Plaintiffs seeking to pursue negligence claims for the disclosure of their personal information in a data breach often face hurdles in pleading a sufficient injury. The claimants’ failure to plead a sufficient injury frequently is the basis for dismissal. However, in a very interesting recent decision, the Georgia Supreme Court reversed the intermediate appellate court’s affirmance of the dismissal of the plaintiffs’ data breach claims, finding that the claimants had sufficient standing to assert their claims where they alleged that the disclosure of their personal information left them at an “imminent and substantial risk of identity theft.” As discussed below, the Court’s holding arguably makes data breach claims under Georgia law less susceptible to dismissal. However, as also discussed below, there are important limitations to the Court’s holding.
Continue Reading Georgia Supreme Court: Risk of Future Identity Theft Sufficient to Support Data Breach Negligence Claim

The highest-profile attempt to utilize the new U.K. regime for consumer class actions has come to a grinding halt. The case involved a claim alleging that MasterCard’s fee structure had resulted in overcharges to tens of millions of U.K. consumers. On July 21, 2017, the Competition Appeal Tribunal, newly re-organized to oversee the consumer class action regime, declined to grant the necessary collective proceedings order that would have allowed the action to go forward. The tribunal’s ruling is highly fact-specific and its decision to decline the collective proceedings order very much reflects the specific features of the claims against MasterCard, but the ruling nevertheless does raise concerns about the viability of the class action regime and its attractiveness to prospective claimants in other cases. A copy of the Tribunal’s July 21, 2017 order can be found here.
Continue Reading U.K. Court Halts Effort to Use New Opt-Out Class Action Procedures