1. Insights /

RetailLawBCLP

Data Breach Litigation Report: An Analysis of Federal Class Action Lawsuits Involving Data Security Breaches

Data Breach Litigation Report: An Analysis of Federal Class Action Lawsuits Involving Data Security Breaches

May 16, 2016
Download PDFDownload PDF
Print
Share

Data security breaches – and data security breach litigation – dominated the headlines in 2015 and continue to do so in 2016.  While data breach litigation is an important topic for the general public, and remains one of the top concerns of general counsel, CEOs, and boards alike, there remains a great deal of misinformation reported by the media, the legal press, and law firms. At best this is due to a lack of knowledge and understanding concerning data breach litigation; at worst some reports border on sensationalism or fearmongering.

Bryan Cave LLP began its survey of data breach class action litigation four years ago to rectify the information gap and to provide clients, as well as the broader legal, forensic, insurance, and security communities, with reliable and accurate information concerning data breach litigation risk.  The 2016 report covers litigation initiated over a 15 month period from the fourth quarter of 2014 through the fourth quarter of 2015.  Key findings include:

  • There was a nearly 25% decline in the quantity of cases filed as compared to the 2015 Data Breach Litigation Report .
  • When multiple filings against single defendants are removed, there were only 21 unique defendants during the relevant period, indicating that plaintiffs’ attorneys are filing multiple cases against companies connected to the largest and most publicized breaches, and are not filing cases against the vast majority of other companies that experience data breaches.
  • Approximately 5% of publicly reported data breaches led to class action litigation.
  • The Northern District of Georgia, the Central District of California, the Northern District of California, and the Northern District of Illinois are the most popular jurisdictions in which to bring suit. Choice of forum, however, continues to be primarily motivated by the states in which the company-victims of data breaches are based.
  • Favored legal theories by plaintiffs continue to emerge, with nearly 75% of cases now including a count of negligence.

Click here to read the full report.

Meet The Team

Merrit M. Jones

San Francisco

+1 415 675 3435

View Profile 

Meet The Team

Meet The Team

Merrit M. Jones

San Francisco

+1 415 675 3435

View Profile 

This material is not comprehensive, is for informational purposes only, and is not legal advice. Your use or receipt of this material does not create an attorney-client relationship between us. If you require legal advice, you should consult an attorney regarding your particular circumstances. The choice of a lawyer is an important decision and should not be based solely upon advertisements. This material may be “Attorney Advertising” under the ethics and professional rules of certain jurisdictions. For advertising purposes, St. Louis, Missouri, is designated BCLP’s principal office and Kathrine Dixon (kathrine.dixon@bclplaw.com) as the responsible attorney.