Feeds:
Posts
Comments

Posts Tagged ‘data privacy’

An article posted by my colleagues Judy Selby and Zack Rosenberg in the BakerHostetler Class Action Lawsuit Defense Blog raises some important issues for any company that could find itself the target of a class action lawsuit.  With the proliferation of data privacy and other consumer class actions, that’s just about any company these days.  The article, titled Courts Are Liberally Construing Litigation Insurance Coverage for Class Action Defenses and So Should Defendants, addresses the important issue of liability insurance covering class action lawsuits.  

I’m often surprised in speaking with in-house attorneys and risk management personnel that they are unaware of the extent to which their current insurance coverage might protect them if they were ever sued in a class action, and that they have not considered certain types of specialty lines insurance, such as cyber risk insurance, that might protect them from potentially catastrophic liability and defense costs arising out of a class action.  This is an especially important consideration for companies in industries that aren’t frequently targeted in class actions, because those companies may not think about the benefits of insurance protection until it’s too late.

Read Full Post »

Data breach cases are popular targets for class actions these days because a single incident of hacking or theft can expose the sensitive personal or financial information of millions of people at a time.  However, a key hurdle in these cases has been proof of harm sufficient to satisfy the Article III injury-in-fact standard for cases filed in the federal courts (or in state courts that apply a similar injury-in-fact standard).  Recently, plaintiffs have been attempting to get around the standing problem by alleging that they had to incur credit monitoring fees or other out-of-pocket expenses due to a fear of identity theft.

Shannon Tan, associate corporate counsel for Raymond James Financial, Inc., in St. Petersburg, FL, recently authored an insightful article for the IAPP newsletter The Privacy Advisor, titled Supreme Court Wiretap Ruling Upholds Stringent Standing-To-Sue Requirements.  Tan’s article discusses the potential impact of the Supreme Court’s decision in Clapper v. Amnesty International USA on the question of Article III standing in civil data breach cases.  Tan points out that while Clapper is case involving alleged wiretapping by the government, it is likely to make it more difficult for plaintiffs to meet the Article III standing requirements in civil data breach cases because data breaches often don’t result in any immediate harm but only a threat of potential future harm.  A threat of harm must be “certainly impending” to satisfy the Article III standard set forth in Clapper.  This issue is exacerbated in the class action context, because even if some members of the class can prove actual harm, such as identity theft, it is a rare case where the plaintiff would have some common proof that identity theft occurred for all class members, a problem that recently doomed certification of a class action in In re Hannaford Bros. Co. Customer Data Security Breach Litigation.

Read Full Post »

My article for the University of Denver Law Review’s Online Edition entitled Statutory Penalties and Class Actions: Social Justice or Legalized Extortion?  was posted today.  The article discusses potential reforms to address the problem of class actions for statutory penalties giving rise to potentially annihilating liability in cases involving little or no actual harm.  Please check it out.  While you’re there, check out some of the other excellent content on a wide variety of legal topics that the DU Law Review has to offer in its online supplement to its regular print publication.

Read Full Post »

Work commitments have prevented me from posting over the past week, but I wanted to take the opportunity to point out that there have been some notable developments in the privacy class action area over the past week.  Judy Selby covered these developments in a recent blog post for the BakerHostetler Class Action Defense and Data Privacy Monitor blogs.  Selby’s post, titled Hannaford v. comScore – Up and Down Results for Privacy Class Action Defendants, compares and contrasts two recent decisions, one granting and one denying class certification, in privacy cases.

Read Full Post »

The Baker Hostetler Privacy and Data Protection Team has published a comprehensive guide to the data privacy laws in countries around the world.  The International Compendium of Data Privacy Laws summarizes the civil, criminal, and regulatory data breach and other privacy laws of more than 40 countries.

