Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defending Security Breach Putative Class Action Litigation 2017

Published byIrene Bailey Modified over 6 years ago

Similar presentations

Presentation on theme: "Defending Security Breach Putative Class Action Litigation 2017"— Presentation transcript:

1 Defending Security Breach Putative Class Action Litigation 2017
Ian C. Ballon, JD, LLM, CIPP/US Greenberg Traurig LLP (310) (650) Google+, Facebook, Twitter, LinkedIn: Ian Ballon

2

3 SECURITY BREACH LAW AND LITIGATION

4

5

6 Security Breach Litigation
Claims don’t always fit well into existing federal statutes – Common law and state statutory claims Standing – In General To establish injury in fact, a plaintiff must have suffered “an invasion of a legally protected interest” that is “concrete and particularized” and “actual or imminent, not conjectural or hypothetical” Clapper v. Amnesty International USA, 133 S. Ct (2013) (5-4) Spokeo, Inc. v. Robins, 136 S. Ct (2016) (Alito) (compromise 6-2) Mere fact that a plaintiff states a claim under a federal statute that does not require a showing of injury or damage does not mean that the plaintiff has standing “Particularization is necessary to establish injury in fact, but it is not sufficient. An injury in fact must also be ‘concrete.’” Concrete means “’real,’ and not ‘abstract.’” Intangible injuries may be concrete. In determining whether an intangible harm constitutes injury in fact, both history and the judgment of Congress play important roles. (1) Does an alleged harm have “a close relationship to a harm that has traditionally been regarded as providing a basis for a lawsuit in English or American courts.” (2) Congress may elevate to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate in law.” However, “Congress’ role in identifying and elevating intangible harms does not mean that a plaintiff automatically satisfies the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right. Article III standing requires a concrete injury even in the context of a statutory violation.” The risk of real harm could satisfy the requirement of concreteness in appropriate circumstances Putative Data Security Class Actions Risk of harm, cost to mitigate, loss of value (credit monitoring services) Most circuit court cases still pre-date Clapper Lambert v. Hartman, 517 F.3d 433 (6th Cir. 2008) (finding standing where plaintiff’s information was posted on a municipal website and then taken by an identity thief, causing actual financial loss fairly traceable to d’s conduct) Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012) (standing where plaintiffs had both been identity theft victims)) Pisciotta v. Old National Bancorp., 499 F.3d 629 (7th Cir. 2007) (finding standing in a security breach class action suit against a bank based on the threat of future harm) Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010) (finding standing in a suit where plaintiffs unencrypted information (unencrypted names, addresses and social security numbers of 97,000 employees) was stored on a stolen laptop, based on possibility of future harm) Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011) (finding no standing in a suit by law firm employees against a payroll processing firm alleging negligence and breach of contract relating to the risk of identity theft and costs to monitor credit activity), cert. denied, 132 S. Ct (2012) - distinguished environmental and toxic tort cases Security Breach Litigation

7 Security Breach Litigation
In re Sony Gaming Networks & Customer Data Security Breach Litig., 996 F. Supp. 2d 942 (S.D. Cal. 2014) (dismissing claims for negligence, negligent misrepresentation and breach of implied warranty (disclaimed in user agreements) and under NY and Michigan consumer protection laws, but allowing plaintiffs’ CLRA claim to proceed) In re SAIC Corp., 45 F. Supp. 2d 13 (D.D.C. 2014) (granting in part, denying in part defendant’s motion to dismiss in a case brought by victims of a government data breach involving 4.7 million military members and their families) In re Adobe Systems, Inc. Privacy Litig., 66 F. Supp. 2d 1197 (N.D. Cal. 2014) (user names, passwords, credit and debit card numbers, expiration dates, addresses for 38 million customers) Cal Civil Code claim for failure to maintain reasonable security, declaratory relief No claim for alleged delay in providing consumer notice where no traceable harm; UCL In re Target Corp. Customer Breach Litigation. 66 F. Supp. 3d 1154 (D. Minn. 2014) Remijas v. Neiman Marcus Group, 794 F.3d 688 (7th Cir. 2015) Followed Adobe in distinguishing Clapper as a case where the risk of future harm was more attenuated. Here, there was a theft. NM customers shouldn’t have to wait for identity theft to occur before suing because “it is plausible to infer a substantial risk of harm” from breach Mitigation expenses Declined to address theories based on overpayment or control of PII as a property right Lewert v. P.F. Chang’s China Bistro Inc., 819 F.3d 963 (7th Cir. 2016) (time and expense incurred to prevent fraudulent charges) Galaria v. Nationwide Mut. Ins. Co., _ F. App’x _, 2016 WL (6th Cir. 2016) Cheatham v. ADT Corp., 161 F. Supp. 3d 815 (D. Ariz. 2016) (puffery) FTC v. Wyndham Worldwide Corp., 799 F.3d 236 (3d Cir. 2015)

