When at first you don’t succeed, seek post-verdict decertification: Lessons learned from Mazzei v. The Money Store

What do you do when a court certifies a class over your objection and denies your motion for directed verdict on the critical class certification issue at trial, and a jury awards $32 million ($54 million if you count pre-judgment interest) on an individual claim worth $133.80? This was the situation the defendants faced in Mazzei v. The Money Store. What happened defied all odds. Read more >> 

Banking Industry, Mortgage Lending Industry, Pre-Certification Motions, U.S. Supreme Court

New life for the death knell? SCOTUS accepts Microsoft Corp. v. Baker

On January 15, 2016, the U.S. Supreme Court granted certiorari to review the decision of the Ninth Circuit in Baker v. Microsoft Corporation. The question presented is: “Whether a federal court of appeals has jurisdiction under both Article III and 28 U.S.C. § 1291 to review an order denying class certification after the named plaintiffs voluntarily dismiss their claims with prejudice.” Read more >>

Class Definitions, Federal Class Action Law, U.S. Supreme Court

No good deed goes unpunished: Did P.F. Chang’s prompt notice of data breach create standing to sue?

On April 14, the court released its opinion in Lewert v. P.F. Chang’s China Bistro, Inc., holding that class plaintiffs may satisfy Article III standing by alleging both an increased risk of fraudulent charges and identity theft, as well as costs incurred in mitigating a future risk of harm. Although this is the second time the Seventh Circuit has addressed standing in this context, the case expands the court’s already generous standard. It also illustrates the difficult choices faced by companies whose systems are hacked. Read more >>

Class Definitions, Data Privacy and Cyber Security, U.S. Supreme Court

Sixth Circuit clarifies CAFA removal rules in favor of defendants

On April 7, the United States Court of Appeals for the Sixth Circuit issued a decision clarifying the rules governing the timing of removal of cases to federal court under the Class Action Fairness Act (CAFA). In Graiser v. Visionworks of America, Inc., the plaintiff sued Visionworks in Ohio state court and sought to represent a consumer class, alleging that Visionworks’ “Buy One, Get One Free” promotional advertisement was misleading and in violation of Ohio’s Consumer Sales Practices Act.

Visionworks removed the case to the United States District Court for the Northern District of Ohio pursuant to CAFA, after applying the plaintiff’s “proposed damage formula” to Visionworks’ own sales data for the relevant time period, concluding that the matter in controversy exceeded $5 million. The district court remanded the case back to state court after the plaintiff argued that Visionworks was tardy in removing the case for two reasons: (1) the amended complaint had been removable (but was not timely removed by Visionworks) on diversity jurisdiction grounds, thereby precluding subsequent CAFA removal; and (2) Visionworks was in possession of its own sales data and could have ascertained CAFA removability months earlier in any event.

The appeals court rejected both bases for the remand and reversed the district court’s decision. First, the Sixth Circuit held that:

[I]n CAFA cases, the thirty-day clocks of § 1446(b) begin to run only when the defendant receives a document from the plaintiff from which the defendant can unambiguously ascertain CAFA jurisdiction. Under this bright-line rule, a defendant is not required to search its own business records or "perform an independent investigation into a plaintiff's indeterminate allegations to determine removability.

Second, the Sixth Circuit held that:

[O]nce a defendant ascertains that a case is removable under CAFA, a defendant may remove the case — within the time constraints of § 1446(b)(1) and (b)(3) discussed above — even if the case was originally removable under a different theory of federal  jurisdiction.

The holdings, on all respects favorable to class action defendants, are consistent with the decisions of other United States Courts of Appeals that have addressed the questions presented to the Sixth Circuit in the Graiser case.

Class Action Fairness Act, Federal Class Action Law, Sixth Circuit Class Action Law

Sovereign immunity in the age of continuous cyber warfare

Major cyber-attacks on a U.S. corporation or government agency are becoming more and more common. The July 9, 2015, news of 21.5 million Social Security numbers stolen from the Office of Personnel Management (OPM) is the latest example — but surely will not be the last. Although each breach spawns new litigation, this latest example is a little different.

Unlike the recent attacks on corporations like Sony Pictures and Anthem, OPM has an additional and powerful defense: sovereign immunity. Two recent class action suits filed by labor unions against OPM will put the sovereign immunity defense to the test.

For more, click here.

Data Privacy and Cyber Security

Third Circuit "clarifies" ascertainability: Is the circuit split?