 

Read Full Post »

I’m pleased to announce that the BakerHostetler Class Action Defense Team has just released its 2012 Year-end Review of Class Actions, a joint project with the firm’s Employment Class Actions, Antitrust, and Data Privacy practice teams.  See below for a synopsis of the project.  Click the link above to access a copy of the report itself:

We are pleased to share with you the BakerHostetler 2012 Year-end Review of Class Actions, which offers a summary of some of the key developments in class action litigation during the past year. Class action litigation continues to persist in all areas of civil litigation despite the Supreme Court’s 2011 decisions in AT&T Mobility v. Concepcion and in Wal-Mart Stores, Inc. v. Dukes, which were seen by many commentators as marking the beginning of the end of class actions as we know them. But while the Supreme Court’s 2011 decisions have had a significant impact on class action litigation, they have not brought about its demise and are not likely to do so anytime soon. In the last two years, we’ve seen landmark decisions and the addition of important judicial gloss to those decisions. 2013 will be no different as the Supreme Court is set to weigh in on a series of key cases this spring.

We hope you find this Review a useful tool as you move forward into the new year. This comprehensive analysis of last year’s developments in class action procedure and jurisdiction, as well as developments by subject matter will hopefully provide context and insight as you look ahead to 2013’s expected trends in class action law, including the proliferation of privacy class action litigation and class action litigation relating to the LIBOR rate-fixing scandal.

Read Full Post »

My colleagues at BakerHostetler have put together some great content on several class action-related topics recently that readers should find interesting.

First, the Baker Hostetler Class Action Defense Team issued an executive alert today discussing the Supreme Court’s decision to grant certiorari in another case involving class arbitration waivers.  The alert, titled U.S. Supreme Court Considers Arbitration Clauses and Class Actions Next Year, summarizes the issues to be addressed in Oxford Health Plans LLC v. Sutter.  The alert was authored by newly elected Cleveland Partner Ruth E. Hartman and Class Action Defense Team Leader Ernie Vargo.

Another executive alert, titled Recent Trends in Class Actions for Telephone and Fax Solicitation and Advertising, was issued last week by the Privacy and Data Protection and Class Action Defense Teams.   The alert, authored by my colleague in Denver, Justin Winquist, summarizes the latest trends in class action litigation under the Telephone Consumer Protection Act (TCPA).

Finally, my partner Casie Collignon authored a blog post yesterday with an update on the latest in the ongoing saga of Dukes v. Wal-Mart on remand following the U.S. Supreme Court’s decision.  The post is entitled, California District Court Awaits Class Certification Motion in Wal-Mart.

Read Full Post »

Those of you who enjoyed the recent CAB summary of the presentation on privacy class actions at the ABA’s 16th Annual Class Actions Institute will be interested to know that the re-submitted settlement agreement in Fraley v. Facebook, No. No. C 11-1726 RS (N.D. Cal) was preliminarily approved Monday by Judge Richard Seeborg.  Here is a link to a Reuters article by Jessica Dye summarizing the settlement and the court’s decision.

 

 

Read Full Post »

This is the fifth of what will be six posts summarizing my notes of the six presentations at the ABA’s 16th Annual Class Actions Institute held last month in Chicago.  For more on this excellent conference, see my October 31, November 5, November 6, and November 18 CAB posts.

Session 4 was one of the highlights of the conference for me, as it covered a hot area of class action litigation that has recently become a focus of my own practice and likely a focus for many readers of this blog: privacy class actions.  It was titled “My Kind of Case, Pri-va-cy Claims,” The Hottest New Trend in Class-Action Litigation.  Fred Burnside moderated another excellent panel, which consisted of his partner Stephen M. Rummage, who offered a defense view, Jay Edelson, who offered the plaintiff’s view, and the Honorable James F. Holderman, who offered insights from the bench.

Privacy cases can roughly be broken down into two categories: 1) cases involving alleged negligence, such was when consumer data is stolen or compromised through hacking or theft, and 2) intentional breaches of privacy, such as through the sale of private information for marketing purposes.  The panel covered both types of cases.

