On The Second Day Of Privacy, Plaintiffs’ Counsel Gave To Me . . .

. . . still more privacy litigation. In 2015, we are likely to see further development of the law in data breach class actions, continuing growth in statutory privacy claims, and increased risk of privacy-related claims arising from burgeoning merger and acquisition activity.

For the Second Day of Privacy, we boldly go where no self-respecting trial lawyer ever wants to go - to the future. Litigators are renowned - if not reviled - for wielding 20-20 hindsight with the unerring precision of a Monday morning quarterback. But ask a litigator what might happen six months or a year from now, the reply will invariably be a rock solid, "It depends." We are comforted, however, by the wisdom of Oliver Wendell Holmes, Jr., who sagely observed that "[e]very year if not every day we have to wager our salvation upon some prophecy based upon imperfect knowledge." Abrams v. United States, 250 U.S. 616, 630 (1919) (Holmes, J., dissenting). No matter how uncertain events might be, some foresight can never go amiss in planning for the future, even in the realm of litigation. And we can predict with 100% certainty that there will be privacy litigation in 2015. Whether arising from data breaches, statutory violations, or breaches of representations and warranties in transactional documents, privacy-related claims are likely to be the source of a substantial amount of litigation in 2015.

Significant data breach litigation will continue into 2015

Notwithstanding our lawyerly disclaimers, sometimes predictions do come true. Last December, we forecast that " [h]ackers and plaintiffs' lawyers could combine to make 2014 the year when class actions concerning theft of sensitive information proliferate." When we wrote that passage the Target data breach had just recently become public, leading to dozens of class action lawsuits that are currently being litigated in federal court in Minnesota. As predicted, numerous additional data breach class actions were filed in 2014, including lawsuits against Maricopa County Community College District (April); the University of Pittsburgh Medical Center (April); the P.F. Chang restaurant chain (June); eBay (July); Community Health Systems, (August); grocery store chain Supervalu Inc. (August); Home Depot (September); and national sandwich chain Jimmy John's Gourmet Sandwiches (November). Still more data breach litigation may ensue before year's end. In October, Staples confirmed that it is investigating a potential theft of data involving payment cards used at its stores, while Sears Holdings disclosed that there had been a payment systems breach at its Kmart stores. And just last week, a data breach was reported at Sony Pictures. According to news reports in the Wall Street Journal (subscription required) and elsewhere, the Sony Pictures breach resulted in disclosure of personal information of up to 47,000 current and former Sony Pictures employees. As of this writing no class actions have yet been filed concerning the Staples, Kmart or Sony Pictures data breaches.

The continuing revelations of data thefts by hackers who have compromised corporate computer systems make it unlikely that data breach litigation activity will slacken in 2015. Absent a wholesale revamp of payment card technology in the United States, retailers here will continue to offer a tempting target to hackers who, as...