When it comes to data breaches, the damage done to consumers whose sensitive personal information is exposed by them can be appreciable. However, these issues have often been difficult to prove in court, leading some plaintiffs to try a different approach in recent months.
Statistics from the U.S. Department of Health and Human Services show that since 2009, the personal information for roughly 22 million people have been exposed in 587 data breaches involving healthcare companies or insurers, according to a report from Reuters. In the past, many of the people affected by these incidents have tried to sue on the basis they caused some sort of financial harm, but have found it difficult to prove it in a data breach lawsuit.
As a result, many are now instead moving to sue on the grounds that the companies tasked with protecting this critical information breached their contracts with the victims, the report said. Simply put, plaintiffs would argue that by signing a contract with a company and then paying them, they have an expectation that this data will be kept as securely as possible, and when the information is exposed, that constitutes a breach of contract and unjust enrichment on the part of the company. Whether this tactic will prove more successful remains to be seen, but early results seem promising for those bringing data breach lawsuits.
For instance, a case brought against the health insurance company AvMed in Florida was recently upheld by a circuit court after being rejected by a district court, on the grounds that the plaintiffs’ claims of unjust enrichment might be justified by the fact that part of the premiums they paid were intended to go toward costs related to data security, the report said. However, some are skeptical that, as the cases advance, the plaintiffs will be able to prove that they expected these companies to follow specific security protocols, such as encrypting data on laptops.
Data breaches are becoming more common, as a result of problems ranging from device thefts, hacking attacks and even simple human error, but the effects can nonetheless be disastrous for both businesses and victims. Those affected by these incidents may want to do more to increase their protection by keeping a close eye on their various accounts and financial documents to make sure no transactions have taken place without their knowledge.