For the last five years, BCLP has published the data security industry’s leading analysis of data breach class action litigation.1 As part of that study, BCLP reviews every class action complaint that is filed in a federal court against a private entity and that alleges recovery based upon a data security breach. BCLP also reviews all public data breaches reported by a third party tracking company. Using those data points, BCLP calculates a data breach litigation conversion rate – i.e., the percentage of publicly reported data breaches that turn into federal class action litigation. The data breach litigation conversion rate has been relatively consistent fluctuating between 3.3% and 5.7%:
It should be noted that the data breach litigation conversion rate does not account for state court litigation that was not removed to federal court.2
Despite the historical stability of the data breach litigation conversion rate, BCLP anticipates a significant increase in 2020 as a result of the ability of plaintiffs’ attorneys to seek statutory damages under the CCPA.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. See 2019 Data Breach Litigation Report available at https://www.bclplaw.com/images/content/1/6/v6/163774/2019-Litigation-Report.pdf.
2. BCLP excluded state court litigation as state courts are inconsistent in their publication of filed complaints such that the inclusion of state-filed complaints that were not removed to federal court would inadvertently over-represent or under-represent the quantity of filings in any state as compared to the overall universe of class action filings.