There is a great deal of misunderstanding concerning data security breach-related class actions. In large part the media and the legal media have exaggerated the quantity (and success) of class action litigation.
The following provides an overview of the risks associated with lawsuits following data security breaches.1
The percentage of data breaches that lead to lawsuits.2
The increased odds of being sued if the breach was caused by a company’s unauthorized disclosure or disposal of data.3
The decreased odds of being sued if a company provides free credit monitoring following a breach.4
Settlement rate for data breach lawsuits.5
Increase in likelihood of settlement post class-certification.6
The increased odds of settlement where the cause of the breach is a cyber-attack.7
Decline in the quantity of data breach class action filings.8
Decline in unique defendants of class action filings.9
Number of different legal theories alleged by plaintiffs.10
What factors you should look at when considering the likelihood of receiving a class action complaint following a data breach:
1. Romanosky, et al, Empirical Analysis of Data Breach Litigation, 11(1) Journal of Empirical Legal Studies June 1, 2012), http://www.econinfosec.org/archive/weis2012/papers/Romanosky_WEIS2012.pdf.
8. Bryan Cave LLP, Snapshot of Bryan Cave’s 2016 Data Breach Litigation Report, https://d11m3yrngt251b.cloudfront.net/images/content/8/3/v2/83697/Data-Privacy-Infographic.pdf
10. Bryan Cave LLP, 2016 Data Breach Litigaiton Report, at 9, available at https://d11m3yrngt251b.cloudfront.net/images/content/8/2/v2/82494/DataBreachLitigationReport.pdf.