The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Indiana Attorney General Seeks $300,000 for Failure to Provide Timely Notice

Leave a comment

Last Friday, the Indiana Attorney General’s office announced that it filed suit against WellPoint, Inc. for failure to comply with Indiana’s notice of breach law.  The suit alleges that WellPoint did not notify 32,000 affected customers or the Attorney General’s office in a timely manner.  Indiana’s law requires that breached entities provide notice to affected individuals and the Attorney General’s office without unreasonable delay.  Ind. Code § 24-4.9.

The Attorney General alleges that between October 2009 and March 2010, WellPoint used an unsecured website in order to accept applications for insurance.  These applications asked for individuals’ social security numbers, financial information and health records.  Because the website was not secure, this information was available to the public online.

The complaint also states that WellPoint was notified on February 22, 2010 and March 8, 2010 that these applications and personal information were viewable on its website.  However, WellPoint did not start notification of affected individuals until June 18, 2010.  The Attorney General is seeking $300,000 in civil penalties. 


Author: Heather Enlow-Novitsky

VP, Assistant General Counsel, Bank of America Merchant Services

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s