September 18, 2021

Volume XI, Number 261

Advertisement

September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis

September 15, 2021

Subscribe to Latest Legal News and Analysis

Court’s Dismissal of Data Breach Litigation Reiterates Importance of Strategic, Informed Decisions Early on Regarding Choice of Law and Nuances Among State Laws

Data privacy litigators are well aware of the critical importance of a motion to dismiss to have meritless data incident claims kicked at the pleadings stage.  A recent decision underscores the critical importance of choice of law arguments as part of a comprehensive litigation strategy.  Why?  Well in some cases, differences between the laws of two states regarding frequently litigated data incident claims can be dispositive for purposes of a motion to dismiss.  Read on to learn more.

First, some background.  It is well-established that federal courts sitting in diversity apply the forum state’s conflict of laws rules.  For instance, in Greenstate Credit Union v. Hy-Vee, Inc., a data incident litigation recently pending in federal district court in Minnesota, the court noted that:

Under Minnesota law, the first inquiry is whether an actual conflict of laws exists.  Next, the court must determine ‘whether the law of both states can be constitutionally applied.’  If there is an outcome determinative conflict and the law of both states can be constitutionally applied, then the court applies Minnesota’s multifactor test . . .to determine which states’ law should apply.

2021 U.S. Dist. LEXIS 133894 (D. Minn. July 19, 2021).

Many data incident litigations involve common law tort claims (eg, negligence) that have some similarities across the jurisdictions.  As such, the reaction of some data privacy newbies may be reject choice of law considerations in a litigation.  After all, everyone knows a negligence claim always involves application of the same four elements (duty, breach, causation, damage) anyways, right?

Wrong answer.  Choice of law arguments can be dispositive regarding which party prevails in a litigation.  Therefore, making an informed assessment of which forum’s laws can and should apply in a data breach litigation is a mission critical inquiry at the onset of a case.

As an example, Greenstate Credit Union concerned a class action dispute arises out of Hy-Vee’s handling of a data breach that exposed consumers’ credit card data.  Plaintiff GreenState Federal Credit Union is a federally chartered credit union with its principal place of business in Iowa.  Defendant Hy-Vee is incorporated in Iowa and has its principal place of business in Iowa.  However, Hy-Vee operates supermarkets, convenience stores, and gas stations, with 240 retail stores in eight states, including Minnesota.

Why does this matter?  Plaintiff asserted claims under the Minnesota Plastic Card Security Act (PCSA), common law negligence, negligence per se, and for declaratory and injunctive relief.  Defendant argued, however, that instead of Minnesota law, the law of Iowa should govern Plaintiff’s claims.  This was motivated by the fact that unlike Minnesota, Iowa has adopted the economic loss doctrine.  As articulated by the Iowa Supreme Court, this doctrine “bars recovery in negligence when the plaintiff has suffered only economic loss.”

Here, the court found that:

GreenState’s negligence claim would be barred by Iowa’s economic loss doctrine.  GreenState’s alleged injuries – cancelling compromised cards, reissuing new cards, reimbursing members for fraudulent charges, and losing interest and transaction fees because of reduced card use — are all indirect economic losses . . .Because GreenState alleges nothing more than economic losses, Iowa law bars its negligence claims.

(emphasis supplied).

Additionally, based on Minnesota’s choice of law rules, the court found that “[a]ll of Hy-Vee’s relevant information security employees and decision-making are located in Iowa.  It is predictable that Iowa law would apply.”  For these reasons, among others, the court held that Iowa law should apply.  It then promptly dismissed Plaintiff’s claims pursuant to a straightforward application of Iowa’s damages law.

While the economic loss rule is one of the more well-known variations in state law, there are other areas involving even more nuance.  Which in turn makes choice of law considerations (and assessment of if a defendant should strategically advocate for the law of a different forum in which a litigation was filed to apply) absolutely essential.

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 203
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

216-479-8070
Advertisement
Advertisement
Advertisement