The Supreme Court of Oregon has once again dismissed a claim for the victims of the 2006 information leak.
Providence Health & Services, a health care provider in the state, lost the records for around 365,000 people in 2006. A Providence employee left discs and other types of data which contained clients' personal information, some going back 20 years, in his personal car. The car was broken into and the information was stolen. Social security numbers were among the lost data. Afterwards, when the incident became known to the mass media, lawmakers established a series of security protection measures in Oregon. The Providence clients expected to receive compensation for damages and for compromising their records, but a judge denied settlement of these claims in 2007.
Six years later, the court has again dismissed the victims' claim, based on the fact that the information was not used in any way by a third party. Providence also provided free credit card monitoring for two years to all victims, costing them $195,000. The corporation also adjusted their security systems in order to avoid any similar future incidents.
Nikolai Fedotov, head InfoWatch analyst: “In our database leaks, there are many incidents in which it is not clear whether a laptop was stolen for the laptop or for the data. Obviously there are occurrences in which a device is stolen, but the confidential information contained within is not used for fraud. It is not always possible to establish this. But in this case, it seems to have been established definitively. And if that is so, then justice demands not punishing the defendants too harshly. In any court decision, it's important to consider if the consequences were damaging or if it simply passed.”