The Third Circuit has published extensively in recent years on the issue of ascertainability. The court teaches that ascertainability is an implied prerequisite for class certification under Rule 23, and should be separately considered by the trial court. The gist of the doctrine is that a class must be defined by reference to objective criteria, and there must be a reliable and administratively feasible mechanism for determining who falls within that definition.

On April 16, 2015, the Third Circuit issued its fifth ruling in three years on this subject: Byrd v. Aaron’s, Inc., No. 14-3050, 2015 U.S. App. LEXIS 6190 (3d Cir. April 16, 2015). Why? It said that it was “necessary to address the scope and source of the ascertainability requirement” because of “apparent confusion in the invocation and application” of the doctrine in the Third Circuit. Id. at *9.

The Byrd court reversed certification of a class of consumers who had leased or purchased laptop computers that contained unauthorized spyware. The decision tracks and clarifies much of the case law established by the Third Circuit’s prior decisions, with two important exceptions.

First, although the court acknowledged that there would be ambiguity in determining exactly who was—or wasn’t—a “household member” of a purchaser or lessee, it said that the inquiry would “not require a ‘mini-trial,’ nor does it amount to ‘individualized fact-finding’” because “anyone charged with administering the fund resulting from a successful class action [will] ensure that person is actually among the 895 customers identified by the Byrds.” Id. at *34–35.

In other words, the term “household members” was ascertainable not because it is administratively feasible for the trial court to figure it out at the class certification stage, but because a claims administrator could sort it out after class certification and judgment on the merits.

As an implied prerequisite to Rule 23 certification, however, the ascertainability analysis has to be performed before certification, not after. And it needs to be performed by the court, not the claims administrator. That’s because the court needs to be able to ascertain class membership to ensure that class members receive notice before trial to so that they can either opt out or be bound by the judgment. Any rule that permits notice after trial re-introduces the now-discredited practice of one-way intervention, which Rule 23 was amended to preclude.

Second, in Carrera v. Bayer Corp., 727 F.3d 300, 307 (3d Cir. 2013), the court previously held that a truly “manageable process [is one] that does not require much, if any individualized factual inquiry.” Although most courts say that “mini-trials” and individualized determinations cut against ascertainability, few have quantified just how much individualized evidence will render a class un-ascertainable. In the Third Circuit, the answer was clear: “Not much, if any.”

But the Byrd court apparently took a very different view. It said:

Carrera does not suggest that no level of inquiry as to the identity of class members can ever be undertaken. If that were the case, no Rule 23(b)(3) class could ever be undertaken. We are not alone in concluding that “the size of a potential class and the need to review individual files to identify its members are not reasons to deny class certification.” See Young v. Nationwide Mut. Ins. Co., 693 F.3d 532, 539–40 (6th Cir. 2012).

Byrd, 2015 U.S. App. LEXIS at *35 (emphasis in original).

True, Carrera didn’t say that “no” inquiry can ever be undertaken. But the Young case approved the review of hundreds of thousands of individual local government premium tax assignments as administratively feasible. Invoking Young stands in sharp contrast to the “not-much-if-any” standard approved in Carrera. Whether the reference to Young was inadvertent, or whether the Byrd panel really meant to depart from the “not-much-if-any” standard set by Carrera, remains to be seen. It will be interesting to see how the courts within the Third Circuit sort out this apparent contradiction.

For a more comprehensive analysis of Byrd, click here.

Class Definitions

U.S. Supreme Court to decide whether “no-injury” classes have Article III standing

On April 27, 2015, the U.S. Supreme Court accepted jurisdiction over Spokeo, Inc. v. Robins, 742 F.3d 409 (9th Cir. 2014), to answer this question: May Congress confer Article III standing upon a plaintiff who suffers no concrete harm and who could, therefore, not otherwise invoke the jurisdiction of a federal court by authorizing a private right of action based on a bare violation of a federal statute?

Court watchers will recall that two years ago, SCOTUS accepted jurisdiction over the same issue in another case from the Ninth Circuit, First American Corp v. Edwards, 132 S. Ct. 2536 (2012). There, the Court was to determine whether a class action could be maintained for an alleged violation of the Real Estate Settlement Procedures Act (RESPA), despite the fact that none of the class members had suffered any actual injury. The case was of enormous consequence since Congress has passed dozens of statutes that grant private rights of action for their mere violation, whether or not there has been an actual harm of any sort.

But the Edwards case was dismissed before decision, and it left many wondering why. The dismissal also left unanswered whether “no-injury” classes can be maintained consistent with Article III.

