Eighth Circuit Allows Possible Sub-Class Certification in Data Breach Case
The United States Court of Appeals for the Eighth Circuit recently overturned a federal district court ruling denying certification of a sub-class. The Eighth Circuit held that the lower court abused its discretion in refusing to allow members of the putative class to attempt to certify a sub-class that may not be properly represented by the class representatives.
The case involves a national retail chain whose cyber security was breached by third-party intruders, compromising payment card data and personal information of up to 110 million customers. A preliminary class and settlement were both approved by the district court. However, one of the putative class members, who was not a class representative, objected to the settlement as not meeting the prerequisite of adequate representation and called for a sub-class of members to be certified with independent representation.
The sub-class, it was argued, is necessary because some of the class members who had data stolen, but incurred no expenses or costs making them eligible for compensation from the settlement fund – a so-called “zero-recovery subclass” – were not taken into account when the settlement agreement was reached. Since part of the agreement included a waiver by class members of all future claims against the corporation, this zero-recovery subclass would be completely barred from any type of monetary award should their personal data be used in a malicious way in the future.
The Eighth Circuit found the district court abused its discretion by failing to rigorously analyze the propriety of certification for settlement, especially once new arguments challenging the adequacy of representation were raised after the preliminary certification.
The case was remanded for district court to determine if the zero-recovery subclass should be certified.
The entire opinion may be found here: http://media.ca8.uscourts.gov/opndir/17/02/153909P.pdf.