Data Breach Cases Arising Out of Alleged Negligence

Much of the early jurisprudence in this area has related to the question of whether a breach of privacy without any financial loss is a cognizable injury sufficient to confer standing on a plaintiff.  In general, many of the federal district courts that have dismissed data breach class actions due to a failure to allege or prove injury have done on Article III standing grounds.  However, there are signs that this tide could be turning.  A specific example is the Eleventh Circuit’s decision in Resnick v. AvMed, Inc., No. 11-13694 (11th Cir. Sept. 5, 2012), in which the court overturned the dismissal of a data breach complaint on the grounds that allegations of actual identity theft resulting from information on a stolen computer was sufficient injury to confer standing. 

The Resnick decision also illustrates a developing theory of relief in data breach cases, which is the theory that a failure to protect customer data amounts to unjust enrichment or breach of an implied contract.  One of the theories in Resnick was that a portion of the health insurance premiums that the plaintiff had paid to the defendant was in exchange for the defendant’s promise to safeguard the plaintiff’s private information and that the defendant would be unjustly enriched by being allowed to keep the full value of the premiums due to its alleged failure to protect the data from theft.  The Eleventh Circuit held, without discussion, that these allegations were sufficient to withstand a motion to dismiss a claim for breach of implied contract or unjust enrichment under Florida law, although it upheld the dismissal of claims for negligence per se and for breach of the covenant of good faith and fair dealing.

In contrast to Resnick is a recent federal district court decision dismissing claims arising out of a Sony Gaming Networks breach (link courtesy of Law360).  The case was largely dismissed under FRCP 12(b)(6) due to the plaintiffs’ inability to allege an injury resulting from the breach.  One key difference between the two cases seems to be the inability of the plaintiffs in the Sony case to allege any identity theft resulting from the breach.  The probability of a dismissal for lack of injury or standing in a data breach class action does appear to be higher where there is no evidence of identity theft or other use of any compromised information.  Similarly, allegations of across-the-class-damages, such as those brought under a breach of contract theory, have fared better than allegations of individualized damages, such as identity theft.   

Intentional Privacy Breach and Statutory Damages Cases

An area creating a unique set of problems is privacy class actions seeking statutory damages, such as class actions seeking damages under the Video Protection Privacy Act, or VPPA.  Several high-profile cases have been filed against Netflix, Best Buy, and others under this statute, which provides for $2,500 per violation in statutory damages. 

The problem for all parties in these types of cases is that the statutory damages, when aggregated over hundreds, thousands, or even millions of consumers, can become crippling to the defendant, making a settlement at even close to the maximum aggregate value of the claims a practical impossibility. 

This creates a problem in settlement approval: how is a court supposed to judge what settlement  amount is reasonable in a case where the damages sought would be crippling if the plaintiff were to win at trial?

The case of Murray v. GMAC Mortgage Corporation, 434 F.3d 948 (7th Cir. 2006) provides a good illustration of this dilemma.  The case involved a potentially crushing recovery of statutory damages under the Fair Credit Reporting Act.  The trial court had declined to approve a settlement that would have resulted in a $3,000 award for the named plaintiff, or three times the maximum statutory damages award, and potentially leaving less than $1 for each of the remaining class members, or less than 1% of the minimum statutory award.  The Seventh Circuit reversed the trial court’s decision, but it punted on the question of what would be a reasonable settlement given the “ruinously high” statutory damages at stake in the case.  The Murray case does seem to stand for the proposition that you can’t just pluck a number out of the air in setting a settlement amount.

A more recent example was the proposed settlement in Fraley v. Facebook, No. No. C 11-1726 RS (N.D. Cal).  An initial settlement proposal that provided for a $10 million cy presaward and no cash payments to class members was rejected in August.  See this link to Order Denying Motion for Preliminary Approval courtesy of consumerwatchdog.org.  In that order, Judge Seeborg made the following observation about the quandary presented in the case:

The issue this presents appears to be a novel one: Can a cy pres-only settlement be justified on the basis that the class size is simply too large for direct monetary relief? Or, notwithstanding the strong policy favoring settlements, are some class actions simply too big to settle? 

