woman sues rogers for exposing affair to husband

Can mobile carriers be liable for divorce? I guess we’ll find out soon enough. There was a story in the Toronto Star this morning that told of a woman who is suing Rogers for $600,000 because her husband left her. She alleges this was caused by Rogers taking the liberty of sending her husband a consolidated bill when he signed up for internet and home phone. They apparently then lumped in her cell phone bill, which she alleges she did not request. When the husband saw the bill and noticed a series of long phone calls, he called the number and apparently found out about his wife’s affair.

Needless to say, Rogers is asserting that it is not liable, primarily it seems on the basis of lack of causality – i.e. it was the affair that led to the break-up, not the disclosure of personal information. Of course the wife will argue that the break-up would not have happened but for Rogers disclosure, which is likely alleged to be in contravention of her agreement with Rogers or the Canadian Personal Information Protection and Electronic Documents Act.

Interestingly, on the latter front, she apparently did not choose to make a complaint to the federal privacy commissioner, instead deciding to proceed by way of a statement of claim in the Ontario Superior Court.

I have my doubts as to the likelihood of her success. Despite the unfortunate circumstance she and her two young children now find themselves, I don’t think the courts will have much sympathy for her claim. Even if there were a breach by Rogers, I’m not sure how much in the way of damages she would be awarded. The question here would be whether the court believes the damages would have been foreseeable by Rogers. I think that would be unlikely. But who knows. In any event, I’m sure this is a case that The Ashley Madison Agency will be following very closely.

data/privacy breaches – costs are increasing – time for investment?

An interesting piece in E-Commerce News about a new report from PGP and Poneman about the cost of data/privacy/security breaches and the reasons for them. Some excerpts:

Data breach incidents cost U.S. companies US$202 per compromised customer record last year compared with $197 in 2007 according to the study. The average total per-incident cost rose to $6.65 million in 2008 up 5.3 percent from $6.3 million in 2007.

Healthcare and financial services companies experienced the highest customer churn rates — 6.5 percent and 5.5 percent respectively.

Third-party organizations accounted for more than 44 percent of all data breaches in 2008 and the resulting investigation and consulting fees made these the most costly form of data breaches.

Nearly 90 percent of all cases in the 2008 study involved insider negligence.

Many of the security problems companies face are preventable — but most organizations don t have the right software tools and security policies in place to deal with data breaches he observed.

“It s a combination of software and risk management ” explained Ponemon. “Good technology like encryption data-loss prevention tools and data-access tools can help — but they re not the complete answer because so many of these incidents are due to negligence and carelessness.”

Of course, there is a bit of of a conflict here given that the sponsors of the study also happen to offer security solutions. Nonetheless, the figures are important to keep in mind to drive home the point that the direct costs (not to mention the reputational costs) of a privacy or data breach are very real. And very substantial. Hopefully, some figures like this will prompt companies to invest more in proactive measures to reduce the risk (and costs) of privacy breaches.

If you’re beyond that stage, then you might want to read this: Practical Tips for Responding to Privacy Breaches (full disclosure: I work for the firm that published this article).