Re: When is a Flaw Not a Flaw
> Are there any rules on data confidentiality in the USA that would allow a customer, or even a worried person with dental issues to sue for worry and anxiety?
There's something called the HIPAA (Health Insurance Portability and Accountability Act) that appears to have been violated. The Privacy Rule covers "any part of an individual's medical record or payment history". The Security Rule states that "Information systems must be protected from intrusion. When information flows over open networks, some form of encryption must be utilised." (quotes are from Wikipedia)