Plaintiffs in data breach lawsuits around the country have had a difficult time surviving motions to dismiss and for summary judgment.  A number of courts have rejected these lawsuits because they failed to allege or demonstrate cognizable injuries, standing, causation, and the requisite elements to withstand an economic loss rule defense.  It is dangerous, however, to paint an overly broad brush.  Two  federal class action data breach lawsuits have now resulted in proposed settlements.  Both of those lawsuits are pending in the Southern District of Florida, raising the question of whether the plaintiff’s bar will perceive the Southern District of Florida as a Plaintiff-friendly jurisdiction for data breach lawsuits, resulting in even more lawsuits being filed there.

In April 2013, the Southern District of Florida preliminarily approved a proposed settlement in Burrows v. Winn Dixie, No. 1:12-CV-22800-UU (S.D. Fla.), a case in which a third-party service provider’s employee allegedly misused his access to personal information of thousands of individuals.  The plaintiffs filed a class action lawsuit and survived a motion to dismiss that argued, among other things, that the plaintiffs lacked a cognizable injury.  I previously wrote about the Burrows litigation here, if you’d like to read more about the underlying arguments.  The settlement fund, attorney’s fees, costs, and an incentive award total approximately $430,000.  A fairness hearing is scheduled next month.

Last week, a joint notice of settlement was filed in a different class action data breach lawsuit that is also pending in the Southern District of Florida.  That case, Resnick/Curry v. AvMed, Inc, No. 1:10-cv-24513-JLK (S.D. Fla.), arose from the theft of two unencrypted laptops containing the personal information of as many as 1.2 individuals.  The District Court dismissed the lawsuit in July 2011, finding that the plaintiffs had failed to show any cognizable injury, but the 11th Circuit reversed the trial court’s decision.  The joint notice of settlement does not provide the terms of the settlement, though we can expect the court to hold a fairness hearing where the fairness of the terms of settlement will be considered and may become public.

As stated above, these settlements are significant because they are two of the only publicly known settlements in class action lawsuits arising from data breaches, and they both occurred in the same court – the Southern District of Florida.  Given the lack of the number of data breach lawsuits that have proceeded to a public settlement, it will be interesting to see whether more of these lawsuits will be filed in the Southern District of Florida as a result of these recent developments.


DISCLAIMER:  The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP or its clients.  Similarly, the opinions expressed by those providing comments are theirs alone, and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients.  All of the data and information provided on this site is for informational purposes only.  It is not legal advice nor should it be relied on as legal advice.