Concrete Injury in Data Breach and Privacy Class Actions: Evolving Standards, Experts, Discovery Strategy
Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
Intermediate
- work Practice Area
Class Action and Other Litigation
- event Date
Thursday, April 3, 2025
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
-
This CLE webinar will offer guidance to class action counsel on establishing and testing the presence of concrete harm in data breach and privacy class actions. The program will review the applicable standards, the experts needed to do so, factors for determining what pre-certification discovery is required, and how these issues relate to other Rule 23 requirements.
Ms. Baxter-Kauf’s practice is concentrated in the firm’s data breach, antitrust law, business litigation, and securities litigation practice groups. She represents individuals, consumers, financial institutions and small businesses in litigation to protect their rights and, most often, the rights of the class members they seek to represent. Ms. Baxter-Kauf is a frequent author and presenter on data privacy and antitrust among other issues.
Mr. Petterson is a member of the firm’s cybersecurity/data privacy practice group. As a member of that group, he focuses on nationwide data breach class actions. He was recently appointed to the Plaintiffs’ Steering Committee in the nationwide In re: Snowflake, Inc., Data Security Breach Litigation. Additionally, he works on the pending nationwide data breaches against Marriott and Quest Labs, with a particular focus on experts. Along with his data breach work, Mr. Petterson represents truck drivers in two proposed class actions brought under the Illinois Biometric Information Privacy Act against two technology providers. He is also a member of the firm’s securities practice group. Mr. Petterson’s successful cases include a shareholder derivative action against The Boeing Company’s officers and directors. He represented Co-Lead Plaintiffs the New York State Comptroller Thomas P. DiNapoli, as trustee of the New York State Common Retirement Fund, and the Fire and Police Pension Association of Colorado in the action alleging breach of fiduciary duty in connection with the board of directors’ oversight of the 737 MAX’s design and development. In February 2022, the Delaware Chancery Court approved a settlement comprised of a $237.5 million cash payment and extensive corporate governance reforms.
Mr. Trask focuses his practice on class action and complex litigation in various industries, including the automotive industry and financial services. Regarded as an authority in class action litigation, he has experience in class actions involving product liability, consumer fraud, telecommunications products, business litigation and contracts, banking, securities, ERISA, antitrust and environmental claims. He also has defended mass tort cases involving financial regulations, as well as government investigations and data breach matters.
Large numbers of data breach and privacy class actions continue to be filed and routinely sit atop CEOs' lists of "most troubling issues." Consumers and privacy advocates uncover alleged privacy violations and substandard consumer protections on a near daily basis. TransUnion L.L.C. v. Ramirez requires plaintiffs to demonstrate "concrete injury" to maintain these actions, and there is some consensus that, at a minimum, a risk of concrete or imminent harm is required.
Nonetheless, how imminent and how severe the risk must be is not settled and may vary by jurisdiction. It may be necessary to offer evidence of its actual exploitation. In making the case for certification, plaintiffs must decide what experts to call and how those experts can quantify and reliably predict the alleged harm. Evidence of classwide liability may also assist in class certification efforts and counsel may want to pursue such early in litigation.
Defendants may want to challenge these allegations with their own experts or try to show that the alleged harms are too individualized to justify class treatment. They have strategic decisions to make regarding the scope of discovery at the certification stage, whether to challenge standing, and the types of experts to retain. Mounting a full press against plaintiffs' certification experts has proved successful in some instances but can be expensive.
Listen as this expert panel guides class action counsel through what is required to demonstrate concrete injury in a data breach/privacy class action, the experts needed by plaintiffs or defendants, and factors to be considered in assessing whether to engage in full or limited pre-certification discovery.
- Background and preview of Laboratory Corp. of America v. Davis: Davis v. Lab'y Corp. of Am. Holdings, No. 22-55873, 2024 WL 489288 (9th Cir. Feb. 8, 2024), cert. granted in part sub nom. Lab'y Corp. of Am. v. Davis, No. 24-304, 2025 WL 288305 (U.S. Jan. 24, 2025)
- Arguments in support of certification
- Arguments in opposition to certification
The panel will consider these and other key issues:
- What experts are needed or helpful to establish exploitation of data, for example on the dark web?
- Can data analytics be used to establish or rebut the likelihood of harm?
- How has the analysis of "concrete" harm evolved?
- What factors weigh in favor of in-depth pre-certification discovery?
Related Courses
Impeachment and Proposed Amendments to FRE 801(d): Prior Inconsistent Statements in Social Media and Inactive Websites
Tuesday, October 28, 2025
1:00 p.m. ET./10:00 a.m. PT