After going to a link on Information Week, I discovered that the plaintiff in question, Raelyn Campbell started a blog to chronicle her battle with the retailer.
The blog states Raelyn's intention in her own words:
I have filed a lawsuit against Best Buy and launched this blog in an effort to bring attention to the reprehensible state of consumer property and privacy protection practices at America's largest consumer electronics retailer, with the hope that it might motivate Best Buy to effect changes and spare future consumers the experience I have been subjected to -- or worse.
Whether due to what seems to be a plague of bad customer service, inept employees or a combination of both, Raelyn charges that:
Her laptop went missing and the Geek Squad initially couldn't find it in their computer.
That later on, a computer entry mysteriously appeared which leads to speculation that the Geeks were covering their tracks.
She tried to settle for $5,000.00, but was continuously low-balled by Best Buy.
After she filed a law suit, Best Buy tried to offer $2500.00.
Raelyn declined this offer because (in her own words):
I advised Best Buy's lawyer that I would drop the suit if Best Buy would provide compensation for my expenses and time and address the shortcomings in its property and privacy protection practices.Additionally Raelyn is charging that Best Buy broke D.C. law by not notifying her immediately that she could become an identity theft victim.
Her blog has a lot of links to other allegations of employee abuse at Best Buy, which can be seen, here.
Of note, this episode -- no matter whether you think a $54 million law suit is called for or not --brings up the very real problem of all the portable data we carry being exposed when we drop it off somewhere for repairs.
It's a far shot that a responsible business would knowingly employ personnel that steal, but dishonest employees are a reality in today's world. Since information isn't inventoried and can be copied, protecting it is a little more difficult than other assets such as money or merchandise. In fact, most of the time when information is stolen, no one ever probably notices it is missing (my opinion).
Since information is worth a lot of money, this poses a problem.
This leaves a lot of things to consider and my guess is that protecting information is going to be a hot subject for a long time to come.
There are a slew of comments on the blog, both bashing and praising Raelyn for this action. Please note on blogspot, Raelyn can control the comments and therefore is being transparent by publishing them all.
To end this post, I will refer to (what I consider) some sage advice and commentary from three SANS newsbite editors:
[Editor's Note (Pescatore): I was thinking of suing my employer for about that much for forcing to me to carry a laptop all the time. This does point out an issue where some companies have allowed employees to do business on personal laptops that get repaired at places that don't protect them very well, and then the business information ends up on eBay and thousands of customers have to get notified, etc. etc.
(Cole): This will continue to happen; so two key take aways. One, use folder level encryption with a strong passphrase so repair people will not have access to your data. Full disk encryption will not work, since the techs need to log into the system. Second, backup of all of your critical data on a removable drive.
(Schultz): It is easy to predict that lawsuits of this kind are going to proliferate in the future. Many organizations have been downright irresponsible in handling personal and financial information, let alone others' computers. The threat of a lawsuit is likely to force such organizations to radically tighten their procedures for handling such information and computing equipment.
If you are interested in reading more from the SANS people, I've provided a link to their SANS Newsbites page, here.