In an encouraging development for data breach defendants, the Superior Court of Pennsylvania recently affirmed a trial court decision rejecting class certification in a suit filed against two Medicare programs for losing a flash drive containing personal information of 286,000 subscribers. The appellate court found that since the Philadelphia Court of Common Pleas “carefully considered the numerosity, typicality, adequacy of representation, and fair and efficient method of adjudication requirements for class certification,” it had not abused its discretion by denying class certification in March 2015.  More broadly, the decision (Baum v. Keystone Mercy Health Plan, et al., No. 1250 EDA 2015 (Pa. Super. April 26, 2016)) indicates a resistance to permitting class claims to move forward where members have not suffered an ascertainable loss and where individual issues predominate, which may be the case in many data breach suits.
Continue Reading Superior Court of Pennsylvania Denies Data Breach Class Certification

This post was written by Daniel Kadar.

France has established itself as a leader in the protection of personal data. Not only does its regulation define broadly the concepts of personal and medical data, France has also implemented a specific set of policies regarding the hosting of personal medical data, requiring all bodies hosting