Court Decision Makes Data Breach Lawsuits Easier

Download the data privacy alert

Court Decision Makes Data Breach Lawsuits Easier

Why This Privacy Law is Important:

The risks associated with data breaches for corporations are climbing. Organizations must focus their energy on three main strategies: A solid cybersecurity practice, robust incident response by both the technical and legal/privacy teams, and the prompt disposal of unnecessary data. Although legal and compliance may not be responsible for cybersecurity strategy, they must prioritize incident response and data retention and disposal as key projects in 2021 as the risks of litigation will only increase.


For the first time, a court has approved standing for a class of individual consumers in a payment card breach. The lawsuit was brought by three patrons of Chili’s restaurants after a data breach exposed payment card information that was subsequently made available on the dark web. These patrons claimed costs and time to remediate the cards and dispute false charges. The challenge with these cases has always been the adequate definition of the class, since it is often difficult to distinguish between those who suffered some kind of harm and those who did not. However, this court found that it would be prohibitively expensive to bring individual lawsuits in this case, since the likely compensation would be far less than the costs of litigation. The court felt the only reasonable way they could get relief was as a class. This ruling sets a precedent that opens the litigation door a bit wider.

Download the Privacy Alert to the right to get the full text and expert analysis!

Download the Resource