By Terry Baynes
Feb 6 (Reuters) - A federal judge in California has
tentatively approved a settlement between CBR Systems Inc, which
stores stem cells from umbilical cord blood, and nearly 300,000
clients whose personal data was on computer equipment stolen
from an employee's car.
U.S. District Judge Michael Anello of the Southern District
of California on Tuesday granted preliminary approval to the
agreement, which requires CBR to provide affected customers up
to two years of credit monitoring and insurance and to improve
its data security measures.
The deal stems from an incident in December 2010 when CBR
equipment, including a laptop, external hard drive, a USB drive
and other materials were stolen from an employee's car outside
In January 2012, a CBR client, Eileen Johansson-Dohrmann,
sued on behalf of hundreds of thousands of customers whose data
was exposed, accusing CBR of failing to adequately protect the
information. The lawsuit also said CBR was late in notifying
customers of the privacy breach.
Under terms of the proposed settlement, reached last
November, CBR will have to provide credit monitoring and
identity theft insurance to each affected class member, as well
as cash reimbursements for any losses resulting from identity
Plaintiff's lawyer Patrick Keegan estimated that the credit
monitoring package was worth up to $112 million to the class
members, according to court documents. The settlement also
provides up to $600,000 in payment to the plaintiff's lawyers.
Keegan did not immediately respond to a request for comment.
CBR and its lawyer, Joseph Tiffany of Pillsbury Winthrop
Shaw Pittman, did not immediately respond to requests for
comment on the settlement.
The settlement approval by Anello comes on the heels of a
separate deal between the Federal Trade Commission and CBR
stemming from the same stolen-computer incident. In the FTC
deal, CBR agreed to set up an informational security program and
submit to security audits by independent contractors every year
for 20 years, the agency said.
CBR has said that it now encrypts sensitive data and is
working toward complying with the FTC's requirements, according
to CBR's director of corporate communications.
The settlement is in the case Johansson-Dohrmann v. CBR
Systems Inc, U.S. District Court for the Southern District of
California, No. 12-1115.
For the plaintiff class: Patrick Keegan of Keegan & Baker.
For CBR Systems: Joseph Tiffany and Connie Wolfe of
Pillsbury Winthrop Shaw Pittman.
Follow us on Twitter @ReutersLegal | Like us on Facebook