Firms Warned About the Impact of Class Actions on the Cost of Data Breaches

Legal experts stress that courts are starting to allow more lawsuits to continue

By on October 26th, 2012 12:01 GMT

Legal experts warn that a company’s responsibilities increase considerably and so do the risks of facing class-action lawsuits in case a security breach occurs and there's “big data” involved.

Sharon R. Klein and Jeffrey L. Vagle, attorneys at Pepper Hamilton LLC, highlight the fact that in many US states class action-lawsuits are facilitated by data breach laws.

So far, in many cases, the judge has dismissed the case if plaintiffs could not provide sufficient evidence that the data breach caused actual losses.

A perfect example is the class-action lawsuit against Sony. Since the individuals whose details became exposed as a result of the hack could not prove that they suffered any real damages, the judge ruled in Sony’s favor.

However, this is not always the case.

“A pivotal question for standing is establishing injury-in-fact, which has successfully prevented certification of many purported data breach class actions. Recent cases, however, have been breaking down the court’s resistance to class certifications, raising the stakes in data breach and privacy cases,” the attorneys explained.

They provided several examples from all over the US to demonstrate that although there were some cases in which the court dismissed class actions, there were numerous situations in which suites were allowed to continue, especially when there was enough evidence to show that the affected individuals could suffer losses.

“The likelihood of a data breach or privacy issue occurring in any business has become a virtual certainty. Class action lawsuits stemming from such incidents have upped the ante with the potential of millions of dollars of attorneys’ fees if not damage recoveries,” the experts wrote.

“All companies would be prudent to increase their risk mitigation efforts to beef up administrative, technical, and physical security to prevent data breaches coupled with enforcing security and privacy policies and procedures and strengthened indemnification provisions with third parties who have access to a company’s data.”

They highlight the fact that such measures can also help when it comes down to convincing a judge that there are no grounds for a class-action lawsuit.

Comments