Sung et al v. Schurman Fine Papers
Filing
59
ORDER granting 46 Motion for Preliminary Approval of Class-Action Settlement. The deadlines are in the chart at the end of the order and include a date for the final approval hearing on May 31, 2018 (because the court had a conflict with the parties' date). (Beeler, Laurel) (Filed on 3/11/2018)
<![CDATA[
1
2
3
4
5
6
7
8
UNITED STATES DISTRICT COURT
9
NORTHERN DISTRICT OF CALIFORNIA
10
San Francisco Division
United States District Court
Northern District of California
11
IRENE SUNG, et al.,
Case No. 17-cv-02760-LB
Plaintiffs,
12
PRELIMINARY APPROVAL ORDER
v.
13
14
SCHURMAN FINE PAPERS d/b/a
SCHURMAN RETAIL GROUP,
15
Re: ECF No. 46
Defendant.
16
17
INTRODUCTION
This is a putative class action under Rule 23.1 The plaintiffs are current and former employees
18
19
(and their spouses and dependents) of Schurman Fine Papers d/b/a Schurman Retail Group
20
(“SRG”). They contend that a phishing attack on SRG in 2016 — and SRG’s lax security and poor
21
training — resulted in the theft of their W-2 data: names, addresses, compensation, and Social
22
Security Numbers.2 On behalf of national and state classes, they assert the following claims
23
arising out of the data breach of their personally identifying information (“PII”): (1) negligence
24
(on behalf of all classes); (2) unlawful business practices in violation of California’s Unfair
25
Competition Law (“UCL”), Cal. Bus. & Prof. Code § 17200 (on behalf of all classes); (3) unfair
26
27
28
1
First Amended Complaint (“FAC”) – ECF No. 28. Citations refer to material in the Electronic Case
File (“ECF”); pinpoint citations are to the ECF-generated page numbers at the top of documents.
2
Id. at 2 (¶ 1).
ORDER – No. 17-cv-02760-LB
1
business practices in violation of California’s UCL (on behalf of all classes); (4) breach of implied
2
contract (on behalf of the Nationwide Employee Class); (5) a violation of California’s Security
3
Breach Notification Law, Cal. Civ. Code § 1798.82 (on behalf of the California Employee Class);
4
and (6) a violation of North Carolina’s Security Breach Notification Law, N.C. Gen. Stat. §§ 75–
5
61, 75–65, et seq. (on behalf of the North Carolina Employee Class).3
The parties settled their case, and the plaintiffs filed an unopposed motion for preliminary
6
7
approval of the class-action settlement.4 The court grants the motion.
8
9
10
STATEMENT
1. Other Information About the Lawsuit to Date
United States District Court
Northern District of California
11
After the defendants filed a motion to dismiss, the plaintiffs filed the first amended class-
12
action complaint.5 The parties participated in informal discovery and then agreed to mediate their
13
case before the Honorable Edward A. Infante (Ret.), who has mediated a number of data-breach
14
cases.6 After a full-day mediation, the parties “ultimately reached an agreement on the essential
15
terms” of a settlement and signed a term sheet, and they finalized the settlement agreement over
16
the next months.7
17
18
2. Proposed Settlement
The parties agreed to the following class definitions for settlement purposes only:
19
20
Settlement Employee Class: All persons who are or were employees of SRG or its
affiliates (collectively “SRG”) and whose W-2 information was involved in the
Data Incident.
Settlement Third-Party Class: All individuals who were Qualifying Spouses or
Qualifying Adult Dependents (as defined in the Settlement Agreement) of a
Settlement Employee Class Member.
21
22
23
24
25
26
27
28
3
Id. at 17–24.
4
Mot. – ECF No. 46; Statement of Non-Opposition – ECF No. 50.
5
ECF Nos. 15, 28.
6
Mot. – ECF No. 46-1 at 6.
7
Id.
ORDER – No. 17-cv-02760-LB
2
1
2
3
4
Unless expressly distinguished, “Settlement Class” or “Settlement Class Members”
refers to both of the above-defined classes collectively.
Excluded from the Settlement Class are any entity in which SRG has a controlling
interest, is a parent or subsidiary, or which is controlled by SRG, as well as the
officers, directors, affiliates, legal representatives, heirs, predecessors, successors,
and assigns of SRG.8
In summary form, the Settlement Agreement9 is as follows:
5
2.1 Identity Theft Protection Services
6
SRG originally offered two years of credit monitoring to its employees through AllClear ID.
