Growing Class Action Threat: Breaches of Consumer ...

Growing Class Action Threat: Breaches of

Consumer Personally Identifiable Information Minimizing Litigation Risk and Maximizing Insurance Coverage

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

The audio portion of the conference may be accessed via the telephone or by using your computer's

speakers. Please refer to the instructions emailed to registrants for additional information. If you

have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

TUESDAY, MARCH 18, 2014

Presenting a live 90-minute webinar with interactive Q&A

Linda D. Kornfeld, Partner, Kasowitz Benson Torres & Friedman, Los Angeles

Tracy D. Rezvani, Shareholder, Rezvani Volin & Rotbert, Washington, D.C.

Donna L. Wilson, Partner, Manatt Phelps & Phillips, Los Angeles

Sound Quality

If you are listening via your computer speakers, please note that the quality

of your sound will vary depending on the speed and quality of your internet

connection.

If the sound quality is not satisfactory, you may listen via the phone: dial

1-866-869-6667 and enter your PIN when prompted. Otherwise, please

send us a chat or e-mail [email protected] immediately so we can

address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing Quality

To maximize your screen, press the F11 key on your keyboard. To exit full screen,

press the F11 key again.

FOR LIVE EVENT ONLY

For CLE purposes, please let us know how many people are listening at your

location by completing each of the following steps:

• In the chat box, type (1) your company name and (2) the number of

attendees at your location

• Click the SEND button beside the box

If you have purchased Strafford CLE processing services, you must confirm your

participation by completing and submitting an Official Record of Attendance (CLE

Form).

You may obtain your CLE form by going to the program page and selecting the

appropriate form in the PROGRAM MATERIALS box at the top right corner.

If you'd like to purchase CLE credit processing, it is available for a fee. For

additional information about CLE credit processing, go to our website or call us at

1-800-926-7926 ext. 35.

FOR LIVE EVENT ONLY

If you have not printed the conference materials for this program, please

complete the following steps:

• Click on the ^ symbol next to “Conference Materials” in the middle of the left-

hand column on your screen.

• Click on the tab labeled “Handouts” that appears, and there you will see a

PDF of the slides for today's program.

• Double click on the PDF and a separate page will open.

• Print the slides by clicking on the printer icon.

FOR LIVE EVENT ONLY

Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information

Presented by

Donna L. Wilson

[email protected]

Tracy D. Rezvani

[email protected]

March 18, 2014

6 Roadmap

Article III standing – actual vs. future damages

Trends – alternative theories of damages, liability

Enforcement – by FTC, state AGs

Class certification issues

Privacy settlements – sufficient relief to class members

Statutory claims

Google – a case study

California legislative spotlight

Takeaways

7 Standing in Data Breach Litigation

Differences among circuits re: sufficiency of injury for purposes of standing

(present v. future injuries)

Game Changer? - Clapper v. Amnesty International USA, 133 S. Ct. 1138

(Feb. 26, 2013)

– Threatened injury must be “certainly impending” to constitute injury-in-fact

– The Court, however, re-affirmed Monsanto Co. v. Geertson Seed Farms, 130 S. Ct. 2743, 2754-

55 (2010) (“reasonable probability” or “substantial risk” sufficient for standing)

Effect of Clapper on data breach litigation

– Plaintiffs have taken the position Clapper is limited to the facts. Defendants have relied upon

Clapper to challenge standing based upon possibility of damages, steps taken to prevent future

damages (i.e., future risk of identity theft, incurring costs for credit monitoring services)

In re Barnes & Noble Pin Pad Litigation, No. 12-cv-8617, 2013 WL 4759588 (N.D. Ill. Sept. 3,

2013) – relying on Clapper, dismissing class action for lack of standing. Rejected various

theories of injury, including Barnes & Noble’s failure to promptly notify plaintiffs of security

breach; increased risk of identity theft; and time and expenses incurred to mitigate risks of

identity theft.

Polanco v. Omnicell, Inc., 2013 WL 6823265 (D.N.J. Dec. 26, 2013)- relying on Clapper,

dismissing class action for lack of standing. Plaintiffs did not allege either misuse of plaintiffs’

PCI or PHI and court rejected theories of injury including increased risk of identity theft and

time and expenses incurred to mitigate risk of identity theft.

