Look for additional data breach class action cases, standing decisions and shareholders’ derivative suits in 2016

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

2015 was a banner year for data breaches and associated class action litigation. Toward the end of the year, class action cases were filed the same day as the notification (related post here). Based upon the data breach fallout in 2015, there is no doubt that 2016 is setting itself up to be another frenzied year of data breaches.

It used to be that class actions weren’t filed or didn’t make it past a Motion to Dismiss for lack of standing, and the case law was pretty uniform until this year. Now, plaintiffs’ attorneys are using new theories of liability such as benefit of the bargain or state law statutes to defeat Motions to Dismiss, and several cases, including Tabata, are considered outliers.

Not only do we predict that data breaches will explode in 2016, but the corresponding class actions filed following the breaches will be assumed and not a surprise. We also predict that more decisions will be handed down at both the federal and state level on standing to sue in a data breach case, and when you have more cases, it is inevitable that there will be more outliers. I used to comment frequently about how the case law on standing in data breach cases is surprisingly consistent. Unfortunately, I am not sure I will be able to continue to say this in 2016.

And on top of that, companies can also assume that a shareholder’s derivative suit is in the mix as well. Although the derivative suit against Wyndham Worldwide was dismissed in October of 2014, these suits have been filed against Target and Home Depot following those data breaches.

Companies can learn from the Wyndham dismissal now. In that case, Wyndham was able to show that the directors discussed cybersecurity during board meetings and did not disregard the risk, because the minutes of the meetings reflected the discussion of the risk. Cybersecurity is a risk that boards would do well to pay attention to and document that the board is questioning whether the organization is taking appropriate measures to protect its data in order to combat shareholders’ derivative suits.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide