Here’s an interesting progression in how to address the growing data breaches that occur largely from ignored, overlooked, and/or inadequate security practices…
“Starbucks sued after laptop data breach”
“A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach. Laura Krottner was one of 97,000 employees notified late last year after a Starbucks laptop containing employee names, addresses and Social Security numbers was stolen on Oct. 29. Krottner’s suit accuses the company of fraud and negligence.”
This should catch the attention of organizations who do not want to invest appropriately for information security and privacy safeguards.
Will this start a trend with employees suing their employers when breaches occur? Possibly. Of course it depends on the situation whether or not such lawsuits will make it to court, let alone bring a hefty judgment against the organization where a breach of employee information occurred.
What the employee is asking for in the suit is generally reasonable…
- Extending credit monitoring for all employees to 5 years. Smart criminals (yes, they are out there, they just don’t get caught) know to wait a good long time before using stolen personally identifiable information (PII) for crime
- Have periodic security audits. Every organization should.
- “Unspecified damages”…this could be a wide range of things
And this is the third time Starbucks has lost a laptop containing employee PII…the first time the PII about 60,000 employees was lost!!
For goodness sake, why would any organization need to load the personal information of all their employees…97,000 of them…onto a laptop and take out of the facilities!!? If there is some valid reason…ENCRYPT IT…MONITOR THE LAPTOP…AUDIT THE USE!!!!
Three times.
Laptops with employee PII.
Lost.
Amazing.
Ridiculous!
The judgment in this case could set an important precedent.
Tags: awareness and training, encryption, identity theft, Information Security, IT compliance, IT training, laptop theft, policies and procedures, privacy training, risk management, security training, Starbucks, stolen laptop