Hacked company agrees to $3 million data breach settlement
A Florida company is out $3 million because it failed to take adequate steps to prevent outsiders from stealing its customer’s personal data. On October 21st, AvMed Inc., a health insurance provider, reached a $3 million settlement agreement with individuals affected by a data breach that occurred when two unencrypted laptops containing personal information were stolen from its corporate offices in 2010. Consumer information potentially exposed as a result of the breach included individuals’ names, addresses, Social Security numbers, and health information.
The price tag on this settlement agreement should serve as a strong reminder to the hospitality industry of the disastrous consequences that can result from something as “minor” as the theft of some basic customer information. As a part of the AvMed settlement agreement, the company was ordered to institute mandatory security awareness and training programs for all employees, including training on information security.
To avoid having to learn a very expensive lesson in the necessity of proper employee information security training, hotels are well advised to use PCI training modules or other custom learning solutions to protect themselves and their guests’ private data. For more information, please follow this linkto an article by Venza partner, AGG, on this case and data breach liability in general.
This blog post was created by the law firm Arnall Golden Gregory (AGG). The Venza Group has partnered with AGG to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards. The Venza Group also has partnered with AGG to create interactive eLearning modules to train hoteliers on general privacy and security awareness issues and on prevention of sexual harassment by employees and guests