Data security breaches – and data security breach litigation – dominated the headlines in 2015 and continue to do so in 2016.  While data breach litigation is an important topic for the general public, and remains one of the top concerns of general counsel, CEOs, and boards alike, there remains a great deal of misinformation reported by the media, the legal press, and law firms. At best this is due to a lack of knowledge and understanding concerning data breach litigation; at worst some reports border on sensationalism or fearmongering.

Bryan Cave LLP began its survey of data breach class action litigation four years ago to rectify the information gap and to provide clients, as well as the broader legal, forensic, insurance, and security communities, with reliable and accurate information concerning data breach litigation risk.  The 2016 report covers litigation initiated over a 15 month period from the fourth quarter of 2014 through the fourth quarter of 2015.  Key findings include:

  • There was a nearly 25% decline in the quantity of cases filed as compared to the 2015 Data Breach Litigation Report .
  • When multiple filings against single defendants are removed, there were only 21 unique defendants during the relevant period, indicating that plaintiffs’ attorneys are filing multiple cases against companies connected to the largest and most publicized breaches, and are not filing cases against the vast majority of other companies that experience data breaches.
  • Approximately 5% of publicly reported data breaches led to class action litigation.
  • The Northern District of Georgia, the Central District of California, the Northern District of California, and the Northern District of Illinois are the most popular jurisdictions in which to bring suit. Choice of forum, however, continues to be primarily motivated by the states in which the company-victims of data breaches are based.
  • Favored legal theories by plaintiffs continue to emerge, with nearly 75% of cases now including a count of negligence.

Click here to read the full report.