SHRM reports that, while the complaint acknowledges the company sent notice to affected employees that the laptop contained their names and social security numbers, it alleges the notice was inadequate because it did not provide sufficient information about the disclosure to enable affected individuals to protect themselves from improper uses of the stolen information.
The plaintiff also accused GE of not having reasonable safeguards in place by maintaining the information on a portable laptop and external hard drive in an unsecure location, and by failing to encrypt the information, according to SHRM. The complaint asks the court to order full disclosure of the types of information that could have been accessed from the laptop.
The suit also seeks compensation for all members of the class for costs they incur resulting from the disclosure and reasonable measures they will need to take to protect against identity theft.
According to news reports, GE announced the laptop stolen in September, and said those affected would be notified by mail and the company was setting up free credit monitoring and insurance against identity theft for the individuals.
A GE spokesman said in the news reports the laptop was stolen for its own value, rather than for the data contained on it, and there was no sign the data had been used improperly.
There was a rash of reports on information theft via stolen company computers in 2006, including two instances from the Veterans Administration (See Latest Theft of Veteran Data Resolved ) and an incident from Boeing that was its third reported theft in slightly over a year (See Another Boeing Laptop Stolen ).