Wednesday, 06 November 2013 04:19

Resnick et al. v. AvMed Inc.: Groundbreaking Agreement for Data Breach Plaintiffs

Written by 
Rate this item
(0 votes)

AvMed Inc., a corporation that provides health care services via health plans and managed-care plans sponsored by the government, has made an innovative settlement by which plaintiffs who were not victims of identity theft will be allowed to share in the funds awarded in a data breach class action lawsuit. The settlement is expected to set a precedent for other class actions resulting from data breaches.

According to court documents, "in December 2009, two laptop computers were stolen from that office. Those laptops contained AvMed customers’ sensitive information, which included protected health information, Social Security numbers, names, addresses, and phone numbers. AvMed did not take care to secure these laptops, so when they were stolen the information was readily accessible. The laptops were sold to an individual with a history of dealing in stolen property. The unencrypted laptops contained the sensitive information of approximately 1.2 million current and former AvMed members."

A district court dismissed the plaintiffs' claims against AvMed in 2011, finding they had failed to show "cognizable injury" from the theft of the laptops. However, the Eleventh Circuit Court of Appeals reviewed the case in September of 2012, noting that the suit should go forward because the plaintiffs made an "explicit connection" between stolen materials and the subsequent opening of fraudulent bank accounts.

The appeals court also upheld the unjust enrichment count, in which plaintiffs argued that they should be able to get back some of the money they paid to AvMed, since part of their insurance premiums was slated for the company's expenses arising from data protection initiatives.

This decision led to the creation of the innovative portion of the settlement, which is designed to reimburse the plaintiffs for the amount that was supposed to go toward protecting their personal information.

According to the appeals court, "The district court held that among its other deficiencies, the Complaint failed to state a cognizable injury. We find that the complaint states a cognizable injury for the purposes of standing and as a necessary element of injury in Plaintiffs’ Florida law claims. We also conclude that the Complaint sufficiently alleges the causation element of negligence, negligence per se, breach of contract, breach of implied contract, breach of the implied covenant of good faith and fair dealing, and breach of fiduciary duty under Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 127 S. Ct. 1955 (2007), and Ashcroft v. Iqbal, 556 U.S. 662, 129 S. Ct. 1937 (2009). The Complaint similarly alleges facts sufficient to withstand a motion to dismiss on the restitution/unjust enrichment claim. However, the Complaint fails to allege entitlement to relief under Florida law for the claims of negligence per se and breach of the implied covenant of good faith and fair dealing. We therefore reverse in part, affirm in part, and remand the case to the district court for further proceedings."

Under the agreed-upon settlement, AvMed will give back $10 to its customers for every year they purchased insurance from the firm, up to $30. This is in addition to returning funds to the individuals who suffered identity theft due to the theft in 2009 of the laptop computers.

U.S. District Judge James Lawrence King provided preliminary approval to the agreement, and if it receives final approval in a hearing on February 28, 2013, the settlement is expected to set a precedent that data breach plaintiffs can utilize in the future.

Resources

Resnick et. al. v. AvMed, Inc.

 

Read 2884 times Last modified on Wednesday, 06 November 2013 04:27
Login to post comments