[BreachExchange] Structuring a Settlement After Asserting Class Members Did Not Suffer Any Concrete Injury

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 22 15:06:09 EDT 2016


http://www.lexology.com/library/detail.aspx?g=a8072d68-7c69-49f5-99ff-648aac9cb28f

Frequently, a class action complaint will set forth an elaborate theory of
why the defendant’s actions were negligent or wrongful, but fall short when
trying to identify how that conduct has harmed the class members.  This
kind of complaint invites a motion to dismiss on the grounds that the
plaintiff has failed to demonstrate constitutional standing by identifying
a “concrete, particularized, and actual or imminent” injury traceable to
the defendant’s actions.

When these motions are successful, it’s a great day for the defense, but
court dockets are littered with denied (or simply undecided) Rule 12(b)(6)
motions challenging a plaintiff’s constitutional standing.  In those cases,
negotiating a settlement may become the most prudent course of action.  And
at that point, that motion to dismiss brief that you stayed up late
drafting last spring can become an obstacle to structuring a lasting
settlement in autumn—particularly when there’s a shortage of claimants who
can sufficiently document damages to obtain relief from a compensatory
settlement fund.

So how do parties structure a settlement that will avoid the objectors’
wrath after the defendant is already on record arguing that the class
members haven’t suffered any real injury?  The traditional method has been
to establish a cy pres award that will distribute residual funds to a
charity related to the subject matter of the action or a legal services
organization. Of course, these awards have met their share of criticism in
recent years.

Notably, another tool settling parties have embraced is structuring
settlements in a manner that provides alternative benefits directly to
class members in addition to the traditional compensatory fund.

This has recently popped up in the data breach class action context, where
consumers allege their personal information was stolen after making a
credit card purchase from the defendant-retailer.  These claims frequently
prompt a “no concrete injury” argument, particularly when the putative
class representative’s financial institution has already reimbursed any
fraudulent charges made on the card.

Thus, when one of these cases settles, the parties may opt to establish
additional remedies for class members above and beyond the traditional fund
to reimburse any documented out-of-pocket losses.  This was the case in
both In re: The Home Depot, Inc., Customer Data Security Breach Litigation,
No. 1:14-md-02583-TWT (N.D. Ga.) and In re: Target Corporation Customer
Data Security Breach Litigation, No. 1:14-md-2522-PAM (D. Minn).

By way of example, the settlement in the Home Depot class action
established a fund dedicated to providing several months of identity
protection services to anyone whose data was compromised by the security
breach.  Accordingly, any class member who did not suffer out-of-pocket
losses, or could not sufficiently document them, was still eligible to
receive a tangible benefit.

These types of settlements may also include other forward-looking
commitments by the defendant such as establishing information security
officers at the executive level, maintaining a written information security
program, performing routine data risk assessments, providing security
training to employees, and upgrading card-payment technology.

The upshot of these multi-faceted settlements is that even if class members
have difficulty demonstrating out-of-pocket losses to make a claim on the
fund, they still receive benefits in the form of identity protection and
credit monitoring services, which may serve to head off potential
objectors.  While objections to the measures of relief afforded by
settlements will undoubtedly continue to surface, parties have emphasized
these extra benefits when responding to objectors in successful motions for
final approval of settlement.

This settlement tool, increasingly common in data breach class actions,
merits consideration in settling other types of class actions in which the
defendant has previously argued that the plaintiffs have failed to show a
concrete, particularized, and actual or imminent injury.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160422/5b595a4b/attachment.html>


More information about the BreachExchange mailing list