4 lessons from dismissal in Michaels and SuperValu cases

Data Breach

When most people think of data breach lawsuits, they think of large class action cases and settlements like Remijas v. Neiman Marcus and Target.

But the vast majority of courts are denying class certification in cyber security cases.

Within nearly a week of each other, two federal courts in New York and Minnesota have dismissed potentially significant class action data breach cases in December 2015 and January 2016. Given the similar reasoning, the two cases provide legal guidance on how to dismantle data breach claims at the motion-to-dismiss stage.

My full article “4 Lessons from Dismissal in Michaels and SuperVALU Cases” is at McDonald Hopkins’ Business Advocate, here.

As a supplement to that article:

The December 28, 2015 Memorandum and Order in Whalen v. Michael Store, Inc. is here.

In the somewhat related case of Moyer v. Michaels Store, Inc., there is this October 14, 2014 Memorandum Order and Opinion (here) which denied Whalen’s attempt, as a putative class member, to re-open that dismissed case.

The January 7, 2016 Memorandum and Order in In Re SuperVALU, Inc. Customer Data Security Breach case is here.

In pulling up links for this post, I came across a post covering these two cases on Professor Eric Goldman’s Technology & Law Marketing Blog (“TLMB”).  That author, Venkat Balasubramani, comes up with some different conclusions and gives some nice citations/comparisons.

Other cases worth considering (be wary of relying on pre-Clapper opinions):

Cahen v. Toyota Motor Corp. et al., (ND-CA Nov. 25, 2015).  TLMB commentary.

In Re Zappos.com, Inc. Customer Data Security Breach Litigation (D-NV June 1, 2015).  Bloomberg commentary.

U.S. Hotel and Resort Management, Inc. v. Onity, Inc. (D. Minn, July 30, 2014).  TLMB commentary.

Clapper v. Amnesty International USA et al. (SCOTUS, Feb. 23, 2013).

Reilly v. Ceridian Corp. (Third Circuit, Dec. 12, 2011).  TLMB commentary.

Anderson v. Hannaford Bros. (First Circuit, Oct. 20, 2011).  TLMB commentary.

Krottner / Lalli v. Starbucks Corp., here and here (Ninth Circuit, Dec. 14, 2010).  TLMB commentary.

 

 

 

 

 

Data Breach
Florida Court Finds Data Breach Not Covered by Travelers / St. Paul CGL Insurance Policy

A federal court in Florida has ruled that the “personal injury” provisions of a Travelers / St. Paul commercial general liability (CGL) policy does not cover a data breach caused by third party hackers.  The court left unresolved the question whether the “property damage” or the costs of compliance with …

Data Breach
Christopher Hopkins Speaks to ASIS International (Broward / Fort Lauderdale) Regarding Anatomy of a Data Breach Lawsuit

Special thanks to ASIS International (Broward County, Florida chapter) for inviting me to speak to them about data breach and cyber security litigation. You can review my powerpoint, here, which explains data breaches in general and then discusses how claims / litigation arises.  Most importantly, we discussed how companies can …

Data Breach
Want to Try Anonymity on the Internet or the Dark Web? New Tor Browser 8 is here… and free

The Tor browser, which helps anonymize your internetting, has been updated to version 8.  It’s free and worth having on your desktop. First, these steps simple install a secondary browser on your computer.  No spyware.  It’s not illegal.  It’s just a simple browser. Download it here.  It will ask you …