Fourth Circuit

A court in the District of South Carolina recently denied class certification in a putative consumer data breach class action after concluding that the proposed class and sub-classes were not ascertainable. See In re Blackbaud, Inc., Customer Data Breach Litigation, 2024 WL 21555221 (D.S.C. May 14, 2024).

In February 2022, plaintiffs filed suit against Blackbaud, a business-to-business software company that sells cloud-computing services to social good organizations. Plaintiffs, who had provided personal information to Blackbaud’s customers, alleged that their information was compromised during a breach of Blackbaud’s data centers. In December 2022, plaintiffs moved to certify nationwide and sub-classes representing individuals whose “unencrypted information was stored on the database” of a Blackbaud customer. In support of class certification, plaintiffs sought to demonstrate that the proposed classes were ascertainable by relying on (1) expert opinion, (2) Blackbaud’s discovery responses, (3) customer notices Blackbaud sent following the breach, and (4) Blackbaud’s use of a database to comply with the California Consumer Privacy Act. The court rejected each of those arguments.Continue Reading South Carolina Federal Court Denies Class Certification in Consumer Data Breach Case

In Elegant Massage, LLC v. State Farm Mutual Automobile Insurance Co., 95 F.4th 181 (4th Cir. 2024), the Fourth Circuit took the unusual step of exercising interlocutory appellate jurisdiction over an order denying a motion to dismiss.  Having granted a petition for interlocutory review under Federal Rule of Civil Procedure 23(f) of a class certification order, the court concluded that its review of the class order required it also to review the district court’s earlier denial of the defendant’s motion to dismiss. Continue Reading In Rare Move, Fourth Circuit Exercises Pendent Jurisdiction Over Non-Final Order

The Fourth Circuit recently reinstated a wrongful death suit against a defendant, holding that the release in a settlement of consumer class actions against the defendant did not preclude plaintiff’s personal injury suit against that same defendant.  See In re Lumber Liquidators Chinese-Manufactured Flooring Prod. Mktg., Sales Pracs. & Prod. Liab. Litig., — F. 4th —, 2024 WL 174363 (4th Cir. Jan. 17, 2024).  The Fourth Circuit’s decision is notable given that class members—including plaintiff—explicitly agreed to release all personal injury claims against the defendant, yet the Fourth Circuit held that the plain language of the release was limited by the “identical factual predicate” doctrine and allowed the class member to raise this challenge in a subsequent lawsuit.Continue Reading Fourth Circuit Holds That Consumer Class Action Release Does Not Necessarily Release Personal Injury Claims

A procedural violation of a state’s privacy statute is not alone enough to establish Article III standing—a plaintiff must suffer a concrete injury, such as an increased risk of identity theft.  The Fourth Circuit’s decision in O’Leary v. TrustedID, Inc., 2023 WL 2125996 (4th Cir. Feb. 21, 2023) confirms this—but also illustrates how Article III standing is a two-edged sword that may allow a plaintiff to defeat a defendant’s attempt to remove a case to federal court. 

The plaintiff in O’Leary filed a class action against TrustedID in South Carolina state court for allegedly violating South Carolina’s Financial Identity Fraud and Identity Theft Protection Act, S.C. Code Ann. § 37-20-180.  The statute prohibits requiring consumers to use six or more digits of their Social Security numbers to access a website without also requiring some other authentication measure.  The plaintiff alleged that TrustedID’s website required him to provide six digits of his Social Security number and did not have any other safety precautions, such as a password requirement.Continue Reading Fourth Circuit Remands Class Action to State Court After Plaintiff Questions His Own Standing

If a tree falls in the forest but no one is around to hear it, did it make a sound?  Philosophers disagree.  If a product contains a contaminant but no one gets sick, did it cause an injury?  Judges disagree.

In the 2000s, enterprising plaintiffs’ attorneys attempted to push the boundaries of existing tort law by arguing that plaintiffs are entitled to damages for defects even when they cause no physical injury.  These so-called “no-injury” theories of liability were largely rejected by courts.  E.g., Rivera v. Wyeth-Ayerst Lab’ys, 283 F.3d 315, 320–21 (5th Cir. 2002) (dismissing “no-injury products liability law suit”); Johnson v. Bankers Life & Cas. Co., 2014 WL 4494284, at *7 (W.D. Wis. Sept. 12, 2014) (recognizing that in the “consumer product context, courts routinely find lack of standing where—while a product may have been defective in the hands of others—the individual plaintiffs did not suffer the defect and, therefore, suffered no injury”).

While these cases closed the door on “no-injury” product liability claims, they left open the possibility of other “no-injury” claims, such as claims that a manufacturing defect breached a warranty or constituted fraud.  E.g., Cole v. Gen. Motors Corp., 484 F.3d 717, 723 (5th Cir. 2007) (“Notably in this case, plaintiffs may bring claims under a contract theory based on the express and implied warranties they allege.”).

Whether and when “no-injury” claims are viable is a hotly debated question.  As more fully discussed below, courts disagree on whether a plaintiff who has purchased a contaminated or defective product—but who has successfully used the product for its intended purpose while suffering no physical injury—can maintain a claim.Continue Reading A Closer Look: Does Purchasing a Defective or Contaminated Product Always Cause an Article III Injury?

The Fourth Circuit’s opinion last week in In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions.  Following a data breach of the Starwood guest reservation system, Marriott investors brought securities claims alleging that the purported failure to disclose vulnerabilities in Starwood’s IT systems rendered certain public statements false or misleading.Continue Reading Fourth Circuit Holds Statements About Importance of Data Security Not Actionable

The Fourth Circuit recently clarified two points of law on which it had not previously spoken: (1) who bears the burden when a class member objects to a proposed settlement as unfair, unreasonable, and inadequate; and (2) whether an objecting class member can be required to release a valueless claim without compensation.  1988 Tr. for Allen Child. Dated 8/8/88 v. Banner Life Ins. Co., 2022 WL 774731 (4th Cir. Mar. 15, 2022).  In a long-running dispute between a life insurance company and a class of its policyholders, policyholder 1988 Trust for Allen Children Dated 8/8/88 (the “Trust”) opted out and objected to the proposed settlement.Continue Reading Fourth Circuit Rules that Settling Parties, Not Objectors, Bear the Burden of Showing a Proposed Class Settlement Should Be Approved