8 Standing in Data Breach Litigation

Yunker v. Pandora Media, Inc., 2013 US Dist LEXIS 42691 (N.D. Cal. Mar. 26, 2013) – Court

found diminution in the value of PII is insufficient to confer standing. Plaintiff argued that

because Pandora allegedly sold the plaintiff’s personally identifiable information, that

information is now less valuable. The court granted MTD because of the highly speculative

nature of this alleged harm.

Redressability

– Frank v. Neiman Marcus Grp., LLC, 2:14-cv-00233 (E.D.N.Y. February 12, 2014) – Defendant

challenges standing, in part, on the theory that Plaintiff cannot meet Article III’s redressability

requirement. Defendant argues that the complaint fails to allege facts showing how Plaintiff’s past

injuries can be remedied by a judgment in her favor due to Franks’ card issuer’s assurance of zero

fraud liability.

Target breach litigation

– Standing will be a hurdle for claimants

Plaintiffs will have to show injury in fact i.e. identity theft

Plaintiffs will have to show a strong enough link between Target hacking and injuries suffered

– Target has promised to pay for credit monitoring services

– Similar issues for Michaels Stores and Neiman Marcus Security Breaches

9 Trends in Data Breach Litigation

Alternative theories of damages?

– i.e., “benefit of the bargain theory”, not getting what was paid for

In re Linked In User Privacy Litig., 932 F. Supp. 2d 1089 (N.D. Cal. 2013). MTD granted for

plaintiffs’ lack of standing. Plaintiffs had alleged their paid premium memberships promised

security.

Expansion of who may be held liable for a data breach?

– Employers of a rogue employee?

Kiminiski v. Hunt, et al., No. 13-cv-208 (D. Minn. Sept. 20, 2013). State defendants’ MTD DPPA

claim granted because, inter alia, plaintiffs failed to allege that defendants knowingly gave the

former employee database access for an impermissible purpose.

– In the absence of a contractual relationship?

Lone Star Nat’l Bank, N.A. v. Heartland Payment Sys., Inc., 729 F.3d 421 (5th Cir. 2013).

Reversed district court’s dismissal of negligence claim arising from hackers’ breach of

Heartland’s data systems. Held that economic loss doctrine did not bar negligence claim.

Payment card issuing banks had sued payment processor; Visa and MasterCard had

contractual agreements with the issuing banks.

10 Trends in Data Breach Litigation (continued)

Focus on statutory claims, rather than common law claims?

– In re Zappos.com, Inc., No. 12-cv-325, 2013 WL 4830497 (D. Nev. Sept. 9, 2013). Court granted

MTD in part. Dismissed most of common law claims, allowed MDL to proceed on most of the

state statutory claims and negligence claim.

– Standing based simply on the availability of statutory injury and damages?

11 Data Breach Enforcement Actions

FTC jurisdiction to regulate privacy and data security in the private sector

– Many FTC settlements under Section 5 of the FTC Act

FTC v. Wyndham Worldwide Corp., No. 13-cv-1887 (D.N.J.) – motions to dismiss pending, parties asked to submit supplemental briefing regarding FTC Commissioners’ testimony at a subcommittee hearing that Section 5 enforcement is “vague” and “formal guidelines” are needed. Wyndham contends that Section 5 does not authorize the FTC to regulate data security standards for the private sector.

– Rare challenge to FTC’s enforcement authority

– Potential impact on the breadth of FTC authority in the future

Closely followed. See, e.g., In the Matter of LabMD, Inc., FTC Docket No. 9357 – in answer, respondent asserted that the FTC lacks subject-matter jurisdiction

On the horizon in 2014 – FTC to focus on data security, big data, mobile technologies

State AGs

– Example: Connecticut AG reached a $55,000 settlement with Citibank N.A., where Citibank allegedly delayed in fixing vulnerability and notifying customers.

Civil penalties, third party information security audit, maintenance of reasonable security procedures and practices, free credit monitoring for two years for any individual affected by future security incidents

12 Class Certification Issues in Privacy and Data Breach Litigation

Predominance

– In re Hannaford Bros. Co. Customer Data Sec. Breach Litigation, No. 08-md-1954, 293 F.R.D. 21 (D. Me.

Mar. 20, 2013)

Denied motion for class certification. Plaintiffs had failed to offer expert opinion testimony regarding

class wide damages.

Instructive for plaintiffs in the future on how to overcome issue of individualized damages?

