WellPoint, a health insurance company, and the Indiana attorney general’s office recently settled a lawsuit over a breach in an online application tracker website operated by WellPoint and its affiliates. As a result of the breach, personal information (including social security numbers, financial information, and health records) were publicly accessible on WellPoint’s website from October 2009 to March 2010. WellPoint notified individuals of the breach, but took 100 days to do so. The Indiana AG alleged that this failed to meet the “without unreasonable delay” requirement for breach notice under the Indiana law. As part of the settlement, WellPoint agreed to pay $100,000.WellPoint, a health insurance company, and the Indiana attorney general’s office recently settled a lawsuit over a breach in an online application tracker website operated by WellPoint and its affiliates. As a result of the breach, personal information (including social security numbers, financial information, and health records) were publicly accessible on WellPoint’s website from October 2009 to March 2010. WellPoint notified individuals of the breach, but took 100 days to do so. The Indiana AG alleged that this failed to meet the “without unreasonable delay” requirement for breach notice under the Indiana law. As part of the settlement, WellPoint agreed to pay $100,000.

TIP:   Companies should ensure that they are positioned to provide notice promptly in the event of a breach.