AvMed, Spokeo Verdicts to Impact Third-Party Liability Coverage0 April 1, 2014 at 2:59 pm by Ed Goodman
Two recent class action lawsuits are likely to have a ripple effect on third-party liability claims and coverages in the future.
AvMed Inc., a Florida health insurance company, has agreed to a $3 million settlement, marking the first class action lawsuit in which plaintiffs are compensated without suffering actual financial harm as a result of a data breach.
Meanwhile, a federal appellate court gave the go ahead for a plaintiff to sue Spokeo Inc. for violating the Fair Credit Reporting Act (FCRA). The court conferred standing when it deemed this violation of a statutory right sufficient for the case to proceed even though the plaintiff suffered no actual harm.
Insurance carriers would do well to take note. Together, these two cases make it easier for plaintiffs to pursue data breach or class action lawsuits and to recover damages for identity theft and fraud—even when they’ve experienced no actual monetary harm. Also, it will become harder for such lawsuits to be dismissed under the simple 12(b)(6) motion and other standing-related issues that would lower the chances of cases getting their day in court.
The Spokeo case alone represents a potential sea change when it comes to clearing the hurdle of the standing requirement. It shows us that when a plaintiff’s statutory right is allegedly violated, he can more easily prove there is injury-in-fact and that the elements of causation and redress can be satisfied—and that’s without sustaining actual damages.
Though Robins v. Spokeo centers on an FCRA-related claim, smart plaintiff’s lawyers will apply the case to other statutory schemes that create a private right of action and grant automatic standing to anyone who alleges a claim for the willful violation of that statutory right. An easy application could be the violation of state breach notification statutes that allow private right of action and enforcement by that state’s attorney general.
When the cases are juxtaposed, we see that plaintiffs:
1. Can more easily proceed with a data breach or class action lawsuit when a plaintiff’s statutory right has been violated—even if the plaintiff has experienced no monetary harm—thanks to Spokeo.
2. Can recover damages for identity theft and fraud even absent compensable damages under AvMed. As the court in AvMed stated:
“Plaintiffs have pled a cognizable injury and have pled sufficient facts to allow for a plausible inference that AvMed’s failures in securing their data resulted in their identities being stolen. They have shown a sufficient nexus between the data breach and the identity theft.”
Savvy class action lawyers will recognize these two decisions for what they are: Two main hurdles to data breach litigation removed. Sure plaintiff’s lawyers still need to exercise some creativity to find the right statutory schemes to sue under, but taken together and in the right hands, these two cases could be game changers in the ongoing attempts to squeeze money from companies for data breach exposures.
Note: By submitting your comments you acknowledge that insBlogs has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Please note that due to the volume of e-mails we receive, not all comments will be published and those that are published will not be edited. However, all will be carefully read, considered and appreciated.