Well, it took some time, but it looks like the lack of laptop encryption software is translating into a headache for Starbucks.
If you’ll recall, the coffee company announced the theft of a laptop computer back in November. There was talk at the time of a class-action suit, but I didn’t think that nothing would come of it.
I noted at the time that
“…a stolen laptop with sensitive information is not grounds for a class-action suit. Supposedly, it’s because you can’t sue for what may happen; you can only sue after something has happened — and what has to happen is ID theft, which has to be directly tied to the laptop theft. The theft of the laptop itself is considered to be no different from the theft of an ordinary object, like a car. (And, again, I’m not a lawyer)”
I’m still not a lawyer…and, it looks like laws haven’t changed in the meantime, either. According to spamnotes.com, the site that broke the news, there have been other cases–outside of Washington state–where companies were sued for similar scenarios. Plaintiffs lost in both cases. Spamnotes.com notes, though, that it may be a different story this time due differences in regional laws.
Plus, there are rumors that there are ID theft cases that can be tied directly to the stolen laptop. If this is true, it certainly fulfills the conditions I’ve mentioned in the above quote. The trick is to show that it ties directly and is the only source, though.
With so many companies suffering from data breaches, who’s to say that the ID theft experienced by SBUX employees didn’t come from some other source?
The Class Action Suit Is Asking For…
Extension of 1-year credit monitoring to 5 years.
Periodic audits of Starbucks’s computer systems to ensure security
I’ve already noted that the 1-year monitoring must be costing Starbucks nearly a million dollars, even with a discount.
What Starbucks Has Already Done (Supposedly)
Chances are, this will do more to protect the company–and its employees–from future breaches. In fact, this probably should have been rolled out about a couple of years back, when they had a substantial data breach.
Why the delay? My guess is that the MBA-types at the company finally figured out that using data encryption programs to protect information on computers is much cheaper–in raw numbers as well as when trying to account for fuzzy externalities–than shelling out over half-a-million every couple of years for credit monitoring services.
In Unrelated News…
A 19-year old snatched a laptop computer from a Starbucks patron after he was told that the customer’s computer could not be used to “check his Facebook account.”
He was arrested and charged with “robbery by sudden snatching.” I thought the term was made-up by a harried journalist. Not so.
Maybe it’s just me, but aren’t all snatchings sudden? I mean, you can’t have a languid snatching….