Around 80,000 people are seeking $40 million in compensation for the loss of their data on an unencrypted USB flash drive by Ontario’s Durham Region.1
Around 80,000 people are seeking $40 million in compensation for the loss of their data on an unencrypted USB flash drive by Ontario’s Durham Region.
According to Durham Region, the data was personal information about people who had been vaccinated against the H1N1 flu virus. The class action suit was given the go ahead by Justice Peter Lauwers of the Ontario Superior Court of Justice, with a Bowmanville resident appointed as the ‘representative’ of the class.
Among the claims in the suit are that the Region was negligent, there was a breach of a fiduciary duty, violation of privacy and breach of the Canadian Charter of Rights and Freedoms.
The USB key was lost in the parking lot of the regional headquarters by a public health nurse in December 2009. Information on the key included names, addresses, phone numbers, dates of birth, health card numbers, the name of a primary physician and personal health information provided when they got the vaccination.
We are seeing a rise in privacy class actions that are certainly making it clear to organizations that there can be a significant cost associated with privacy breaches. Recently a $200 million class action was commenced against Honda Canada for a breach in which 283,000 customers`details were exposed. In May of this year, following one of the largest information security breaches in history, a class action lawsuit was filed against Sony Online Entertainment in which damages in excess of $1 billion are being claimed for Canadian PlayStation users. Clearly, organizations want to avoid such class action suits, and thus we are moving in a direction where investing in good privacy practices upfront becomes more more and more appealing.1