Class certification rare in privacy litigation

– But see Harris v. comScore, No. 11-cv-5807, 292 F.R.D. 579 (N.D. Ill. Apr. 2, 2013)

Certified a class based on claims comScore gathered and sold customers’ personal information without

their consent, alleging violations of the Stored Communications Act, Electronic Communications

Privacy Act, Computer Fraud and Abuse Act

Class consisted of all individuals who have downloaded and installed comScore’s tracking software

onto their computers via one of comScore’s third party bundling partners at any time since 2005

– Largest class ever certified after Schwab v. Philip Morris USA, Inc., 449 F. Supp. 2d 992, 2006 U.S.

Dist. LEXIS 73196 (E.D.N.Y., 2006), class cert overturned, McLaughlin v. Am. Tobacco Co., 522

F.3d 215 (2d Cir. N.Y. 2008).

The Seventh Circuit denied comScore’s petition for an interlocutory appeal on June 11, 2013

Effect: increase number of privacy class actions based on statutory damages?

13 Privacy/Data Breach Litigation Settlements

Sufficient relief for class members

– Fraley v. Facebook, Inc., No. 11-cv-1726, --- F. Supp. 2d ----, 2013 WL 4516819 (N.D. Cal. Aug.

26, 2013)

Approving $20MM settlement arising from alleged misappropriation of users’ names and/or

likenesses to promote products and services through Facebook’s “Sponsored Stories” program.

Original proposed settlement did not win preliminary approval

Claims by customers who did not suffer identity theft

– Resnick v. AvMed Inc., No. 10-cv-24513 (S.D. Fla. Oct. 25, 2013)

Granted preliminary approval of $3MM data breach settlement. Claims can be made by both

customers that paid defendant for insurance and customers who suffered identity theft caused

by the breach

– Data breach plaintiffs will likely attempt to follow this model in the future

14 Privacy Claims for Statutory Damages (Federal)

E.g., Telephone Consumer Protection Act, 47 U.S.C. § 227 (“TCPA”)

– FCC new regulations – effective October 2013

“prior express consent”- Physical or electronic signature and the signing agreement must be

optional

Elimination of “established business relationship” exception - requires callers to obtain signed

written consent from the recipients, even ones who are established customers

– Large volume of class actions already, potential for increase

– Penalties of $500-$1500 per unauthorized call

Large settlements (examples: Domino’s $9.75MM; Papa John’s $16.5MM)

Limitations on class judgments (Holtzman v. Turza, 728 F.3d 682 (7th Cir. 2013))

– Revocation of prior consent

Gager v. Dell Financial Services, LLC, 727 F.3d 265 (3d Cir. 2013) - although TCPA does not

expressly grant a right of revocation, this does not mean that the right to revoke does not exist.

15 Privacy Claims for Statutory Damages (Federal)

– Availability of New York as a forum for TCPA class action

Bank v. Independence Energy Grp. LLC, 736 F. 3d 660, 661 (2d Cir. 2013)- Holding that

Federal Rule of Civil Procedure 23, not state law, governs when a federal TCPA suit may

proceed as a class action.

E.g., Video Privacy Protection Act, 18 U.S.C. § 2710

– VPPA new regulations effective January, 10, 2013

Streamlines the process for consumers to share data regarding their video viewing activities.

Allows consumers to consent via electronic means, and if the consumer chooses, grant

consent in advance for up to two years. Customers may withdraw consent on a case by case

basis or withdraw consent from ongoing disclosures.

– In re Netflix Privacy Litigation, No. 11-cv-3379, 2013 WL 1120801 (N.D. Cal. Mar. 18, 2013) –

granting final approval of class action settlement. $9MM settlement fund

Objectors appealed to Ninth Circuit. Netflix argued reasonableness, relying on the Facebook

Beacon settlement.

Issue: no monetary relief for class members despite high statutory damages

16 Privacy Claims for Statutory Damages (State: Focus on California)

California’s Shine the Light Law, Cal. Civ. Code § 1798.83 - 1798.84

– Game changers: Boorstein, King, Miller and Baxter affirming dismissals on basis of lack of

standing because plaintiffs failed to allege that they had submitted a request for information as

permitted under the statute, or that they would have submitted such a request had accurate

contact information been provided

California’s Confidentiality of Medical Information Act (CMIA), Civ. Code § 56

– Expect continued and increased class action activity in the area

– Recent cases filed, including against Kaiser, Sutherland Healthcare Solutions and Los Angeles

County, and numerous settlements.

