Commentary Addressing Risks and Opportunities Through the Lifecycle of Data, Technology, Advertising and Innovation

Data Counsel

Home | Data Counsel

<p>The parties in the <a href="https://www.dataprivacymonitor.com/data-breaches/loss-of-personal-information-in-security-breach-results-in-loss-of-some-unidentified-value/">Claridge v. RockYou</a> case submitted a <a href="http://www.scribd.com/doc/72823685/Claridge-v-RockYou-Settlement-Agreement">proposed settlement agreement</a> to the court for approval on November 14, 2011.&nbsp; This case, which was filed shortly after RockYou disclosed a breach that compromised 32 million log-in credentials, received national attention in the spring.&nbsp; In April 2011, the California federal district court <a href="http://www.scribd.com/doc/53080958/Claridge-v-Rockyou-09-6032-PJH-N-D-Cal-Apr-11-2011">declined</a> to dismiss the plaintiff&rsquo;s breach of contract and negligence claims by finding that: &ldquo;at the present pleading stage, plaintiff has sufficiently alleged a general basis for harm by alleging that the breach of his PII has caused him to lose some ascertainable but unidentified &ldquo;value&rdquo; and/or property right inherent in the PII.&rdquo;&nbsp; Notwithstanding the court&rsquo;s skepticism concerning the plaintiff&rsquo;s ultimate ability to prove any actual damages, the court&rsquo;s recognition of a property right in personal information sufficient to meet the Article III standing requirement was immediately advanced by plaintiffs in other similar cases.&nbsp; Indeed, the RockYou decision and the recent First Circuit decision in <a href="https://www.dataprivacymonitor.com/data-breaches/does-the-1st-circuits-decision-in-hannaford-signal-a-changing-tide/">Hannaford</a> stand out from the seemingly constant stream of decisions dismissing putative class actions filed against companies who disclose data breaches.</p>
<p>The proposed settlement is very modest&mdash;under the proposed terms RockYou: (1) consents to a 36-month injunction during which it will retain a third-party to conduct two audits of its security policies concerning consumer records; (2) agrees to pay the plaintiff $2,000 as well as the plaintiff&rsquo;s attorney&rsquo;s fees of $290,000; and (3) represents and warrants that it is financially unable to provide the monetary relief sought by the plaintiff.&nbsp; Because only the plaintiff&rsquo;s claims would be dismissed with prejudice, other putative class members may still assert claims for monetary damages.&nbsp; It is important to note that the proposed settlement does not vacate the district court&rsquo;s April 2011 decision, leaving it of record for other plaintiffs to reference in future putative class actions.&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>

RockYou Proposed Settlement Would Leave Decision Standing