Best Buy Co. Inc. has survived some data breach claims that its Geek Squad division leaked a customer’s data to a police captain’s father.
U.S. District Judge L. Scott Coogler of the Northern District of Alabama tossed claims that Best Buy breached its contract with customer Sharon Standifer, acted recklessly, suppressed knowledge of the data breach, and caused emotional distress.
The company will have to face breach of fiduciary duty, data theft, fraudulent misrepresentation, and general negligence claims related to the 2015 Geek Squad data transfer gone wrong, the court ruled.
Data breach litigation can cause financial and reputational headaches for companies. The legal consequences of alleged haphazard data security can be draining—be it for one customer’s data ending up on another’s laptop or a nationwide data breach.
The parties also disputed how the data transfer impacted Standifer. The plaintiff said she has had business-related problems and tax return issues due to the data transfer mix-up. Best Buy countered that Standifer has not lost any clients nor seen any loss in business revenue.
Standifer cited sufficient evidence of harm to continue those claims in court, Coogler wrote Jan. 30.
Data Transfer Mistake
Standifer claimed that she took her laptop to Best Buy’s Geek Squad division for a data transfer. She eventually asked Best Buy to stop the data transfer. However, Standifer’s sensitive personal information, including tax returns, family medical history, and business documents, ended up on the laptop of a Tallahassee, Fla. police captain’s father.
Standifer’s forensic investigators allegedly found that the data had been transferred while both devices were in Best Buy’s possession. But the investigators were unable to show who transferred the data.
Best Buy and Standifer both moved for pre-judgment rulings in their favor. Judge Coogler paired back some of the claims, but allowed Standifer to continue her data breach case against Best Buy.
The case is Standifer v. Best Buy Stores LP, 2019 BL 30089, N.D. Ala., No. 16-cv-01176-LSC, 1/30/19.
To read more from Privacy & Data Security Law News pleaseOR Request Trial