data security privacy class actions identifying and
play

Data Security/Privacy Class Actions: Identifying and Mitigating the - PowerPoint PPT Presentation

Presenting a live 90-minute webinar with interactive Q&A Data Security/Privacy Class Actions: Identifying and Mitigating the Expanding and Evolving Risks THURSDAY, DECEMBER 4, 2014 1pm Eastern | 12pm Central | 11am Mountain |


  1. Presenting a live 90-minute webinar with interactive Q&A Data Security/Privacy Class Actions: Identifying and Mitigating the Expanding and Evolving Risks THURSDAY, DECEMBER 4, 2014 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Tracy D. Rezvani, Shareholder, Rezvani Volin & Rotbert , Washington, D.C. Linda D. Kornfeld, Partner, Kasowitz Benson Torres & Friedman , Los Angeles Donna L. Wilson, Partner, Manatt Phelps & Phillips , Los Angeles The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 .

  2. FOR LIVE EVENT ONLY Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory, you may listen via the phone: dial 1-866-869-6667 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.

  3. FOR LIVE EVENT ONLY For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps: In the chat box, type (1) your company name and (2) the number of • attendees at your location Click the SEND button beside the box • If you have purchased Strafford CLE processing services, you must confirm your participation by completing and submitting an Official Record of Attendance (CLE Form). You may obtain your CLE form by going to the program page and selecting the appropriate form in the PROGRAM MATERIALS box at the top right corner. If you'd like to purchase CLE credit processing, it is available for a fee. For additional information about CLE credit processing, go to our website or call us at 1-800-926-7926 ext. 35.

  4. FOR LIVE EVENT ONLY If you have not printed the conference materials for this program, please complete the following steps: Click on the ^ symbol next to “Conference Materials” in the middle of the left - • hand column on your screen. • Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program. • Double click on the PDF and a separate page will open. Print the slides by clicking on the printer icon. •

  5. Data Security/Privacy Class Actions: Identifying and Mitigating the Expanding and Evolving Risks Presented by Donna L. Wilson 310.312.4144 dlwilson@manatt.com Tracy D. Rezvani 202.350.4270 x101 trezvani@rezvanivolin.com December 4, 2014

  6. Outline 6  Latest litigation developments – Is Clapper the final word, or a pyrrhic victory, on the issues of standing? – Does standing even matter if you’re faced with (or wielding) a statutory damages claim? – If data is the new oil, will data breach and privacy become the new asbestos? Litigation and settlement trends.  Potential new areas of risk and reward; a defense and plaintiff view – Will big data lead to big problems for business and big opportunities for plaintiffs? – The Internet of Things: Assessing the risks – Potential game changers: FTC and AG actions and the role of potential new legislation

  7. Pre- Clapper 7  Putative Data Security/Privacy Class Actions – risk of harm, cost to mitigate, loss of value – Lambert v. Hartman , 517 F.3d 433 (6th Cir. 2008) (finding standing where plaintiff’s information was posted on a municipal website and then taken by an identity thief, causing actual financial loss fairly traceable to the defendant’s conduct) – Resnick v. AvMed, Inc ., 693 F.3d 1317 (11th Cir. 2012) (standing where plaintiffs had both been identity theft victims) – Pisciotta v. Old National Bancorp ., 499 F.3d 629 (7th Cir. 2007) (finding standing in a security breach class action suit against a bank based on the threat of future harm) – Krottner v. Starbucks Corp ., 628 F.3d 1139 (9th Cir. 2010) (finding standing in a suit where plaintiffs unencrypted information (unencrypted names, addresses and social security numbers of 97,000 employees) was stored on a stolen laptop, based on possibility of future harm)

  8. Pre- Clapper (cont’d) 8  Putative Data Security Class Actions – risk of harm, cost to mitigate, loss of value (cont’d) – Reilly v. Ceridian Corp ., 664 F.3d 38 (3d Cir. 2011) (finding no standing in a suit by law firm employees against a payroll processing firm alleging negligence and breach of contract relating to the risk of identity theft and costs to monitor credit activity), cert. denied, 132 S. Ct. 2395 (2012) - distinguished environmental and toxic tort cases – In re LinkedIn User Privacy Litig ., 932 F. Supp. 2d 1089 (N.D. Cal. 2013)

