18th Annual Workplace Class Action Report - 2022 Edition

568 Annual Workplace Class Action Litigation Report: 2022 Edition evaluate the appropriate approach identified 12 organizations with specific projects that addressed one or more of the objectives of the TCPA and targeted the interests of Plaintiffs. The Court rule that a cy pres distribution to these organizations provided reasonable certainty that class members would benefit from their work, and the proposed projects from the organizations would serve the interests of the class and will strengthen the TCPA’s legal framework and safeguards. Id . at *11. The Court explained that escheat to the federal government, on the other hand, would not necessarily serve the interests of the class, nor would it necessarily strengthen the TCPA’s legal framework and safeguards. Id . Because there were excellent cy pres options that would benefit the interests of the class and support the statutory goals of the TCPA, and those goals would not be met as fully by escheat, the Court held that a cy pres distribution would be the most appropriate option for the unclaimed funds. Id . at *12. Accordingly, the Court approved the Special Master’s recommendation and granted approval of distribution of cy pres funds to the identified organizations. (xxxi) Data Breach Class Actions In Re Brinker Data Incident Litigation, 2021 U.S. Dist. LEXIS 71965 (M.D. Fla. April 14, 2021). Plaintiffs brought a putative class action after their payment card and personal information was stolen from Defendant’s restaurants by hackers. Plaintiffs sought compensation for the inability to use payment cards, lost time, and other out-of-pocket expenses associated with the data breach. Pursuant to Rule 23(b)(3), Plaintiffs moved for class certification, while Defendant moved to exclude the opinions and testimony of Plaintiffs damages’ expert. Plaintiffs sought to certify two Rule 23(b)(3) damages classes, including: (i) a nationwide class for the breach of implied contract and negligence claims, and (ii) a California statewide class for the California consumer protection claims. Alternatively, Plaintiffs sought to certify various Rule 23(c)(4) issues. As to Defendants’ motion to excluded the opinions of Plaintiffs’ expert, the Court concluded that at this point the expert’s testimony was offered only to show that a reliable damages calculation methodology existed, and not to calculate class members’ damages. Thus, at the class certification stage, the Court concluded that the expert’s methodology was sufficiently supported by reliable data. As to Plaintiffs’ motion for certification, the Court opined that Rule 23(a)’s numerosity requirement was met. Likewise, the Court found that commonality was established because Plaintiffs posed several questions that were common to the class and capable of class-wide resolution, including whether Defendant had a duty to protect customer data, whether Defendant knew or should have known its data systems were susceptible to hackers, and whether Defendant failed to implement adequate data security measures to protect customers’ data. In addition, because all of Plaintiffs’ injuries arose out of the same data breach and they all alleged the same claims, the Court ruled that typicality was also satisfied. Further, adequacy of representation was satisfied because there was no evidence of any conflicts and the named Plaintiffs had been actively involved in the litigation. Further, the Court found that class counsel was qualified to prosecute this case. As to Rule 23(b)(3)’s requirement of predominance, the Court found that choice-of-law was only an issue for the nationwide class because California law applied to the California statewide class. The Court pointed out that the application of different states’ laws often precluded a finding of predominance. For this reason, the Court certified a nationwide class, but only as to Plaintiffs’ negligence claim. Insofar as Plaintiffs wished to pursue a nationwide class claim based on their breach of implied contract theory, the Court reasoned that they must complete a trial plan detailing how the Court would manage a class action applying all 50 states’ laws to the breach of implied contract claim. At this stage, the Court concluded that causation and damages did not require significant individualized proof such that individual questions predominated over common ones. Finally, as to Rule 23(b)(3)’s superiority requirement, the Court considered four factors, including: (i) the class members’ interests in individually controlling the prosecution or defense of separate actions; (ii) the extent and nature of any litigation concerning the controversy already begun by or against class members; (iii) the desirability or undesirability of concentrating the litigation of the claims in the particular forum; and (iv) the likely difficulties in managing a class action. Considering each of these factors, the Court held that all factors weighed in favor of superiority being satisfied. For these reasons, the Court certified: (i) a nationwide class for the negligence claims only and deferred ruling on the implied contract claims, and (ii) a California statewide class for the consumer protection claims. In Re Rutter ’ s Data Security Breach Litigation, 2021 U.S. Dist. LEXIS 136220 (M.D. Penn. July 22, 2021). Plaintiffs filed a class action regarding a data breach in Defendant’s computer system. During the discovery period, Plaintiffs requested an order compelling the production of an investigative report created in response to the data breach by a third-party cybersecurity consultant, Kroll Cyber Security, LLC ("Kroll"), and any related