Following Sutter Health v. Superior Court (2014) 227 Cal.App.4th 1546, this decision holds that to state a claim under Civ. Code 556.36 and 56.101 for negligence in storing or disposing of medical information, the plaintiff must allege not just that the defendant negligently lost (or lost control of) confidential information about the plaintiff but also that the information was viewed or used by an unauthorized person. Confidentiality is the interest that those statutes protect, and by referencing common law principles of negligence, the statutes also incorporate the common law’s requirements of causation and harm to the protected interest in confidentiality. Merely showing that an unauthorized person downloaded or copied the confidential information is insufficient. Whether an unauthorized person viewed or used each plaintiff’s confidential information is an individual issue precluding class certification. It is not enough to show that an unauthorized person viewed or used some (other) portion of the medical records which also included a plaintiff’s medical information. So the trial court did not abuse its discretion in holding that individual issues predominated barring class certification.