In oral reasons delivered on Feb. 27, Justice John A. Keith of the Nova Scotia Supreme Court found that the terms of the negotiated settlement, which guarantees a base payment of $85 to all class members, are fair and reasonable, said Kate Boyle, a class actions specialist and Halifax-based partner with Wagners.
“The settlement is a good outcome for the class, in particular given the range of damages we’ve seen approved for data thefts and privacy breaches in somewhat comparable contexts,” she told Law360 Canada in an email.
In a brief statement, a Dell spokesperson said that more information about the class action and the settlement is available at www.DellSettlement.ca. “We believe this settlement is in the best interest of Dell and our customers,” the spokesperson said in an email to Law360 Canada. “The settlement is not an admission of liability.”
Boyle said the case adds to the “evolving legal landscape of privacy class actions” and related settlements.
The underlying facts of the data thefts — which were carried out by employees of a former third-party service provider for Dell and allegedly resulted in scam tech support calls to affected Dell customers — raised questions about vicarious liability for intrusion upon seclusion, questions of causation (proving the link between data thefts and the receipt of harassing scam calls) and what kind of information should be protected as “highly sensitive,” she added.
"This case falls into a distinct category, differing from both the classic employee snooper cases and hacker scenarios,” she noted. “There were serious litigation risks that are resolved by this settlement.”
Boyle said the contested certification hearing in the case in December 2022 was aided by the Ontario Court of Appeal’s “trilogy” of decisions on intrusion upon seclusion claims against hacked database defendants, which was released just days before.
Those decision were Owsianik v. Equifax Canada Co. 2022 ONCA 813, Obodo v. TransUnion of Canada, Inc. 2022 ONCA 814 and Winder v. Marriott International Inc. 2022 ONCA 815.
“While those cases involved external hacking rather than an employee (or insider) breach,” she told Law360 Canada, “they introduced new considerations regarding a corporation’s direct liability for claims of intrusion upon seclusion in data breach litigation.”
Boyle said the court must now issue an order approving the settlement, which will not become final until a five-week appeal period has passed. Once finalized, the settlement administration will begin.
Class members, who could number more than 14,000, will be eligible for the $85 base payment if they fill out a distribution form. No proof of loss is required. Those who incurred fraudulent credit card or banking charges, or who had to remediate computer or tech-related expenses due to the data thefts, could be eligible to receive up to $3,000. Supporting documentation must be provided.
The class is defined as those who received a notice about the data breach from Dell between April 2, 2018 and Jan. 25, 2019.
The court also approved a $3,000 honorarium for the representative plaintiff, Christopher Purvis. Boyle said that Justice Keith also approved class counsel fees and disbursements as fair and reasonable, but she did not provide details on the amounts.
If you have any information, story ideas or news tips for Law360 Canada, please contact John Schofield at john.schofield1@lexisnexis.ca or call 905-415-5815.