Anthem Won't Get Access to Victims' Computers

April 12 — Health insurer Anthem Inc. won't get access to or forensic images of the named plaintiffs' computer systems in a data breach litigation resulting from a cyberattack on the insurance company, the Northern District of California held April 8.

Anthem Inc. moved to compel the plaintiffs to provide access to or forensic images of their computer systems to determine whether those computers contain malware, viruses or other indicators suggesting their information was compromised before the cyberattack. The plaintiffs objected, arguing the discovery was highly invasive and burdensome.

While the court agreed with Anthem that the information might be probative of causation, the court cited newly amended Federal Rule of Civil Procedure 26 for the premise that “not all relevant information must be discovered,” and that the court must consider whether discovery is proportional to the needs of the case.

“The Court finds that the burden of providing access to each plaintiff's computer system greatly outweighs its likely benefit,” the court explained. “There is an Orwellian irony to the proposition that in order to get relief for a theft of one's personal information, a person has to disclose even more personal information, including an inspection of all his or her devices that connect to the internet…If the Court were to grant Anthem's request, it would further invade plaintiffs' privacy interests and deter current and future data theft victims from pursuing relief.”

The court denied the motion, noting the discovery was disproportional to the needs of the case.

Magistrate Judge Nathanel M. Cousins wrote the order.

For More Information