California prison workers settle data breach lawsuit

The settlement awarded a total of $175,000 to 23 plaintiffs to pay for credit monitoring services and court costs
The settlement awarded a total of $175,000 to 23 plaintiffs to pay for credit monitoring services and court costs

The settlement came after five years of litigation stemming from two incidents in 2006 when the prison allowed inmates to dispose of personnel files of employees and kept the records in an unsecured area that inmates could access, according to a report by the Del Norte Triplicate newspaper.

The information included social security numbers, driver licenses, and home addresses on at least 64 employees, including wardens and correctional officers.

The plaintiffs argued that the California Department of Corrections and Rehabilitation (CDCR) violated the state’s Information Practices Act, was negligent, and inflicted emotional distress on the victims.

The settlement awarded a total of $175,000 to 23 plaintiffs to pay for credit monitoring services and court costs.

In response to the lawsuit, the department changed its policies, noted George Mavris, an attorney for the plaintiffs. “I think as a result of this lawsuit, Pelican Bay has taken a lot of steps to be in compliance with the Information Practices Act”, Mavris told the newspaper.

Inmates are no longer allowed to assist staff with records to be archived or destroyed, and a supervisor must be present at all times while employees are destroying documents, a spokesperson for the CDCR said.

 

What’s Hot on Infosecurity Magazine?