7
The Settlement Agreement provides extended credit monitoring through AllClear ID for all
8
Settlement Class Members, regardless of whether they previously enrolled in the credit
9
monitoring, through March 20, 2022.10 Unless they have timely opted out of the Settlement,
Settlement Class Members who have already enrolled will have their coverage extended
11
United States District Court
Northern District of California
10
automatically.11 Settlement Class Members who have not enrolled will have until July 13, 2018
12
(the “Election Deadline”) to submit an Election Form to enroll in the credit monitoring.12
13
2.2 Settlement Administration Account and Reimbursement of Economic Costs
14
SRG will fund a non-reversionary Settlement Administration Account of $325,000 for the
15
reimbursement of economic costs incurred by Settlement Class Members that are not reimbursable
16
under the original or additional AllClear Plans.13 Settlement Class Members may submit one or
17
more claims for reimbursement of such economic costs (including mileage reimbursement at the
18
current IRS rate) up to an aggregate total of $500 per Settlement Class Member.14 Settlement
19
Class Members may also submit a claim for time spent addressing the Data Incident at a rate of
20
$15 per hour for up to 10 hours, for a total of $150.15 The total reimbursable amount thus is $650.
21
22
23
8
Settlement Agreement – ECF No. 46-2 at 56 (¶¶ 1.28, 1.32, 1.33), 102.
9
Capitalized terms in this order have the definition given to them in the Settlement Agreement.
10
24
Settlement Agreement – ECF No. 46-2 at 58 (¶¶ 5.1.2–5.1.3). At the preliminary-approval hearing,
the parties represented that the value of the credit monitoring exceeded $1.4 million.
25
11
Id. at 58 (¶¶ 5.1.1).
12
Id. at 54 (¶¶ 1.9).
13
Id. at 64 (¶ 5.2.4).
14
Id. at 60 (¶ 5.2).
15
Id.
26
27
28
ORDER – No. 17-cv-02760-LB
3
1
Class Members must make their claims on the Reimbursement Form and Affirmation Form.16 In
2
the event that the value of the Claims exceeds or is less than the Settlement Consideration, the
3
Settlement Class Members will receive increased or decreased pro-rata distributions.17
4
2.3 Nonmonetary Relief
5
SRG agrees to implement and maintain the following data-security practices:
a. The creation and implementation of an information security program containing
policies, procedures, and technical controls regarding the handling of employee
PII;
b. Training and education by a qualified third party of SRG employees who handle
PII; and
c. Testing of SRG employees who handle PII and retraining as necessary.18
6
7
8
9
2.4 Attorney’s Fees and Costs
11
United States District Court
Northern District of California
10
The plaintiffs’ counsel will petition the court for an award of reasonable attorney’s fees and
12
costs not to exceed $237,000; the fees will not reduce the Settlement Consideration available for
13
Settlement Class Members.19 SRG will not oppose the motion.20
14
2.5 Service Awards
15
The plaintiffs will petition for, and SRG will not oppose, service awards of $1,500 each (not to
16
exceed a total of $15,000); the awards will not reduce the Settlement Consideration available for
17
Settlement Class Members.21
18
2.6 Release
19
In return for the settlement relief, the Settlement Agreement has release provisions. SRG and
20
its affiliated entities (the “Released Parties”) will receive a release of claims arising out of or
21
related to: (1) the disclosure of the Settlement Class Members’ personal information; (2) SRG’s
22
maintenance of the Settlement Class Members’ personal information; (3) SRG’s policies, practices
23
24
25
26
27
28
16
Id. at 60 (¶ 5.2) and 112, 114 (Exs. C–D).
17
Id. at 61 (¶ 5.2.4).
18
Id. at 62 (¶¶ 5.3–5.3.3). At the preliminary-approval hearing, the parties represented that the value of
the nonmonetary relief was substantial.
19
Id. at 72 (¶ 10.1).
20
Id. (¶ 10.2).
21
Id. (¶¶ 10.1–10.2).
