Litigation: Data breach class actions stymied by recent Supreme Court decisions

Actions based on speculative injury and individualized damages will be examined in future class action rulings

Data breaches typically involve lots of people, making them prime targets for class actions. Most cases have not gotten to the class certification stage because they have been dismissed on standing grounds, and when they have reached the class phase, certification has been denied because of the predominance of individualized issues. Two recent Supreme Court decisions, Clapper v. Amnesty International USA, in which the court held that actions based on speculative injury cannot proceed due to lack of standing, and Comcast Corp. v. Behrend, an antitrust case in which the court held that when damages are individualized, a class cannot be certified, reinforce these trends. While neither case involves a data breach, both have significant ramifications in the data breach context.

Many cases have been dismissed on standing grounds, such as Hammond v. The Bank of New York Mellon and Randolph v. ING Life Insurance and Annuity Company. A number of circuit courts have recognized standing, but nevertheless have dismissed the action for lack of a compensable injury. For example, see Pisciotta v. Old National Bancorp from the 7th Circuit in 2007 and Ruiz v. GAP, Inc. from the 9th Circuit in 2010. 

Contributing Author

author image

Judy Selby

Judy Selby has more than 20 years of experience in large scale first- and third-party complex insurance coverage matters, providing a full range of services...

Bio and more articles

Contributing Author

author image

Deborah Renner

Deborah Renner is a litigation partner at BakerHostetler.  She focuses her practice on complex commercial litigation, including the defense of consumer fraud, data breach and...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.