follow-up: Appeals court absolves firm that exposed man's SSN

[security curmudgeon <jericho () attrition org>]

http://www.theregister.co.uk/2010/06/04/privacy_suit_absolution/

Appeals court absolves firm that exposed man's SSN
No harm, no foul
By Dan Goodin in San Francisco
Posted in Law, 4th June 2010 21:15 GMT

A man whose social security number and other personal data were exposed by 
a company that processed his job application has no legal claims because 
no actual damage resulted from the privacy breach, a federal appeals court 
has ruled.

The decision, issued late last week by the Ninth US Circuit Court of 
Appeals, is likely to make life more difficult for people suing Facebook 
and other companies in California for not adequately protecting user 
information. It upheld a lower court ruling that said the mere possibility 
of damage and the cost of monitoring credit reports didn't count as the 
harm needed to bring a lawsuit under laws in the state.

The case arose from the theft of one or more laptops from Vangent, a 
company that processed job applications for clothing retailer The Gap. 
We're guessing it's the same mega breach The Gap reported in late 2007 
warning that sensitive information for more than 800,000 individuals was 
exposed when laptops with unencrypted contents were stolen.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php