On March 22, the Western District of Washington granted a motion to remand cases removed from state court in In re Fred Hutchinson Data Security Litigation, 2:23-cv-01893-JHC, 2024 WL 1240681 (W.D. Wash. March 22, 2024). In doing so, it highlighted for litigators and companies alike a lesson in the importance of understanding how courts determine citizenship when determining diversity jurisdiction under the Class Action Fairness Act (“CAFA”).Continue Reading Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court
Amy Doolittle
District Court Quickly Reinstates Class Certification in Marriott Data Breach Litigation
Earlier this fall, the Fourth Circuit vacated the district court’s class certification order in the Marriott data breach MDL because of the potential applicability of a class action waiver defense. See In re Marriott Int’l Consumer Data Security Breach Litig., 78 F.4th 677 (4th Cir. 2023). Our post on this decision can be found here. On remand, the district court took little time to conclude that Marriott had waived the class action waiver in the Choice of Law and Venue provision of the putative class members’ contracts and that regardless “the adhesive provision, buried on the last page of the Terms cannot direct this Court to ignore the provisions of Rule 23 of the Federal Rules of Civil Procedure.” In re Marriott Int’l Consumer Data Security Breach Litig., 2023 WL 8247865 (D. Md. Nov. 29, 2023). The district court thus reinstated the classes as earlier certified.Continue Reading District Court Quickly Reinstates Class Certification in Marriott Data Breach Litigation
Recent Marriott Data Breach Class Action Decision Underscores the Importance of Class Action Waivers
Data breaches are an all-too-familiar issue, affecting businesses of all sizes and across all industries. Beyond dealing with the operational and reputational impacts and other resulting fallouts of a data breach, businesses also face enhanced class action litigation risk.
A recent high-profile case serves as a valuable reminder that companies should consider reliance upon a well-established mechanism of mitigating class action litigation risk. In In re Marriott International, Inc., Consumer Data Security Breach Litig., 78 F.4th 677 (4th Cir. 2023), the Fourth Circuit Court of Appeals reversed the district court’s certification order in a data breach class action dispute due to the effect of a class action waiver signed by all putative class members. The Marriott decision demonstrates how class action waivers can be utilized as a core strategy for mitigating heightened data breach litigation risks.Continue Reading Recent Marriott Data Breach Class Action Decision Underscores the Importance of Class Action Waivers
No Injury = No Article III Standing in Data Breach Class Action
As we have discussed here at CPW, one of the biggest challenges facing a plaintiff in a data breach class action is to establish an injury from the alleged data breach. Earlier this week, in David De Midicis v. Ally Bank & Ally Fin., Inc., 2022 U.S. Dist. LEXIS 137337 (S.D.N.Y. Aug. 2, 2022), the …
2021 Year in Review: Financial Privacy Litigation and Developments Post-Ramirez
2021 has been a monumental year in many ways, and consumer financial privacy litigation and enforcement was no exception. In the executive branch, the Biden Administration focused on strengthening individual privacy protections and limiting the disclosure of sensitive data. Meanwhile, the Supreme Court’s decision in TransUnion LLC v. Ramirez continues to have a long-lasting impact…
Pleading a Data Incident Without More Is Not Sufficient to Survive a Motion to Dismiss
Earlier this week, in the context of a data incident involving a health care company, an Arizona federal court determined that plaintiffs had Article III standing but then went on to dismiss plaintiffs’ claims for failure to state a claim, although it granted plaintiffs leave to amend. Griffey v. Magellan Health, 20210 U.S. Dist. LEXIS…
Say It Isn’t So – Court Certifies Rule 23(b)(3) Damages Class in Data Breach Litigation
CPW has been covering data breach litigations for quite some time, including dismissal of defective data breach complaints and the ongoing federal circuit split regarding Article III standing. Yesterday, for the first time, a court certified a Rule 23(b)(3) class action of individual consumers complaining of a data breach involving payment cards. See In…
Supreme Court Finds Nominal Damages Are Sufficient to Satisfy Redressability Requirement of Standing – Over Solo Dissent from Chief Justice
There were a number of things that took me off guard with respect to the Supreme Court’s opinion yesterday in Uzuegunam v. Preczewski, Case No. 19-968. First, apparently for the first time in the 16 years he has been on the Court, the Chief Justice was the lone dissenter in a case. I was also…
BREAKING NEWS: President Biden Taps Lina Khan for Federal Trade Commission
CPW has previously reported on the anticipated impact of a Biden presidency on data privacy and data privacy litigation. In an update to that prior analysis, President Biden has reportedly selected Lina Khan, a prominent antitrust scholar and professor at Columbia Law School, for a vacancy at the Federal Trade Commission (“FTC”). Khan’s nomination…
Ninth Circuit Sides with CFPB in Ratification Fight
As 2020 drew to a close, the Ninth Circuit gave the CFPB a victory in Consumer Fin. Prot. Bureau v. Seila Law LLC, 2020 U.S. App. LEXIS 40572 (9th Cir. Dec. 29, 2020), upholding the CFPB’s civil investigative demand (CID) to Seila Law. The case was on remand from the United States Supreme Court, which…