A Wake-up Call: Class Action Lawsuits for Data Breaches

Article Written by Renee H. Martin – Partner at Dilworth Paxson LLP
and Joseph Harford – Founder and President of Reclamere, Inc.

It seems that each day we all read about another data breach: Houzz, Dunkin’ Donuts, Advent health, and others. The concern for executives is not the “if” of a breach but the “when” of the incident. To compound the challenge, there is an emerging risk on the horizon, class action law suits. In its simplest form a class action lawsuit permits a small group of plaintiffs to bring a law suit on behalf of a larger group. Yes, it’s that simple. So why the surge in class action suits? First, data breaches are increasing in number and are getting larger in scope. Second, breach victims feel helpless and do not believe they have legal recourse. Third, data breaches make headlines and plaintiffs and their potential lawyers are more aware of potential benefits of a lawsuit. Fourth, legal theories are emerging and developing in such a way that they support the personal and financial damages experienced by data breach victims.

Let’s step back in time to the grade schools of the 70’s and slippery floors. As kids we probably remember that kid who ran across a terrazzo floor, slipped, and smacked his head on the floor. There was no yellow slippery when wet floor sign… just the laughter of classmates as he struggled to get up and not get in trouble. Today, slips and falls represent $$$ to plaintiffs’ attorneys. Along those same lines are dog bites, motorcycle accidents, and other incidents. Our society has grown more litigious and lawsuits more prevalent. Now we enter the 21^st century with incredible amounts a data everywhere and very little quality oversight and security. This data breach thing becomes the new horizon for litigators to make an incredible amount of money. The chasm between a data breach and damages is quickly closing and the leap to collect more in damages is growing.

Since class action lawsuits create significant financial exposure for damages paid to the class of plaintiffs, it is critical for you to minimize data breach risk. First, revise your incident response plan. Time is of the essence in responding to a data breach. Litigation and –and the news cycle surrounding the breach- move quickly. Your incident response plan should reflect a multi-disciplinary team approach. The team should include data security experts capable of conducting internal investigations and breach response, legal counsel with privacy and breach response expertise, including responding to governmental investigations at the state and federal level.

Don’t allow yourself to be at a disadvantage when the data breach happens. Arm yourself with a coordinated approach executed by a team capable of responding swiftly and effectively.