Standing to Bring Consumer Data Breach Claims
In his Corporate Litigation column, Joseph M. McLaughlin writes: More and more companies have been experiencing data breaches, and predictably, consumers who believe their information was compromised have been suing the breached companies. But courts have been grappling with a threshold question: Have the consumer plaintiffs suffered an actual harm sufficient to establish standing to sue in federal court under Article III of the Constitution?
April 08, 2015 at 10:00 PM
13 minute read
Security experts say that there are two types of companies in the United States: “those that have been hacked and those that don't know they've been hacked.”1 More and more companies have been experiencing data breaches, and “the absolute size of the breaches is increasing exponentially.”2 Predictably, consumers who believe their personal and/or financial information was compromised by a data breach have been suing the breached companies. But there is a threshold question with which courts have been grappling in recent data breach cases: Have the consumer plaintiffs suffered an actual harm sufficient to establish standing to sue in federal court under Article III of the Constitution?
Last month, a Minnesota federal judge preliminarily approved a class action settlement between Target Corporation and a class of consumers asserting claims arising from the 2013 breach of Target's computer network, which affected the personal and/or financial information of up to 110 million customers. Target agreed to pay a total of $10 million to consumers “whose credit or debit card information and/or whose personal information was compromised as a result of the data breach” and to implement and maintain specified data security measures for a period of five years.3
The Minnesota district court had denied Target's motion to dismiss in December 2014, permitting the majority of the plaintiffs' claims to move forward, and ruling that the plaintiffs had standing to pursue their claims against the retailer. The standing ruling departed from many other recent consumer data breach case rulings, in which courts—often relying on the Supreme Court's 2013 Article III standing decision in Clapper v. Amnesty International USA—have determined that consumer plaintiffs did not adequately allege actual injury. The decision in In re Target Corporation Consumer Data Security Breach Litigation may be unsettling for corporations, as it suggests that, at least in certain jurisdictions, consumer data breach actions may be a more serious threat than previously thought.
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Trending Stories
- 1The Law Firm Disrupted: For Big Law Names, Shorter is Sweeter
- 2Wine, Dine and Grind (Through the Weekend): Summer Associates Thirst For Experience in 'Real Matters'
- 3'That's Disappointing': Only 11% of MDL Appointments Went to Attorneys of Color in 2023
- 4What We Know About the Kentucky Judge Killed in His Chambers
- 5'I'm Staying Everything': Texas Bankruptcy Judge Halts Talc Trials Against J&J
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250