DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

RESOURCE: Bryan Cave 2016 Data Breach Litigation Report

Posted on April 7, 2016 by Dissent

The law firm of Bryan Cave has issued its 2016 Data Breach Litigation Report. From their Executive Summary, some of their key findings:

  • 83 cases were filed during the Period. This represents a nearly 25% decline in the quantity of cases filed as compared to the 2015 Data Breach Litigation Report (the “2015 Report”).
  • When multiple filings against single defendants are removed, there were only 21 unique defendants during the Period. This indicates a continuation of the “lightning rod” effect noted in the 2015 Report, wherein plaintiffs’ attorneys are filing multiple cases against companies connected to the largest and most publicized breaches, and are not filing cases against the vast majority of other companies that experience data breaches. As with the overall quantity of cases filed, the quantity of unique defendants also declined as compared to the 2015 Report; approximately 16% fewer unique defendants were named in litigation.
  • Approximately 5% of publicly reported data breaches led to class action litigation. The conversion rate has remained relatively consistent as compared to prior years. The stability in the conversion rate is explained by a decrease in the number of publicly reported data breaches. While further research would be needed to separate correlation from causation, it appears that the decline in the absolute quantity of data breach class action litigation, and the absolute quantity of data breach class action litigation defendants, may be primarily due to a decline in the overall quantity of reported breaches. At this point there is no evidence to suggest that the decline in litigation is attributable to other causes (e.g., disinterest by the plaintiff’s bar, lack of success of previous litigation, etc.).
  • The Northern District of Georgia, the Central District of California, the Northern District of California, and the Northern District of Illinois are the most popular jurisdictions in which to bring suit. Choice of forum, however, continues to be primarily motivated by the states in which the company-victims of data breaches are based.
  • Unlike in previous years, the medical industry was disproportionately targeted by the plaintiffs’ bar. While only 24% of publicly reported breaches related to the medical industry, nearly 33% of data breach class actions targeted medical or insurance providers.4 The overweighting of the medical industry was due, however, to multiple lawsuits filed in connection with two large scale breaches. As a result, we do not expect the overweighting of the medical professions for breach litigation to necessarily continue into the coming year.
  • There was a 76% decline in the percentage of class actions involving the breach of credit cardsas compared to the 2015 Report. The decline most likely reflects a reduction in the quantity of high profile credit card breaches, difficulties by plaintiffs’ attorneys to prove economic harm following such breaches, and relatively small awards and settlements in previous credit card related breach litigation.
  • While plaintiffs’ attorneys continue to allege multiple legal theories, there appears to be some movement toward consolidation. For example, although plaintiffs alleged 20 legal theories, that represents a 16% decline from the 2015 Report, which identified 24 legal theories.
  • Favored legal theories continue to emerge. Specifically, while negligence was the most popular legal theory in the 2015 Report, with 67% of cases including a count of negligence, nearly 75% of cases now include a count of negligence.
  • Unlike in previous years in which plaintiffs’ attorneys focused on breaches of information that was arguably of a less sensitive variety (e.g., credit card numbers), plaintiffs’ attorneys overwhelmingly focused on breaches in this Period that involved information that is traditionally considered “sensitive” such as Social Security Numbers.

Click here to read the full report.

Related posts:

  • Bryan Cave LLP Releases Its 2017 Data Breach Litigation Report
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • IRS’s Top 10 Identity Theft Prosecutions
Category: Commentaries and AnalysesOf Note

Post navigation

← Einstein Health Network notifies 3,000 patients after web exposure of information
RESOURCE: State Security Breach Notification Laws →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.