Tag:data-breach

1
Cybersecurity Lessons Learned From the FTC’s Enforcement History
2
Class Certification Trends in Consumer Data Breach Litigation—Individualized Damages Theories May Preclude Certification

Cybersecurity Lessons Learned From the FTC’s Enforcement History

By: Soyong Cho, Andrew L. Caplan

In 2014, cybersecurity and data breach incidents regularly made the headlines, with the reported breaches becoming increasingly large and complex. As in the past, these data breaches have inevitably been followed by a flurry of class actions and government investigations. But amid this flurry of activity, one federal regulator in particular, the Federal Trade Commission (the “FTC” or “Commission”), has unquestionably been the most prominent and active cybersecurity enforcer.

To read the full alert, click here.

Class Certification Trends in Consumer Data Breach Litigation—Individualized Damages Theories May Preclude Certification

By: Nicholas Ranjan and James P. Angelo

In the last two years, there has been a proliferation of class action lawsuits filed in response to high-profile data breaches compromising the personally identifiable information of customers of various companies. Major corporations including Target, Coca-Cola, and Michaels have all fallen victim to such suits. In many cases, a single data breach event has spawned dozens of class action lawsuits (for example, Target, at one point, faced over 100 such suits in a number of jurisdictions, which have since been consolidated in an MDL).

Although a number of class actions in the data-breach context have been filed, there have been relatively few class certification decisions at this point. However, as the pending cases make their way to the class certification stage, two recent decisions may prove useful for defendants in attempting to defeat class certification—principally, on the basis of Federal Rule of Civil Procedure 23(b)(3)’s “predominance” requirement. That is, In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., 293 F.R.D. 21 (D. Me. 2013) and Comcast v. Behrend, 133 S.Ct. 1426 (2013), suggest that class certification may be difficult in certain types of data breach cases due to the existence of individualized damages issues, which may undercut the predominance of common questions necessary to pursue a class action.

To read the full alert, click here.

 

Copyright © 2023, K&L Gates LLP. All Rights Reserved.