Data breach litigation ramped up significantly in 2022, with more filings overall and filings in smaller data privacy events, according to BakerHostetler’s annual Data Security Incident Response Report.
The law firm tracked a five-year trend showing a higher percentage of events resulting in at least one lawsuit—from four lawsuits out of 394 in 2018 up to 42 out of 494 analyzed by BakerHostetler in 2022. Last year’s data also showed 153 regulatory inquiries.
“Lawsuits nearly doubled year over year. No longer are only the ‘big breaches’ capturing attention,” reported the team at BakerHostetler in the report, adding, “Another multiyear trend is that lawsuits are being filed over small incidents. In 2022, four lawsuits were filed in incidents where fewer than 1,000 individuals were notified. Incidents where fewer than 100,000 individuals (but more than 1,000) were notified, resulted in 14 lawsuits.”
While more lawsuits have been filed over data breaches, plaintiffs have seen less success in achieving class certification, the firm said.
BakerHostetler also highlighted “… the surge of new lawsuits based on security incidents and allegations of violations of privacy laws.” California’s Invasion of Privacy Act (CIPA) has resulted in “a wave” of more than 100 class-action lawsuits targeting retailers and consumer service providers’ use of online chat features.
Illinois’ Biometric Information Privacy Act (BIPA) has resulted in more than 1,700 class actions since 2017, and there are no signs of slowing down, the firm said. Last year also ushered in a new age of regulatory activity around tracking-pixel technologies, coinciding with the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization and heightened attention to healthcare facilities’ data-tracking practices.
“A deluge of class actions was filed, alleging various causes of action stemming from the use of this technology. For many healthcare entities, 2022 will be remembered as ‘The Year of the Pixel,’” commented Baker Hostetler. “Since August 2022, more than 50 lawsuits have been filed against hospital systems, alleging they track and disclose patients’ identities and online activities via third-party website analytics tools without the website visitors’ knowledge and consent.”
The firm added, “We are currently defending more than 200 privacy or data security lawsuits. Over 50 of those cases involve Pixel-related issues.”
Article Published By: Zywave, Inc.