Why are Data Breach Cases important?
Without data breach class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.
Holding companies accountable for poor cybersecurity and data theft incidents helps ensure that consumers are better protected in the future.
Questions About Data Breach Lawsuits
- Get confirmation of the data breach and collect as many details about the incident as possible.
- Contact an attorney to investigate the complex litigation involved in security breach lawsuits.
- Try to find out what information was exposed and protect yourself as much as possible.
- Talk to an attorney before accepting any settlement direct from a company.
- Monitor your accounts and personal information closely.
Under current privacy law the firm or organization that is storing user data are responsible for data breaches and will pay any fines or damages that are the result of legal action. The actual data holder—an organization that provides cloud storage—is not usually legally implicated or held responsible in litigation.
The majority of data breach incidents are due to negligent or ineffective network security. Outside threats pose personal data risks for consumers, though there is also a risk with internal security and a cloud-based data network. Some common ways data can be compromised include:
- Exposing data in code banks
- Leaking data from misconfigured data buckets
- Expired security certificates
- Storing data with unsecured third party vendors
- Relaxed email security standards
- Negligent security
A Class Action is a lawsuit brought by an individual on behalf of all other similarly situated individuals. Rule 23 of the Federal and State Rules of Civil Procedure allows for Class Action lawsuits to resolve disputes in an efficient format.
Class Actions are typically filed when the amount of money in dispute for a single plaintiff would not justify litigating the case, but where the amount of damages of the entire class of Plaintiffs would justify the cost of litigation. Without class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.
In order for a case to be certified as a Class Action, the Court must determine that the case is appropriate for class action treatment under Rule 23. There are different elements depending on whether the case is seeking monetary or injunctive relief. In general, the Court must find the following elements are satisfied:
- Numerosity: The proposed class must be so numerous that simply joining the individual plaintiffs would be impractical. Generally, the class size should exceed 100 individuals.
- Common Questions of Law or Fact: The facts and/or legal questions in the dispute must be common to all class members. This does not mean all facts or issues must be identical, but the primary facts and law that will determine the issue in dispute must be common among all class members.
- Typicality: The named Plaintiff in the case must have the same facts and legal issues as the class they are proposing to represent. If the Plaintiff’s individual case involves issues of fact or law unique to that Plaintiff and are irrelevant to the ultimate issue, class certification may be denied by the Court.
- Plaintiff/Counsel Adequately Represents the Class: The Court must find that the Plaintiff and Plaintiff’s Counsel are competent and will protect the class’ interests.
- Predominance: Common questions of fact predominate over individual facts.
- Superiority: The Class Action is a more efficient and fair means of resolving the dispute. The Court will look at the following factors when making this determination: (1) Class Member interest in maintaining a separate action; (2) the extent of any litigation already begun by other class members; (3) desirability or undesirability of litigating the case in a particular Court ; (4) difficulties in managing the class.
What should you do following a data breach?
Have you received a data breach notification letter indicating your personal information may have been compromised? Following a data breach incident, victims should consider talking to a legal expert, and move quickly to take the following steps to help prevent identity theft and fraud:
- Confirm the data breach by contacting the “breached” company
- Learn exactly what kind of personal data was compromised
- Monitor your accounts for fraudulent activity
- Change your logins and passwords
- Keep a detailed record of suspicious activity
- Contact your bank and cancel credit cards if they have been leaked
- Stay alert for signs of future identity theft
- Sign up for a credit monitoring service