Although, most people may think they understand what a class action is, however, the reality is more complex. A group of people cannot just bring a class action without following specific procedures. Notwithstanding the procedural impediments, however, in recent times, more class actions have been filed as the Internet is used as a primary source of communications, research, and transactions.
What is a class action lawsuit?
A class action is brought by a large group, usually under the name of one of the claimants or plaintiffs. In fact, Rule 23 of the Federal Rules of Civil Procedure clarifies when and how a class action can be brought to federal court. First, the class must be so numerous that joinder of all members is impracticable. In the past, classes have been certified with as few as 35 members, but normally there are large number of individuals in the class. Second, there must be questions of law or fact common to the class. One or more persons who are members of the class may sue or be sued as representatives of everyone in the class if their claims or defenses are typical of the claims or defenses of the class, and if they will fairly and adequately protect the interests of the class. These four basic requirements are often referred to as numerosity, commonality, typicality, and adequacy of representation.
The court then has to determine whether the group can be certified as a class in order to proceed with the lawsuit. The members of the class should be informed of any settlement between the parties. Class actions can only be brought in civil cases, but are not simply about money. They can be brought to obtain injunctive relief (i.e., a court’s restraining order). This has occurred for multiple purposes from civil rights to environmental issues. However, cases involving internet-related violations, such as online privacy and cybersecurity, are particularly challenging because there is a lack of actual damages. In most cases, the plaintiffs claim that there are foreseeable damages—i.e., potential loss, which may or may not occur in the future.
What does it mean for companies?
Nowadays, companies are being sued for damages or injunctive relief due to privacy or cybersecurity violations. In general, organizations must comply with the industry standards in order to fulfill their obligations towards customers. They also must adhere to their own terms and conditions, which was agreed to by their customers. The biggest problem companies face is when they are hacked and information is either taken to be sold (e.g., credit card numbers) or the information is taken to be leaked (e.g., Ashley Madison data breach) in the future. In these situations, it may takes a long time to determine who, when, where, how, and why the company’s network was infiltrated by the culprits. So, in most circumstances, the customers of e-commerce websites have no one to seek relief against, but from the companies directly. Therefore, companies need to protect themselves by implementing proper security measures, including, but not limited to, the following: (1) Intrusion detection system; (2) Firewall; (3) Encryption; and (4) Multi-factor authentication. An intrusion detection system is hardware or software that monitors a computer network for malicious transactions. A firewall could be hardware or software that prevents unauthorized access to private networks. Encryption translates a file into a secret code in order to prevent access except when there is a private and public key that unlock the secret code. A multi-factor authentication combines two or more independent credentials in order to grant access to a secure file. For example, one way is to require the user to enter a password, a security token, and his/her biometric data via fingerprint, retina scan, or facial recognition software into the system. On a side note, companies should purchase cyber insurance policies in order to limit their liability.
At our law firm, we assist clients with legal issues related to class actions and internet-related issues. You may contact us to set up an initial consultation.