Skip to main content

My personal information was compromised. Can I sue?

Columbus, GA |

An employee of a third party insurance vendor handling claims for my company emailed a file containing my name, address, date of birth, and social security of mine and over 5,000 other employees. Some of the information has been sold. I feel like there should have been some kind of barrier in place to prevent this.

Attorney Answers 2

  1. More detail would be needed as to what actually happened. If this entity has the industry standard safeguards in place, and this employee committed in intentional wrongful act in contravention of their policy, the likelihood is that this entity will not be held legally liable for the intentional superseding wrongful act of this individual. You do not know for sure there was no barrier. As long as what they have in place was reasonable and within the industry standard, it'll suffice legally. This isn't the pentagon we're talking about, it's an insurance vendor. If an employee is hellbent on stealing info, then there's not much that can be done. Your name, address and date of birth are public record. Your social security number is more sensitive, while some lawyers argue that it is in fact government issued an public, we can all agree the damage that can be done with it in the wrong hands is more significant. But again, if the industry standard i.e., is to have a firewall and an access code, and they have this, then they can not really be liable. Also, for you to sue, you must show the court with evidence that you suffered economic damage you hope to recover. You can not sue for damages that have not yet occurred.

    We do not have an attorney-client relationship. I am not your lawyer. The statements I have made do not constitute legal advice. Any statements I have made are based upon the very limited facts you have presented, and under the premise that you will consult with a local attorney. This is not an attempt to solicit business. This disclaimer is in addition to any disclaimers that this website has made. I am only licensed in California.

  2. The first step would be to review your data protection agreements with them; whether you consented to it; the second step would be to review the applicable state and federal law; only then you could determine if you have legitimate causes if action. | | 202-738-1382 | DISCLAIMER: This information is intended for public and educational use only, it does not form an attorney-client relationship and it is not intended as legal advice. Nothing replaces a confidential consultation with an attorney. This communication may be considered attorney advertising. Do not post any privileged information, instead contact an attorney directly.