Photo of Amy Doolittle

Amy Doolittle

Earlier this fall, the Fourth Circuit vacated the district court’s class certification order in the Marriott data breach MDL because of the potential applicability of a class action waiver defense. See In re Marriott Int’l Consumer Data Security Breach Litig., 78 F.4th 677 (4th Cir. 2023). Our post on this decision can be found here. On remand, the district court took little time to conclude that Marriott had waived the class action waiver in the Choice of Law and Venue provision of the putative class members’ contracts and that regardless “the adhesive provision, buried on the last page of the Terms cannot direct this Court to ignore the provisions of Rule 23 of the Federal Rules of Civil Procedure.”  In re Marriott Int’l Consumer Data Security Breach Litig., 2023 WL 8247865 (D. Md. Nov. 29, 2023). The district court thus reinstated the classes as earlier certified.Continue Reading District Court Quickly Reinstates Class Certification in Marriott Data Breach Litigation

Data breaches are an all-too-familiar issue, affecting businesses of all sizes and across all industries. Beyond dealing with the operational and reputational impacts and other resulting fallouts of a data breach, businesses also face enhanced class action litigation risk.

A recent high-profile case serves as a valuable reminder that companies should consider reliance upon a well-established mechanism of mitigating class action litigation risk. In In re Marriott International, Inc., Consumer Data Security Breach Litig., 78 F.4th 677 (4th Cir. 2023), the Fourth Circuit Court of Appeals reversed the district court’s certification order in a data breach class action dispute due to the effect of a class action waiver signed by all putative class members. The Marriott decision demonstrates how class action waivers can be utilized as a core strategy for mitigating heightened data breach litigation risks.Continue Reading Recent Marriott Data Breach Class Action Decision Underscores the Importance of Class Action Waivers

2021 has been a monumental year in many ways, and consumer financial privacy litigation and enforcement was no exception.  In the executive branch, the Biden Administration focused on strengthening individual privacy protections and limiting the disclosure of sensitive data.  Meanwhile, the Supreme Court’s decision in TransUnion LLC v. Ramirez continues to have a long-lasting impact

Earlier this week, in the context of a data incident involving a health care company, an Arizona federal court determined that plaintiffs had Article III standing but then went on to dismiss plaintiffs’ claims for failure to state a claim, although it granted plaintiffs leave to amend.  Griffey v. Magellan Health, 20210 U.S. Dist. LEXIS

CPW has been covering data breach litigations for quite some time, including dismissal of defective data breach complaints and the ongoing federal circuit split regarding Article III standing.  Yesterday, for the first time, a court certified a Rule 23(b)(3) class action of individual consumers complaining of a data breach involving payment cards.  See In

There were a number of things that took me off guard with respect to the Supreme Court’s opinion yesterday in Uzuegunam v. Preczewski, Case No. 19-968.  First, apparently for the first time in the 16 years he has been on the Court, the Chief Justice was the lone dissenter in a case.  I was also

CPW has previously reported on the anticipated impact of a Biden presidency on data privacy and data privacy litigation.  In an update to that prior analysis, President Biden has reportedly selected Lina Khan, a prominent antitrust scholar and professor at Columbia Law School, for a vacancy at the Federal Trade Commission (“FTC”).  Khan’s nomination

As 2020 drew to a close, the Ninth Circuit gave the CFPB a victory in Consumer Fin. Prot. Bureau v. Seila Law LLC, 2020 U.S. App. LEXIS 40572 (9th Cir. Dec. 29, 2020), upholding the CFPB’s civil investigative demand (CID) to Seila Law.  The case was on remand from the United States Supreme Court, which

This is getting to be a common refrain in BIPA cases – plaintiffs bring BIPA class actions in plaintiff-friendly state court; defendants remove; and plaintiffs move to remand arguing there is no injury-in-fact and thus no Article III standing.  In Thornely v. Clearview AI, Inc., 2020 U.S. Dist. LEXIS 197519 (N.D. Ill. Nov. 3, 2020),