– But see Platter v. UCLA (narrowing the scope of the CMIA through the term “release”)

17 Privacy Claims for Statutory Damages (State)

E.g., California’s Song-Beverly Credit Card Act, Cal. Civ. Code § 1747.08

– Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th 524 (2011) – finding that a ZIP code

constitutes PII under the Song-Beverly Credit Card Act.

– Apple Inc. v. Superior Court, 56 Cal. 4th 128, 133 (2013) – holding section 1747.08 does not

govern online purchases of electronically downloadable products because electronic transactions

do not fit within the statutory scheme.

– Capp v. Nordstrom, Inc., 2013 WL 5739102 (E.D. Cal. Oct. 22, 2013) – predicting that the

California Supreme Court will decide that an email address constitutes PII under § 1747.08

But see: Bell v. Blizzard Entertainment, Inc., 12-CV-09475 BRO (PJWx) (C.D. Cal July 11,

2013) –holding email addresses, secret question answers, and cryptographically scrambled

passwords are not PII within the meaning of Delaware’s Data Breach notification Law.

– Leebove v. Wal-Mart Stores, Inc., No. 13-cv-01024 (C.D. Cal. Oct. 4, 2013) - denying motion for

class certification. Questions common to the class do not predominate over questions affecting

only individual members (i.e., whether Wal-Mart was justified in requesting the personal

information)

18 Privacy Claims for Statutory Damages (State)

E.g., Massachusetts General Laws, ch. 93, § 105(a)

– Tyler v. Michaels Stores, Inc., 464 Mass. 492 (2013)

E.g., District of Columbia Code, § 47-3153

– Hancock v. Urban Outfitters, Inc. et. al, cv-13-939, 2014 U.S. Dist. LEXIS 33324 (D.D.C. Mar. 14,

2014)

E.g., Kansas Consumer Protection Statute § 50-669a

E.g., New Jersey Statute § 56:11-17

E.g., New York General Business Laws § 520-A(3)

E.g., Rhode Island General Laws § 6-13-16

E.g., Wisconsin Statute § 423.401

19 Google: a case study

Cookies, tracking the subject of privacy class actions

– In re Google Inc. Cookie Placement Consumer Privacy Litigation, No. 12-md-2358, 2013 WL

5582866 (D. Del. Oct. 9, 2013) – MTD granted.

Court found plaintiffs had not alleged injury in fact (ability to monetize their PII had been

diminished or lost by virtue of Google’s previous collection of it) and therefore lacked Article III

standing

Example of trend requiring actual harm

Sufficient relief for class?

– In re Google Referrer Header Privacy Litig., No. 10-cv-4809, N.D. Cal.

Plaintiffs allege Google divulged user search queries to third parties without user knowledge or

consent. Motion for preliminary approval of class action settlement filed on July 19, 2013;

$8.5MM proposed settlement to be used for payment of settlement administration expenses, cy

pres distributions, fee awards and incentive awards

20 Google, a case study (continued)

Interpretation of the Wiretap Act

– In re Google Inc. Gmail Litigation, No. 13-md-2430, 2013 WL 5423918 (N.D. Cal. Sept. 26, 2013)

– MTD granted in part, denied in part

Plaintiffs alleged Google has intercepted, read and acquired content of emails sent or received

by Gmail users to provide target advertising. Among other things, district court rejected theory

based upon “ordinary course of business” exception to Wiretap Act; rejected contention that

plaintiffs consented to interception of their emails

Google is seeking certification of the order for interlocutory appeal

Plaintiffs filed motion for class certification on October 24, 2013

Judge Koh stated that she foresaw a “huge hurdle” to showing that non-Gmail users should be

allowed to participate in class action lawsuit on February 27, 2014

– Joffe v. Google, Inc., ---F.3d ---- (2013) WL 6905957 (9th Cir. 2013)

Plaintiffs brought suit under federal and state law, including the Wiretap Act, based on

collection of data from unencrypted Wi-Fi networks in connection with its Street View

photographs. District court rejected argument that data collection did not violate the Wiretap

Act because data transmitted over a Wi-Fi network is an “electronic communication” “readily

accessible to the general public” and therefore exempt. Ninth Circuit affirmed.

