Indiana Company Sued for $300k for Failing to Notify About Security Breach

First off, thanks to everyone who came to listen to Stanfield Hiserodt speak on Data Privacy and Security at the Innotech Conference last week.  It was a solid turn out and a good discussion. 

In keeping with the theme, we came across this story via Businessweek.com about the Indiana Attorney General's office suing insurance company WellPoint for $300,000.  Apparently, WellPoint allowed sensitive customer information, including health records and credit card data, to sit on an unsecured server for several months.  WellPoint discovered this back in February, but apparently took its sweet time in notifying the affected customers.  They didn't give the required notice until June.

There are currently 45 states with breach notification laws.  If you handle sensitive customer data, make sure you have a plan in place to notify your customers as quickly as possible or you will feel the wrath of the Attorney General.