Under a revised proposed settlement, each claimant would be entitled to receive up to $10, but if the total claims plus the attorneys’ fee award exceeds the entire $20 million amount available under the settlement, the claims will be reduced pro rata.  If there are so many claims that the per claim amount became less than $5, then the Judge will have discretion to decide to award the funds to a charity as a cy pres award.  Another unique facet of the revised settlement is that Facebook is allowed to challenge the attorneys’ fee amount requested by plaintiffs’ counsel.

The panelists discussed Edelson’s struggle in attempting to bring class actions under the California “Shine the Light” law, which requires companies to disclose to whom they are selling customers’ information.  Edelson said he has lost almost all of those cases, but he is hopeful of a turnaround in the appellate courts.  This let to a broader point about the development of privacy class actions.  New theories have traditionally been unsuccessful at the trial court level, but oftentimes patience and perseverance has paid off for the plaintiffs’ bar.

One common type of privacy-related statutory damages class action is class actions under the Telephone Consumer Protection Act (TCPA), which prohibits unsolicited faxes and automated telephone calls.  Edelson noted that cases under the TCPA are settling for between  $150-400 per unsolicited fax/call.  The statutory damages amount is $500 per unsolicited fax or call, and $1,500 for willful violations.  A trend in TCPA cases, especially in the Ninth Circuit, has been TCPA class actions based on unsolicited text messages.

In general, intentional privacy cases tend to be good certification cases, and the real battles tend to be on the merits.  However, even in statutory damages cases, there can still be defenses to class certification.  Ascertainability of the class can often be an issue.  For example, the question of whether a given class member consented to certain types of direct marketing or the release of private information to third parties can often be an individualized question that prevents class certification. 

A common question that arises in statutory damages cases is whether the named plaintiff must prove some sort of injury to herself and/or members of the putative class in order to recover statutory damages.  In some situations, courts have held that no proof of injury is required at all for the recovery of statutory damages.  There are generally two standing questions 1) is there constitutional standing to sue; and 2) is there statutory standing under the statute on which the claims are based.  One justification that plaintiffs offer for why statutory damages would be awarded without proof of injury is that is provides a means of disgorging ill-gotten gains from the defendant.

Parting Thoughts

The panel offered some good advice for practitioners, including the following kernels of wisdom: 1) Understand that privacy cases strike a particular nerve with both consumers and courts; people don’t like the idea that their private information is being used for an improper purpose(this is an area where plaintiffs’ lawyers often don’t have much difficulty convincing plaintiffs to participate in the legal process); 2) Counsel your clients upfront on privacy issues to avoid the situation where a class action becomes an issue.  2) Keep track of what Jay Edelson is doing to make sure you are up on the latest trends. 

In closing, the panel offered thoughts on the problem of statutory damages being aggregated into excessive damages amounts that a defendant is unlikely to pay in settlement and a court is unlikely to ever award.  If nobody thinks that a plaintiff should get $1 billion for a mere technical statutory violation, then why not change the law to reflect what the plaintiff really be able to recover?  One of the problems in this area is that the techology moves much faster than the legislative process.  Congress is always passing legislation to deal with an old problem.

Read Full Post »

Reuters contributor Alison Frankel authored an insightful column published August 20, 2012 entitled Foretelling the End of Money-for-Nothing Class Actions, that touches on issues similar to those raised by Brian Wolfman in two recent articles summarized in this August 15 CAB post.  In her column, Frankel comments on a recent trend, particularly in data privacy class actions, where large fee awards are requested in settlements for which no meaningful relief is provided to class members.  Oftentimes, the fee awards are justified by the value of prospective injunctive relief or by the fact of a large cash payment to charity in the form of a cy pres award, but not by any direct benefits to the class members themselves.

Frankel predicts that we have seen the “high point” in what she terms “money-for-nothing” class action settlements, pointing to a growing skepticism among judges who are asked to approve them.  While it remains to be seen if this prediction will come true, Frankel’s article, like Wolfman’s articles, should at least give pause to class action attorneys who are willing to sell out a class for personal gain: you may be getting away with this now, but at some point the courts will begin to look beyond the desire to clear their dockets and begin to question the societal value of these settlements.

Read Full Post »

Follow

Get every new post delivered to your Inbox.

Join 52 other followers