8 Defending Security Breach Putative Class Action Litigation 2017
Ian C. Ballon, JD, LLM, CIPP/US Greenberg Traurig LLP (310) (650) Google+, Facebook, Twitter, LinkedIn: Ian Ballon

Download ppt "Defending Security Breach Putative Class Action Litigation 2017"

Similar presentations

Remedies Against Govt Defendants – Some Basics 11 th amendment bars suits against the State, unless Lawsuit is against state officer in their official.

Remedies Against Govt Defendants – Some Basics 11 th amendment bars suits against the State, unless Lawsuit is against state officer in their official.
Q3 LAW NOTES 1 TORTS.

Q3 LAW NOTES 1 TORTS.
Constitutional Law Part 4: The Federal Judicial Power

Constitutional Law Part 4: The Federal Judicial Power
Commercial Law (Mgmt 348) Professor Charles H. Smith Professional Liability and Accountability (Chapter 51) Spring 2009.

Commercial Law (Mgmt 348) Professor Charles H. Smith Professional Liability and Accountability (Chapter 51) Spring 2009.
Judicial Review Getting Into Court Standards of Review Remedies.

Judicial Review Getting Into Court Standards of Review Remedies.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
It Takes the Net Profit From Many Audits to Offset the

It Takes the Net Profit From Many Audits to Offset the
Idell & Seitel LLP, 2008 The Litigation Horizon Richard J. Idell The Idell Firm LLP.

Idell & Seitel LLP, 2008 The Litigation Horizon Richard J. Idell The Idell Firm LLP.
Law I Chapter 18.

Law I Chapter 18.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Chapter 26 Warranties and Other Product Liability Theories Twomey, Business Law and the Regulatory Environment (14th Ed.)

Chapter 26 Warranties and Other Product Liability Theories Twomey, Business Law and the Regulatory Environment (14th Ed.)
1 Chapter 51 Liability of Accountants and Other Professionals.

1 Chapter 51 Liability of Accountants and Other Professionals.
McMillan v McMillan (Va. 1979). JONES v RS JONES & Assoc (Va. 1993)

McMillan v McMillan (Va. 1979). JONES v RS JONES & Assoc (Va. 1993)
Introduction to Administrative Law and Process The Administrative Procedure Act Getting Into Court Standards of Judicial Review.

Introduction to Administrative Law and Process The Administrative Procedure Act Getting Into Court Standards of Judicial Review.
> > > > Business Law Appendix A. Legal System & Administrative Agencies The judiciary is the court system, the brand of government responsible for settling.

> > > > Business Law Appendix A. Legal System & Administrative Agencies The judiciary is the court system, the brand of government responsible for settling.
Investigating & Preserving Evidence in Data Security Incidents www.ScottandScottllp.com Robert J. Scott Scott & Scott, LLP 214-999-2902.

Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
Overview of Cybercrime

Overview of Cybercrime
Business Law. Your neighbor Shana is using a multipurpose woodcutting machine in her basement hobby shop. Suddenly, because of a defect in the two-year.

Business Law. Your neighbor Shana is using a multipurpose woodcutting machine in her basement hobby shop. Suddenly, because of a defect in the two-year.
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:
Exploring Business © 2009 FlatWorld Knowledge 16-1 The Legal and Regulatory Environment of Business.

Exploring Business © 2009 FlatWorld Knowledge 16-1 The Legal and Regulatory Environment of Business.

Similar presentations

Ads by Google