Is company liable for employees’ stolen SSNs?
November 23, 2009 by Sam NarisiPosted in: Compliance, In this week's e-newsletter, Latest News & Views, mobile technology
Starbucks was recently sued after a laptop containing private info about employees was stolen. Did the court hold the company responsible for the theft?
The swiped computer contained the names, addresses and social security numbers of about 97,000 Starbucks employees.
A group of workers sued the company for negligence. One of the employees claimed a bank told him someone had tried to open a bank account using his name and SSN. The account was immediately closed. None of the other employees experienced any other signs of fraud.
Starbucks argued it couldn’t be held liable, because the employees didn’t suffer any actual consequences. The judge agreed and dismissed the case — without suffering any actual damages, the employees had no reason to sue.
The key to keeping the employees’ info from being misused and escaping liability: The company acted quickly. Shortly after the theft, Starbucks:
- reported the crime to police
- notified all affected employees and advised them to take steps to protect themselves, and
- offered to pay for a year of credit monitoring services for all interested employees.
Cite: Kottner v. Starbucks
FinanceTechNews.com delivers the latest Finance news once a week to the inboxes of over 150,000 Finance professionals.
Click here to sign up and start your FREE subscription to FinanceTechNews!
Tags: identity theft, laptop, Starbucks, stolen
December 1st, 2009 at 6:14 pm
Excuse me but hasn’t anybody at Starbucks IT ever heard of something called encryption? If the IT or Security department(s) didn’t have some sort of policy in place to protect sensitive data on any portable or removable device by encrypting it, shame on them. The IT and/or Security head(s) should be fired.