  9. Clapper: The Final Word or the Last Hurrah? 9  Differences among circuits re: sufficiency of injury for purposes of standing (present v. future injuries)  Game Changer? - Clapper v. Amnesty International USA , 133 S. Ct. 1138 (Feb. 26, 2013) – Threatened injury must be “certainly impending” to constitute injury -in-fact – The Court, however, re-affirmed Monsanto Co. v. Geertson Seed Farms , 130 S. Ct. 2743, 2754- 55 (2010) (“reasonable probability” or “substantial risk” sufficient for standing)  Effect of Clapper on data breach litigation – Plaintiffs have taken the position Clapper is limited to the facts. Defendants have relied upon Clapper to challenge standing based upon possibility of damages, steps taken to prevent future damages (i.e., future risk of identity theft, incurring costs for credit monitoring services). With a few exceptions, Defendants are winning…

  10. Clapper: The Final Word or the Last Hurrah? (cont’d) 10  In re Barnes & Noble Pin Pad Litigation, No. 12-cv-8617, 2013 WL 4759588 (N.D. Ill. Sept. 3, 2013) – relying on Clapper, dismissing class action for lack of standing. Rejected various theories of injury, including Barnes & Noble’s failure to promptly notify plaintiffs of security breach; increased risk of identity theft; and time and expenses incurred to mitigate risks of identity theft  Galaria v. Nationwide Mut. Ins. Co., 998 F. Supp. 2d 646 (S.D. Ohio 2014)  Remijas v. Neiman Marcus Group , 2014 WL 4627893 (N.D. Ill. Sept. 16, 2014)  Moyer v. Michael’s Stores, Inc. , No. 14 C 561 (N.D. Ill. July 14, 2014) (dismissing claims for breach of implied contract and state consumer fraud statutes based on Michael’s alleged failure to secure their credit and debit card information during in-store transactions)  Polanco v. Omnicell, Inc ., 2013 WL 6823265 (D.N.J. Dec. 26, 2013)- relying on Clapper , dismissing class action for lack of standing. Plaintiffs did not allege either misuse of plaintiffs’ PCI or PHI and court rejected theories of injury including increased risk of identity theft and time and effort to mitigate  But see, e.g., : – In re Sony Gaming Networks & Customer Data Sec. Breach Litig. , MDL 11MD2258 AJB MDD, 2014 WL 223677 (S.D. Cal. Jan. 21, 2014) (pre-dating Gallaria ) – In re Adobe Systems, Inc. Privacy Litigation , No. 13-CV-05226-LHK (N.D. Cal. Sept. 4, 2014) (relying on Krottner , and distinguishing Clapper and Gallaria ) – In re Google, Inc. Privacy Policy Litigation , 2014 WL 3707508 (N.D. Cal. July 21, 2014)

  11. Security Breach Litigation 11  Claims don’t always fit well into existing federal statutes – CL and state statutes  Is there any damage or loss?  Can the plaintiffs establish causation?  At the same time – expanding concepts of duty and breach – Patco Construction Co. v. People’s United Bank , 684 F.3d 197 (1st Cir. 2012) (holding defendant’s security procedures to not be commercially reasonable) – Anderson v. Hannaford Brothers Co ., 659 F.3d 151 (1st Cir. 2011)  Allowing negligence, breach of contract and breach of implied contract claims to go forward  Implied contract by grocery store to undertake some obligation to protect customers’ data  Class certification denied: In re Hannaford Bros. Co. Customer Data Sec. Breach Litigation , 293 F.R.D. 21 (D. Me. 2013) – Lone Star National Bank v. Heartland Payment Systems, Inc ., 729 F.3d 421 (5th Cir. 2013)

  12. Security Breach Litigation (cont’d) 12  Potential MDL treatment – In re: Target Corp. Customer Data Security Breach Litig ., 2014 WL 1338473 (MDL 2014) (50+ cases) – Home Depot: at least 44 civil lawsuits pending, with a motion before the Judicial Panel for Multi-District Litigation seeking to have at least some of the cases heard in the Northern District of GA. Hearing to be held December 4 th

Recommend


More recommend