Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.
Data breaches typically involve lots of people, making them prime targets for class actions. Most cases have not gotten to the class certification stage because they have been dismissed on standing grounds, and when they have reached the class phase, certification has been denied because of the predominance of individualized issues. Two recent Supreme Court decisions, Clapper v. Amnesty International USA, in which the court held that actions based on speculative injury cannot proceed due to lack of standing, and Comcast Corp. v. Behrend, an antitrust case in which the court held that when damages are individualized, a class cannot be certified, reinforce these trends. While neither case involves a data breach, both have significant ramifications in the data breach context.