In Oregon, the courts have upheld an important ruling related to a business that was breached, and responded by rapidly and proactively tackling the impacts to the business itself and the consumers put at risk. This resulted in winning a $75 million civil law suit. Below is a quick overview and straight link to the details. Highly applicable to all data breaches, and specifically for sensitive data (such as PCI data):
The Oregon Supreme Court last week affirmed the dismissal of a class action lawsuit against Providence Health & Services-Oregon arising out of the theft of patient data on backup media that were stolen from an employee’s car in late 2005.
The case underscores the importance of taking prompt and effective action to protect patients after a data breach. The Supreme Court noted approvingly the substantial—and costly—steps Providence took to protect its patients in the wake of the theft.
See the full write up here “Rapid Response to data breach pays off“