Senior Communications Manager
Matthew Gardner Discusses Home Depot Data Breach Settlement
Matthew J. Gardner, of counsel in Wiley Rein’s Cybersecurity, Data & Network Security Practice, was quoted in a March 8 Law360 article about Home Depot’s settlement of a customer lawsuit that stemmed from the company’s 2014 data breach. According to the article, Home Depot agreed to establish a $13 million settlement fund to compensate consumers for out-of-pocket losses or unreimbursed expenses “fairly traceable” to the breach, pay an additional $6.5 million to finance 18 months of identity protection services for all class members whose payment card data was exposed through the breach, and implement new data security measures.
The article explains that this resolution, like a 2015 settlement involving Target Corp., provides a potential way for plaintiffs to clear a hurdle that typically arises in data breach cases—the difficulty of proving the harm necessary to establish standing to sue.
“Conventional wisdom, for some time, has been that individual plaintiffs in these cases don’t have standing because they don’t have injury,” Mr. Gardner said. “This is a strong counterpoint to that.”
The settlement requires Home Depot to take “reasonable” steps to secure data. But Mr. Gardner said it may be tricky to prove such steps have been taken, because there is widespread uncertainty over what constitutes reasonable data security safeguards.
To read the complete article, please click here.