We published Part I of our “Anthem Breach Retrospective” in January 2017. Coincidentally, at around the same time several plaintiffs in one of the earliest filed cases arising out of the Anthem data breach voluntarily asked a judge in the Northern District of California to dismiss their lawsuits. The requests for dismissal came after Judge Cousins ordered select plaintiffs to comply with a discovery request by Anthem, requiring them to submit their computers to an independent forensic examiner to determine whether malware caused data or credentials to be stolen from the plaintiffs’ computers even before the breach of Anthem’s systems. In other words, Anthem wanted to know whether someone else caused the plaintiffs’ alleged injuries.
Legally, it isn’t surprising that Anthem should be entitled to this kind of information through discovery because it pertains to the issue of causation. Anthem wanted to know if the plaintiffs’ personal information was compromised under circumstances having nothing to do with Anthem, months before the Anthem breach. In discovery, it was fair game for Anthem to seek to compel these plaintiffs to comply with its request – even if it requires the disclosure of confidential information. But, it appears that at least one of these plaintiffs dropped out of the suit because he did not wish to disclose possibly confidential information in a lawsuit where he is suing because of alleged negligence with respect to confidential information.
CONTINUE READING . . .