The putative class action against Target was filed in California federal court in the last month of this year. The complaint was filed only hours after Target disclosed that hackers compromised PII, including names and credit and debit card information, of approximately 40 million customers. As in the Adobe case, the complaint against Target alleges the company violated state unfair competition laws and data breach reporting laws, as well as the plaintiff’s common-law privacy rights.
As the Adobe and Target cases move forward in 2014, they may shed light on a number of significant issues, most importantly, the specific nature and level of security protection that companies must provide in order to comply with applicable statutory standards (often couched in general and vague terms) and to stay ahead of the ever-increasing sophistication of hackers. These cases will also clarify issues related to California’s Online Privacy Protection and Data Breach Acts – statutes that, given the size of the California market and the global nature of online commerce, may impact companies everywhere. They will also put to the test creative damages theories intended to overcome past difficulties in maintaining data breach claims. We will be following both cases closely in 2014 and commenting on developments. Stay tuned.
Contact Ivan Rothman for further information.