Shifting attack vectors, scanning for vulnerabilities and leveraging zero day exploits – these terms describe the plaintiffs’ class action bar just as easily as they do hackers. This quarter’s analysis of the types of complaints filed by the Plaintiffs’ bar, and the ways in which those complaints have been structured, shows an increase in class action filing and an ongoing evolution by the plaintiffs’ bar to identify the “right” strategy for obtaining damages or leveraging settlement value. The following are key findings concerning filings over this period (2014-Q1):
A total of 178 data-related class action complaints were filed.
Despite overwhelming media attention on payment card related data security breaches, the majority of complaints (77%) involve data privacy (i.e., collection, use, and sharing) as opposed to data security (i.e., safeguarding, and breach) (23%). As a result, while data security litigation is on the rise when compared to the previous quarter it remains a minority of the overall litigation.
Complaints against Target accounted for more than 50% of all data security-related flings.
Telemarketing remained the most common primary legal theory alleged (64%).1
The United States District Court for the Central District of California (25%) replaced the Northern District of Illinois (15%) as the most popular federal forum for filing.
In terms of industry sectors, retail (21%), debt collection (16%), and marketing (7%) received the largest number of complaints.
96% of complaints filed in federal courts in the first quarter alleged putative national classes.
Consumers’ mobile phone numbers were the leading type of data at issue (44%), followed by credit and debit card information (18%) and fax numbers (17%).
Over 100 plaintiffs’ firms were involved in data-related litigation. The vast majority of firms filed less than four complaints.
1 For an in-depth discussion of class action litigation Bryan Cave publishes a separate quarterly whitepaper on trends in telemarketing class action complaints. Please contact the authors for the most recent version of that whitepaper.
Page 3 of 8
Part 1: Primary Legal Theories
The majority of complaints (77%) focused on data privacy related issues – such as the propriety of a
company’s collection, intentional sharing, or use of information. Data security – the protection of
information from unintentional access or acquisition – was the primary focus in 23% of complaints.
The largest category of complaints continue to relate to alleged telemarketing violations under the
Telephone Consumer Protection Act (“TCPA”) (64%). The next largest categories involved the
Fair Credit Reporting Act (“FCRA”) (10%), and negligence (5%).
Page 4 of 8
Part 2: Volume of Litigation
A total of 178 complaints were filed during the period. There were more privacy complaints filed in
each month of the quarter, and there were a larger number of security-related complaints filed in
January compared to the rest of the quarter. The following chart shows the quantity of litigation in
Part 3: Favored Courts2
The largest number of complaints filed this quarter were filed in the Central District of California
(25%) and the Northern District of Illinois (15% of complaints). The following chart shows the
courts in which complaints were filed.
2 This report does not include complaints filed in state courts. For more information, please see the Methodology
Page 5 of 8
Part 4: Litigation By Industry
Almost every industry has been targeted by class action plaintiffs, although the number of class
action complaints against retail (21%), and debt collectors (16%) outpaced the filings in other
industry segments. There was a significant reduction in claims against health-related companies as
compared to the previous quarter (previously 18% now 6%) The following chart provides a
breakdown of complaints by the defendant’s industry.
Part 5: Scope of Alleged Class (National v. State)
As indicated in the following chart, a large majority of complaints (96%) alleged a putative class that
is national in scope (even if it also alleged one or more single-state subclasses).
Page 6 of 8
Part 6: Variety of Legal Theories Alleged
As indicated in the chart below, complaints filed during the period alleged 24 different legal theories. The percentages collectively exceed 100% as many complaints include more than one legal theory.
Although more legal theories overall were alleged than in the previous period, this was due primarily to plaintiffs’ attorneys expanding the number of counts within each complaint, not shifting to entirely new legal strategies. As a result, the percentage of complaints alleging traditional legal theories (e.g., telemarketing) remained the same or expanded.
Part 7: Data Fields At Issue
Complaints filed during the period involved approximately 11 different types of data. The most common fields at issue were consumer mobile phone numbers (45%), credit and debit card information (33%), and fax numbers (31%). The following chart provides a breakdown of the complaints by the primary data field at issue.
Page 7 of 8
Part 8: Plaintiffs’ Firms
Over 100 plaintiffs’ firms were involved in filing the class action complaints during the period; like
previous quarters, most firms filed less than four complaints.
Part 9: Methodology
Complaints included within the data analyzed in this report were identified within the Westlaw
Pleadings and Dockets library as containing the phrase “class action,” derivations of the phrases
“personal information” or “personal data,” and either the term “breach,” “privacy,” or “security.”
Searches were also run to identify any class action complaints filed during the period that specifically
referenced the Telephone Consumer Protection Act (“TCPA”), the Children’s Online Privacy
Protection Act (“COPPA”), the Controlling the Assault of Non-Solicited Pornography and
Marketing Act (“CAN-SPAM”), the Health Insurance Portability and Accountability Act
(“HIPPA”), the Video Privacy Protection Act (“VPPA”), the Fair Credit Reporting Act (“FCRA”),
the Electronic Communications Privacy Act (“ECPA”), and point-of-sale (“POS”) statutes,
including the Song Beverly Credit Card Act. These cases were then reviewed for relevance and
complaints alleging suit against government entities were excluded. This report covers those
complaints filed in the first quarter of 2014.
Although Bryan Cave’s previous whitepapers included analysis of complaints filed in both federal
and state courts, the availability of state complaint filings varies greatly by state. As a result, state
complaints have been excluded so as not to inadvertently over-represent or under-represent the
quantity of filings in any state. Complaints which are removed from state court to federal court
were included within the analysis. While this report does include relative comparisons between
quarters, those comparisons may be subject to selection biases depending upon the reliability of the
databases used to identify complaints.
Page 8 of 8
ABOUT THE AUTHORS
Shahin Rothermel is a member of the firm’s
antitrust, competition, and consumer protection
group and routinely assists clients with data security
and data privacy issues.
Bryan Cave LLP
David Zetoony is the leader of the firm’s
consumer protection group. David’s practice
focuses on advertising, data privacy, and data
Bryan Cave LLP
Bryan Cave LLP
Bryan Cave is a leading international law firm with offices in 24 cities and 12 countries. The firm
routinely defends clients in private litigation and regulatory enforcement actions, and provides advice and
counseling concerning legal compliance.
In addition to providing analysis based upon years of experience, Bryan Cave analyzes data in order to
identify legal trends and leading indicators of legal risk.