InfoBytes Blog
Federal District Court Holds Allegations of Failure to Protect Data Insufficient to Support Stored Communications Act Claim
Last month, the U.S. District Court for the Northern District of Illinois held that a company’s failure to protect personal information does not violate the Stored Communications Act (SCA) because the company did not knowingly divulge the personal information. Worix v. MedAssets Inc., No. 11-8088, 2012 WL 787210 (N.D. Ill. Mar. 8, 2012). In this case, a computer hard drive belonging to the defendant, a firm that provides financial services for health care providers and as such handles the personal and confidential information of individuals, was stolen. The plaintiff, one of the individuals whose personal information was stored on the hard drive, alleged on behalf of a putative class that the defendant violated the SCA when it failed to adequately secure the protected personal information. The court held that the plaintiff could only support allegations that the defendant knowingly failed to protect the data and the plaintiff failed to offer the proof required by the SCA that the defendant knowingly divulged protected information. The court also dismissed the plaintiff’s common law negligence claims and statutory fraud claims, holding that the plaintiff failed to allege actual damages when claiming an increased risk of identity theft and monitoring costs.