21 California Spotlight

AB 370 (Do Not Track disclosures)

– But lack of clarity about meaning of do not track; does not actually require that websites do not

track, but just that they disclose how they respond to do not track signals; unclear whether applies

to mobile apps

SB 46 (expanding definition of PI to include customers' passwords, user

names, security questions or answers)

– Other states may follow CA lead

SB 568 signed, allows minors to delete social media content

– Likely to spawn similar state and federal legislation, activity by FTC

AB 648 (expands confidentiality of Medical Information Act to businesses that

offer hardware or software to consumers that is designed to manage medical

information)

22 Takeaways

Review of how data is collected, managed, stored, destroyed, etc.

Data breach incident response plan

Review privacy policies, compliance with privacy policies; revise as

appropriate

Monitor legal developments

Growing Class Action Threat: Breaches of

Consumer Personally identifiable

Information

March 18, 2014

Linda Kornfeld

Kasowitz Benson Torres & Friedman

[email protected]

(424) 288-7902

kasowitz benson torres & friedman llp KASOWITZ BENSON TORRES & FRIEDMAN LLP

Biography

Linda D. Kornfeld is a nationally recognized insurance coverage litigator

whom Chambers USA has described as one of “the best attorneys in

California” for coverage litigation. Ms. Kornfeld has extensive trial and

appellate experience representing corporate and individual policyholders

in high-stakes litigation in California and across the country.

Ms. Kornfeld has assisted clients in recovering hundreds of millions of

dollars over the years in a variety of types of claims. Ms. Kornfeld has

been repeatedly cited as an exceptional insurance litigator and one of the

top women lawyers in California by leading legal publications and

directories, including Chambers USA, Lawdragon in its top 500 “leading

lawyers” in America, Benchmark Litigation as a “Litigation Star” both

nationally and in California, the Daily Journal as one of California’s top 75

women litigators, Business Insurance as one of the country’s “50 Women

to Watch” in insurance, and Southern California Super Lawyers, as one

of the top 50 women lawyers in Southern California.

24


WHICH POLICIES MAY APPLY?

Review potentially applicable policies

oTraditional coverages:

General liability

Errors & Omissions and D&O

coverages

25


Specialty Coverages

Has the company purchased data

breach/privacy policies?

Has the company’s traditional coverage been

endorsed to add some form of data breach

protection?

Does that coverage match the ever evolving

data breach exposures?

26


Audit traditional coverages to see what

may be triggered

27


CGL Policies: Is There a Potential For

Coverage?

Where’s the coverage for alleged “privacy”

violations?

Is the “personal injury” or “advertising injury”

coverage potentially triggered?

28


What is Covered?

“Oral or written publication, in any manner, of

material that violates a person’s right of

privacy.”

Does the claim involve some form of

“publication”?

Does the claim involve a “privacy” violation?

29


“Publication”?

What is required to constitute “publication”?

Some form of “public” dissemination?

Term not defined in many policies.

“In any manner” language allows for broad

interpretation—courts have concluded that

any form of third-party dissemination is

sufficient.

30


“PUBLICATION”

• Still a “live” issue.

• 2013—Ohio: coverage litigation re

“unlawful recording without consent” under

California Privacy Act: Insurer had duty to

defend even though no dissemination to

3P’s or public at large.

• According to the court, recording the

conversation itself invades privacy and is a

“publication” of material.

WWW.KASOWITZ.COM


PUBLICATION, con’t

• 2014—Connecticut: Recall v. Federal:

– 130 tapes containing 500,000 IBM employee

PII fell of a transport truck and removed from

roadside by unknown person.

– No “publication” because plaintiffs did not

prove that the PII on the tapes ever was

accessed by anyone—no evidence that the

information could or was accessed.

– No impact if evidence exists that even one

person reviewed.

–

WWW.KASOWITZ.COM


Violation of a “Right of Privacy”?

“Privacy” often is not defined in CGL policies

“Where an insurance policy does not define

privacy” policy can be broadly interpreted “to

include aspects of privacy protected

by…privacy statutes.”

The theory underlying data breach claims is a

privacy violation.

33


Sony v. Zurich

• No “personal injury” coverage for 2011

Sony PlayStation breach because “third

party” hackers and not Sony committed

the offense.

• The decision is faulty because it adds

words to the “personal injury” coverage not

contained in standard form policies.

• It also is one state court and is contra to

law in other states.

