As reported in the Privacy & Information Security Law blog, Judge Magnuson of the U.S. District Court for the District of Minnesota certified a Federal Rule of Civil Procedure 23(b)(3) class of financial services institutions claiming damages from Target Corporation’s 2013 data breach. The class consists of “all entities in the United States and its Territories that issued payment cards compromised in the payment card data breach that was publicly disclosed by Target on December 19, 2013.”

The plaintiff financial institutions assert claims for negligence, violations of Minnesota’s Plastic Security Card Act (“PSCA”) and negligence per se (based on the alleged violation of the PSCA). The alleged damages include the costs of providing replacement cards, and reimbursing fraud losses and other post-breach remediation expenses.

The focus of Target’s class certification argument and the court’s analysis was on the intertwined concepts of commonality and predominance. Target argued that: (1) choice-of-law issues would overwhelm the other issues; (2) there was no class-wide proof to support the PSCA and negligence claims; and (3) the calculations of damages on a plaintiff-by-plaintiff basis would predominate the litigation.

Read the full post.