In the Carlton Fields Jorden Burt 2014 Class Action Survey, general counsel and senior legal officers of 326 companies identified data privacy and security as the area of law most likely to give rise to the next wave of class action litigation. Recent developments suggest that they have cause for concern.
Historically, the requirement of standing under Article III of the United States Constitution has been a significant obstacle for putative data breach class actions. In 2012, the U.S. Supreme Court denied review to resolve a circuit split on whether a plaintiff in a putative data breach class action has standing where the plaintiff alleges that personal, nonpublic information (including date of birth, Social Security number, and bank account information) was compromised via a data breach, increasing the plaintiff’s risk of identity theft and causing the plaintiff to incur costs for credit monitoring. Reilly v. Ceridian Corp., 664 F.3d 38 (3rd Cir. 2011), cert. denied, 132 S. Ct. 2395 (2012); Petition for Certiorari, Reilly v. Ceridian Corp., No. 11-1128, 2012 WL 865211 (Mar. 12, 2012).