WWW.KASOWITZ.COM


CGL POLICY EXCLUSIONS

35


“Statutory” Exclusions

An exemplar exclusion excludes, “Personal Injury…

arising directly or indirectly out of any action or

omission that violates or is alleged to violate: …any

statute, ordinance or regulation…that prohibits or

limits the sending, transmitting, communicating or

distribution of material or information.”

Insurers assert as a broad-based excuse to avoid

coverage for alleged violations of privacy statutes.

36


Statutory Exclusions, Con’t

Carefully read the underlying complaint: Song Beverly

and Massachusetts cases, as an example:

What if it solely alleges that you “requested and

recorded” customer’s zip information?

Does that constitute “sending, transmitting

communicating or distributing”?

What if in addition to alleged statutory violations the

complaint also contains common law privacy claims?

37


Hartford v. Corcino (c.d. cal oct. 7, 2013)

Personal/Advertising Injury defined to include,

“electronic publication of material that violates a

person’s right of privacy.”

But, the policy excluded, injury “arising out of

violation of a person’s right to privacy created by

any state or federal act.”

The exclusion did not apply to “liability for

damages that the insured would have in absence

of such state or federal act.”

38


Hartford v. Corcino (c.d. cal Oct. 7, 2013)

Motion to dismiss granted: exclusion inapplicable

to “liability for damages that the insured would

have in absence of such state or federal act.”

“Since . . .1931, California has recognized both a

constitutional privacy right and a common law tort

cause of action for [privacy] violations.”

39


Hartford v. Corcino (c.d. cal Oct. 7, 2013)

“The statutes … permit an injured individual to

recover damages for breach of an established

privacy right, and as such, fall squarely within the

Policy's coverage. If Hartford had intended to

include a specific distinction in its exclusion, it

could have done so when drafting its Policy.

However, the Court cannot read restrictive

language into the Policy that is not actually

there.”

40


Mitigation Costs

Average “expense” of data breach event can

be in the multi-millions.

Can company’s look to CGL policy to pay for

these expenses?

Are they “necessary” to prevent covered

personal or advertising injury claims?

41


Errors & Omissions Coverage

Also review E&O policies.

Cover “claims” for allegations of “professional”

misconduct.

Must act within “professional” capacity as

defined by policy.

Some cover “damages arising from violation

of ‘privacy’ laws.”

42


Directors & Officers Coverage

Covers certain claims for “wrongful acts, errors or

omissions” by company and its executives.

If executives have not done what may be

reasonably necessary to protect against a data

breach event, including purchasing adequate

insurance, coverage may apply.

Target class actions address failures to have

adequate protective procedures in place to

prevent data breach events.

43


What to Purchase?

What is your risk of exposure?

Involve privacy and other in-house counsel, CIO,

CTO, in the purchase/renewal process.

Policies are complex with multiple definitions—

carefully review to confirm that definitions match

business risks.

Sony ruling, new ISO exclusion, evolving risk and

associated expenses mean companies need to

think about buying specialty coverage.

44


What to Purchase?

Are limits/sublimits adequate?

Does the policy provide adequate notification,

credit monitoring, consultant, lawyer, public

relation, and other mitigation cost coverage.

Have you reviewed your trading partners’

coverage?

45


“Statutory Damages/fines/penalties”

Watch out for “fines/penalties” exclusions, or loss

definition restrictions.

Corcino court rejected Hartford’s argument that

statutory penalties are not covered “damages”:

“[t]he statutes … permit …recover[y of] damages

for breach of an established privacy right, and as

such, fall squarely within the Policy’s coverage.”

46



Standard Mutual Insurance v. Lay (Illinois S. Ct. May

2013): In TCPA action, court rejected insurer

argument that statutory damages were punitive and

uninsurable.

Congress identified harms caused by a TCPA breach

and made them compensable by a liquidated sum per

violation.

Such liquidated damages intended by Congress to

be “an incentive for private parties to enforce the

statute.”

47



Columbia Casualty v. HIAR Holdings (S. Ct.

Missouri August 2013).

Court found that fixed TCPA damages

encompassed compensable harms that were

covered as “damages.”

48


CONCLUSION

Understand the evolving nature and extent of

risks in order to properly insure.

Audit traditional coverages.

Scrutinize necessary coverage each year to

match to evolving risks.

49

WWW.KASOWITZ.COM

Growing Class Action Threat: Breaches of Consumer ...

Documents

Transcript of Growing Class Action Threat: Breaches of Consumer ...