Spokeo raises the same issues. The plaintiff brought suit against the people-search website for an alleged violation of the Fair Credit Reporting Act (FCRA). The plaintiff, who was unemployed, claimed that erroneous information posted by Spokeo hurt his employment opportunities. He sued for economic loss and emotional distress. The district court found the plaintiff’s injury to be speculative and dismissed his claims. But the Ninth Circuit reversed, despite Spokeo’s argument that the plaintiff lacked standing since he suffered no specific, concrete injury.

Spokeo, like Edwards, is of enormous practical importance far beyond the world of websites. From banks to credit collection companies to telecom providers, Congress has used the concept of statutory standing — and punitive fines — to empower class action lawyers to bring claims worth billions of dollars against companies on behalf of clients who suffered literally no injury at all.

Yet “[f]rom Article III’s limitation of the judicial power to resolving ‘Cases’ and ‘Controversies,’ and the separation-of-powers principles underlying that limitation,” the Supreme Court has deduced a set of requirements that together make up the irreducible constitutional minimum of standing.” Lexmark Int’l, Inc. v. Static Control Components, Inc., 134 S. Ct. 1377, 1386 (2014) (quoting Lujan v. Defenders of Wildlife, 504 U.S. 555, 560 (1992)). “Concrete injury, whether actual or threatened, is that indispensable element of a dispute which serves in part to cast it in a form traditionally capable of judicial resolution.” Schlesinger v. Reservists Comm. to Stop the War, 418 U.S. 208, 220-21 (1974).

Can Congress create standing for the mere violation of a statute without any corresponding harm, consistent with the requirement of constitutional standing contained in Article III? Will the Congressional enforcement power be curtailed? Or will the Court rule that a technical violation of a statute is concrete enough to meet the test for standing under Article III?

We will be watching.

Standing, U.S. Supreme Court

Is a national data breach law in the works?

A recent New York Times piece, titled “House Passes Cybersecurity Bill After Companies Fall Victim to Data Breaches,” confirms that federal lawmakers are, slowly but surely, taking data breach and cybersecurity issues more and more seriously each day. The article begins like this:

Responding to a series of computer security breaches in government and the private sector, the House passed an expansive measure Wednesday that would push companies to share access to their computer networks and records with federal investigators.

The bill, which came after years of false starts and bitter disappointment for the Obama administration, is similar to a measure approved by the Senate Intelligence Committee and headed for that chamber’s floor this spring. The House measure, already largely embraced by the White House, passed, 307 to 116.

As for the details of the bill, the article includes the following information:

The House bill would provide legal liability protections for companies that share cyberthreat information with each other or with the government. But negotiators also added what they see as critical privacy protections.

If a company shares information with the government, it would receive liability protection only if its data undergoes two rounds of washing out personal information — once by the company before it gives the data to the government and another round by the government agency that receives the data, which many experts believe is critical in getting companies to comply.

If this bill becomes law (and to do so, it has a long way to go), it will be interesting to watch how it interacts with, or perhaps preempts, the current legal patchwork of data and cybersecurity law, which we’ve previously discussed. Also, if the new law confers a private right of action, it could be a vehicle for more class litigation.

Data Privacy and Cyber Security, Legislation Affecting Class Litigation

Mobile payment apps and data privacy litigation

Google was recently unsuccessful in getting a federal court to dismiss a lawsuit that accused the tech giant of violating the privacy of Google Wallet users. The lawsuit alleges that Google impermissibly shared users’ “personal information with outside app developers,” Reuters reports. Google Wallet stores users’ credit and debit card information so that users can simply tap their phone at checkout on a special terminal, creating ease of payment.

The lawsuit, pending in California, alleges that Google breached users’ contracts, violated the Stored Communications Act and violated California consumer protection law. The plaintiff is seeking to certify a class, with $1,000 in damages per violation and punitive damages, among other remedies.

Issues of data privacy pervade commerce. Companies that obtain or store consumer data should take care when using technology in their business transactions. For more on this case, click here.

Data Privacy and Cyber Security, Other Jurisdictions

Data breach roundup

Despite the passing months since Home Depot and Target became victims of data breach crime, these and other retail giants continue to experience the aftermath of cyberhacking. Likewise, as victims big and small consistently make similar headlines, governing bodies are trying to keep up with regulations and oversight of this evolving problem. Some of the latest data breach news is highlighted below, including a few updates on topics from past posts.

Data Privacy and Cyber Security