18th Annual Workplace Class Action Report - 2022 Edition

Annual Workplace Class Action Litigation Report: 2022 Edition 569 communications between Kroll and Defendant. Defendant argued that the material was protected from discovery by both the work product doctrine and the attorney-client privilege. The Court granted Plaintiffs’ motion. Following its knowledge that suspicious activity occurred on its servers, Defendant hired outside legal counsel, Baker Hostetler, to advise it on legal implications. The next day, Baker Hostetler hired Kroll to analyze the situation. Defendant and Baker Hostetler understood Kroll’s work to be privileged. Kroll’s investigation took approximately two months and concluded with Kroll providing Defendant with a written report of its findings at the end of the investigation. Id . at *3. Plaintiffs sought production of the written report and related communications. The Court noted that in order to be protected from discovery under the work-product doctrine, the report and communications must be created in anticipation of litigation. The Court opined that it was clear that the primary motivating purpose behind the Kroll report was not to prepare for the prospect of litigation, as the purpose of the investigation was to determine whether data was compromised, and the scope of such compromise if it occurred. Id . at *6. The Court reasoned that without knowing whether or not a breach occurred, Defendant could not have known whether there would be litigation against it due to the breach. Further, Defendant’s representative testified that he was not "contemplating" forthcoming lawsuits as a result of the data breach at the time Kroll was performing its work. Id. at *6. As to whether the materials were subject to attorney- client privilege, the Court concluded that Defendant did not establish that Kroll’s work involved "presenting opinions and setting forth . . . tactics" rather than discussing facts. Id . at *11. Accordingly, the Court determined that Defendant did not carry its burden of establishing that the Kroll report and related communications had a primary purpose of providing or obtaining legal assistance for Defendant, and therefore the attorney-client privilege did not apply. For these reasons, the Court granted Plaintiffs’ motion to compel discovery. In Re StockX Customer Data Security Breach Litigation, 2021 U.S. Dist. LEXIS 111685 (E.D. Mich. June 15, 2021). Plaintiffs in four consolidated actions alleged that they and others were harmed by Defendant StockX’s failure to protect their confidential and personal information from a data breach. The Court ordered the parties to brief whether Michigan or California state law applied to Plaintiff’s claims, because if Michigan law applied, Plaintiff’s claims were subject to mandatory arbitration. The Court ruled that California law applied and therefore declined to compel arbitration. After the Court consolidated Plaintiff Esquer’s action into the other cases, which included claims brought under California state law, Plaintiffs did not file an amended consolidated class action complaint to include Esquer or her claims. Subsequently, StockX filed a motion to dismiss the for improper venue and to compel arbitration. The Court granted StockX’s motion. It found that a valid arbitration agreement existed, but that motion did not resolve Esquer’s claims. The arbitration provision at question stated that customers must resolve disputes with StockX in arbitration under Michigan state law rather than through court proceedings. Esquer argued that the provision was not enforceable because it would improperly preclude her from seeking relief on behalf of the California public. Id . at *5. Esquer did not disagree with StockX’s contention that Michigan had a substantial relationship to the parties and transaction; as its headquarters were located in Michigan. Esquer, however, argued that Michigan law was contrary to fundamental California policy, since it was contrary to California policy that ensures the rights of consumers to seek public injunctive relief on behalf of the general public. The Court opined that Esquer’s requested relief had the purpose and effect of protecting the public from StockX’s alleged ongoing harm, and therefore Esquer sufficiently pled the fundamental policy of California law that required application of California law to her claims. The Court agreed with Esquer’s contentions that California had a materially greater interest in the application of its law because it had a strong interest in protecting California consumers. Further, the Court held that the putative class members’ inferior bargaining power against StockX tipped the balance in favor of the application of California law. The Court thus found that California had a materially greater interest in protecting its citizens than Michigan had in adjudicating Esquer’s claims against StockX. For these reasons, the Court ruled that Defendant’s choice- of-law clause was unenforceable and it declined to compel arbitration of Plaintiff Esquer’s claims. McFarlane, et al. v. Altice USA, Inc., 2021 U.S. Dist. LEXIS 42645 (S.D.N.Y. March 8, 2021). Plaintiffs, a group of current and former employees, filed a class action alleging that Defendant failed to take reasonable steps to protect Plaintiffs’ personal data. In November 2019, hackers launched a phishing attack on Defendant in which they breached the company’s security measures and obtained employees’ contact information, dates of birth, and social security numbers. Since this incident, Plaintiffs spent time and resources responding to the data breach, and the three named Plaintiffs had their identities stolen. Plaintiffs asserted various claims, including: (i) negligence; (ii) negligence per se ; (iii) breach of implied contract; (iv) violation of the New York Labor Law