While not exactly a note on Minnesota civil litigation, this is a note of a recent win for a Minnesota company represented by a Minnesota firm in federal court in New Jersey.
The decision is also of interest because the factual and legal issues involved — computer data breaches and no known “injury” other than a feeling of greater vulnerability to identity theft — are getting increasing attention in courts in recent years. The law is not yet fully developed.
The computer system of Ceridian, the Bloomington-based payroll processing firm, was infiltrated by a hacker in December, 2009. The hacker gained access to confidential personal information of about 27,000 employees in 1,900 companies (Ceridian payroll processing customers). In 2010, Ceridian notified individuals of the data breach and proposed a free year of credit monitoring and identity theft protection.
Entrepreneurial plaintiffs’ lawyers, however, sued Ceridian in New Jersey in a putative class action alleging negligence, breach of contract, breach of the covenants of good faith and fair dealing, consumer fraud, and violation of the New Jersey Theft Prevention Act (“TPA”), N.J.S.A. 56:11-44, et seq. and New Jersey Consumer Fraud Act (“CFA”), N.J.S.A. 56:8-19 et seq. by Defendant.
Dorsey & Whitney LLP lawyers David Singer, Steve Wells, Bryan Keane, and Sellano Simmons saw it differently and so did U.S. District Court Judge Jose Linares (D. N.J.), who granted Ceridian’s motion to dismiss last week based on plaintiffs’ lack of “injury-in-fact” and therefore lack of standing.