action. The payment of $750,000 [to the plaintiffs'] attorneys will incentivize some attorneys to bring these cases."
- Deborah McGraw, Director, health privacy project at the Center for Democracy & Technology.
Reuther noted "Unfortunately, many companies do not give info security enough attention and resources. Thus the other significant point is the injunctive relief to make security improvements." Organizations can now proactively detect data breaches with low-cost on-demand SaaS analytics services.
We previously posted about this and another data breach class action suit pending in the Southern District of Florida.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Settlement in AvMed Breach Suit - www.HealthcareITsecurity.com, 10/31/2013