18th Annual Workplace Class Action Report - 2022 Edition

570 Annual Workplace Class Action Litigation Report: 2022 Edition (“NYLL”); and (v) violation of the Cable Communications Act of 1984. Defendant filed a motion to dismiss on the basis that Plaintiffs lacked Article III standing, and alternatively, that Plaintiffs failed to state a claim upon which relief could be granted. Defendant also filed a separate motion to compel arbitration on the grounds that Plaintiffs consented arbitrate any claims against Defendant. The Court granted in part and denied in part the motion to dismiss, and deferred judgment on the motion to compel arbitration. In terms of Defendant’s Article III standing argument, the Court initially noted that the three named Plaintiffs whose identities were stolen clearly suffered a concrete injury. Moreover, the Court determined that all of the named Plaintiffs plausibly alleged an injury-in-fact by pointing to the theft of “the most dangerous type of personal information in the hands of identity thieves,” i.e. , Plaintiffs’ social security numbers. Id. at *11. As to Defendant’s motion to dismiss for failure to state a claim, the Court considered Plaintiffs’ NYLL (and related negligence per se ) claims, which require a Plaintiff to show that their employer placed “a society security number in files with unrestricted access.” Id. at *32. The Court reasoned that Plaintiffs’ NYLL and negligence per se claims must be dismissed because Defendant’s stolen employee report was password protected. Conversely, the Court refused to dismiss Plaintiffs’ breach of implied contract claim. It found that Plaintiffs sufficiently alleged that they provided their personal information to Defendant under the implied contract that Defendant would protect that information using reasonable industry standards. Finally, concerning the motion to compel arbitration, Defendant sought to enforce what the Court labeled as an “infinite arbitration clause” contained in Defendant’s cable service agreement. Defendant asserted that, because seven of the nine named Plaintiffs also subscribed to Defendant’s cable services, they should be bound to arbitrate their claims. The Court disagreed with Defendant’s primary contention. It ruled that Defendant’s broad arbitration clause – which purported to cover all disputes between Defendant and the customer – could only be enforced with respect to claims relating to Defendant’s cable service agreement. However, because Plaintiffs described themselves as both employees and subscribers in their complaint, the Court deferred judgment on the motion until Plaintiffs could amend the description of their claims. Id. at *29. In sum, the Court granted Defendant’s motion to dismiss only as to Plaintiffs’ NYLL and negligence per se claims, denied the remainder of Defendant’s dismissal motion, and deferred judgment on the motion to compel until after Plaintiffs amended their complaint. McGlenn, et al. v. Driveline Retail Merchandising, Inc. , 2021 U.S. Dist. LEXIS 9532 (C.D. Ill. Jan. 19, 2021). Plaintiffs, a group of current and former employees, filed a class action alleging that Defendant improperly disclosed Plaintiffs’ personally identifiable information (“PII”) to a third-party without encryption or password protection. Id. at *3. According to Plaintiffs, a payroll employee of Defendant sent an email containing nearly 16,000 employee W-2s to a phishing perpetrator posing as Defendant’s Chief Financial Officer. Plaintiff claimed that a hacker subsequently opened a credit card using her PII, and that “all class members will be at heightened risk of further identity theft and fraud.” Id. at *4-5. Plaintiffs’ complaint asserted the various counts against Defendant, including: (i) negligence; (ii) invasion of privacy; (iii) breach of implied contract; (iv) breach of fiduciary duty; (v) violations of the Illinois Personal Information Protection Act; and (vi) violations of the Illinois Consumer Fraud and Deceptive Business Practices Act. Plaintiffs filed a motion for class certification, which the Court denied. Initially, the Court found that, because Plaintiff was one of nearly 16,000 employees who collectively discovered the disclosure of their PII via Defendant’s notification, the numerosity and typicality requirements of Rule 23(a) were met. The Court also noted that, despite Defendant’s arguments to the contrary, Plaintiff and her counsel were adequate class representatives. With respect to the class certification requirements of Rule 23(b), Defendant contended that “individual inquiries for causation, actual injury, and damages outweigh judicial economies gained from adjudicating the common issues as a class action…” Id. at *22. Defendant further argued that Plaintiffs failed to show evidence of a common injury, pointing to Plaintiff’s unique experience of having her PII used to open a credit card account in comparison to other class members suffering only the breach itself. The Court agreed with Defendant. It reasoned that Plaintiffs did not offer sufficient evidence that all class members suffered a compensable injury. Id. at *30. The Court also held that, because all six of Plaintiffs’ causes of action required proof of damages, Plaintiff failed to demonstrate that common questions would predominate over individual issues. Id. at *29. Finally, Plaintiffs attempted to certify the class under Rule 23(c)(4) as to only the issues of liability for the negligence and breach of fiduciary duty claims, but the Court found Plaintiffs’ request to be inefficient from a public policy perspective. Therefore, the Court denied Plaintiffs’ motion for class certification.