Photo of R. Locke Beatty

Locke represents clients in all phases of business litigation in state and federal courts. He regularly serves as counsel on behalf of financial institutions in a wide range of matters, with a focus on mortgage-related litigation and defending claims under the Fair Debt Collection Practices Act, Truth in Lending Act, and other consumer protection statutes.

This week’s recap examines a recent appellate ruling that provides a nice roadmap for arguing a plaintiff’s theory of damages cannot satisfy Rule 23’s predominance requirement, as well as another district court’s efforts to parse out the contours of standing based on statutory violations post-Spokeo.

How an Individualized Damages Inquiry Can Preclude Certification: 

Today’s round-up takes a look at the potential impact on class-action litigation of some recently proposed amendments to the Federal Rules of Civil Procedure, and continues our exploration of what type of injury it takes to sustain a data-breach class action.

Proposed Guidance for Determining Whether Class Action Settlements are “Fair, Reasonable, and Adequate”

One of our long-standing objectives for this blog is to provide in-depth analysis of recent court rulings and developing trends that impact class action practice.  That remains a driving tenet.  In an effort to expand our coverage, we are phasing in a regular Monday column that provides more succinct updates on recent decisions.  These short-form

The following post, written by Senior Counsel Andrew Phillips, was first published on McGuireWoods’s Password Protected blog.  We jumped at the chance to reprint it here.

Following the Seventh Circuit’s recent decision in Lewert v. P.F. Chang’s China Bistro, Inc., 2016 U.S. App. LEXIS 6766 (7th Cir. Ill. Apr. 14, 2016), many commentators quickly pronounced the Seventh Circuit fertile territory for consumer data breach class actions.  But, suggesting that such claims will thrive in the Seventh Circuit is a lot like saying the Sasquatch thrives in the Pacific Northwest.  Maybe, but the evidence is, at best, grainy and inconclusive.

The Significance and Insignificance of Lewert 

Last month in Lewert, the Seventh Circuit reversed the trial court’s dismissal of a putative class action brought by alleged victims of a 2014 data breach.  For those following data breach jurisprudence, the Seventh Circuit’s conclusion was hardly a surprise.  Just last July, the Seventh Circuit became the first federal court of appeals to find standing among data breach victims absent a showing of identity theft or unreimbursed fraud.  Remijas v. Neiman Marcus Grp., LLC, 794 F.3d 688 (7th Cir. 2015).  In Remijas, the Court held that Article III’s “concrete and particularized injury” requirement was met by “the increased risk of fraudulent credit- or debit-card charges, and the increased risk of identity theft,” “time and money the class members predictably spent resolving fraudulent charges,” and “time and money customers spent protecting against future identity theft.”  P.F. Chang’s attempted to distinguish Remijas, arguing that the nature of its breach created less risk of identity theft than in Remijas.  Unlike Neiman Marcus, P.F. Chang’s also disputed that the named Plaintiffs’ data had been compromised.  The Seventh Circuit brushed aside these distinctions as immaterial at the pleading stage where Plaintiffs’ allegations are presumed true.

As a threshold matter, Lewert did not really change anything within the Seventh Circuit.   Indeed, the most notable aspect of Lewert may be how closely it hewed to last year’s Remijas decision.  The Seventh Circuit still believes that allegations of a payment card data breach can constitute a “certainly impending future harm” sufficient to satisfy the U.S. Supreme Court’s standing analysis in Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138, 1147, 185 L. Ed. 2d 264 (2013).  And, it believes that certain victim activities following a payment card data breach – such as purchasing credit monitoring or expending time and resources to guard against identity theft – constitute “present injuries” for Article III purposes.  However, the Court remained “skeptical” of Plaintiffs’ more creative standing theories, like Plaintiffs’ claim that they would not have dined at P.F. Chang’s had they known of its poor data security or that Plaintiffs’ had a property right in their personally identifiable data.

So, is Lewert a positive development for future retail data breach plaintiffs?  Sure, to a point – it reaffirmed the Seventh Circuit’s divergence from the majority of post-Clapper data breach decisions which have held that absent allegations of actual identity theft or other fraud, the increased risk of such harm alone is insufficient to satisfy Article III standing.
Continue Reading Tracking the Elusive Consumer Data Breach Class Action

On May 16, 2016, the U.S. Supreme Court held in Spokeo, Inc. v. Robins that a bare procedural violation of a statutory requirement, divorced from any concrete harm, does not establish the injury-in-fact necessary to maintain a lawsuit in federal court.  The Court acknowledged, however, that an alleged violation of a procedural statutory right could