ORDER – No. 17-cv-02760-LB
4
1
or procedures relating to the maintenance, handling, and security of Employee personal
2
information, including the training relating to the same and responses to breach incidents; (4)
3
SRG’s provision of notice to Settlement Class Members following the Data Incident; (5) the Data
4
Incident, including SRG’s response thereto; and (6) any event, matter, dispute or thing that in
5
whole or in part, directly or indirectly, relates to or arises out of (1) through (5) above (the
6
“Released Claims”), provided that nothing in the Release is intended to, does or shall be deemed
7
to release any claims not arising out of, based upon, resulting from, or related to the Data
8
Incident.22
2.7 Administration
9
SRG will provide the Settlement Administrator (Rust Consulting23) with the address
10
United States District Court
Northern District of California
11
information (including emails and addresses (to the extent reasonably available) for Settlement
12
Class Members. The administrator will verify or update the mailing addresses received through the
13
National Change of Address database or similar database and thereafter send each Class Member
14
by email and U.S. mail a copy of the Summary Notice and the Election, Reimbursement and
15
Affirmation Forms. The Summary Notice contains a description of the material terms of the
16
settlement including the class definitions, a description of the Settlement Consideration, claims
17
procedures, deadlines, procedures for exclusion, procedures for objections, and information about
18
the settlement website (where Settlement Class Members can access the Settlement Agreement,
19
the Long Form Notice (with answers to frequently asked questions), and other related documents
20
and information).
21
The Settlement Agreement describes these procedures in detail.24 The forms of Notice are
22
attached to the Settlement Agreement.25 The costs of administration are a flat fee of $35,000.
23
24
25
26
27
28
22
Id. at 70–72 (¶¶ 9.1–9.6).
23
See ECF No. 58.
24
Settlement Agreement – ECF No. 46-2 at 64–70 (¶¶ 7.1–8.10.2).
25
Id. at 91–110, Ex. A–B.
ORDER – No. 17-cv-02760-LB
5
ANALYSIS
1
2
1. Jurisdiction
The court has jurisdiction under the Class Action Fairness Act (“CAFA”), 28 U.S.C. §
3
4
1332(d)(2).
5
6
2. Conditional Certification of Settlement Classes
The court reviews the propriety of class certification under Federal Rule of Civil Procedure
7
8
23(a) and (b). When parties enter into a settlement before the court certifies a class, the court
9
“must pay ‘undiluted, even heightened, attention’ to class certification requirements” because the
court will not have the opportunity to adjust the class based on information revealed at trial. Staton
11
United States District Court
Northern District of California
10
v. Boeing, 327 F.3d 938, 952–53 (9th Cir. 2003) (quoting Amchem Prods., Inc. v. Windsor, 521
12
U.S. 591, 620 (1997)); Hanlon v. Chrysler Corp., 150 F.3d 1011, 1019 (9th Cir. 1998).
Class certification requires the following: (1) the class must be so numerous that joinder of all
13
14
members individually is “impracticable”; (2) there are questions of law or fact common to the
15
class; (3) the claims or defenses of the class representatives must be typical of the claims or
16
defenses of the class; and (4) the person representing the class must be able to fairly and
17
adequately protect the interests of all class members. Fed. R. Civ. P. 23(a); Staton, 327 F.3d at 953.
18
The court finds preliminarily (for settlement purposes only) that the proposed Settlement
19
Classes meet the Rule 23(a) requirements of numerosity, commonality, typicality, and adequacy.
20
First, there are approximately 2,700 in the Settlement Employee Class.26 The class is so
21
numerous that joinder of all members is impracticable.
Second, there are questions of law and fact common to the class. The class members allege
22
23
identical claims under a breach-of-contract theory, and they allege identical UCL and negligence
24
claims. The lawsuit involves a single data breach, which raises the following common issues for
25
the Settlement Class Members: (a) whether SRG disclosed their PII; (b) whether it failed to protect
26
their PII with industry-standard protocols and technologies; (c) whether SRG had notice that it
27
28
26
Mot. – ECF No. 46-1 at 12.
ORDER – No. 17-cv-02760-LB
6
1
was a target for hacking or phishing; and (d) whether SRG promised the Settlement Class
2
Members that it would protect their PII that they provided as a condition of their employment.27
Third, the claims of the representative parties are typical of the claims of the class. All
3
4
Settlement Employee Class Members allege that they provided PII to SRG as a condition of
5
employment, and they may have provided PII for their spouses or other dependents. All
6
representatives possess the same interest and suffer from the same injury. Betorina v. Randstad
7
U.S., L.P., No. 15-cv-0346-EMC, 2017 WL 1278758, *4 (N.D. Cal. April 6, 2017).
Fourth, the representative parties will fairly and adequately protect the interests of the class.
8
9
They share the same interests as Settlement Class Members, there are no conflicts of interest, and
10
the named plaintiffs and counsel will vigorously prosecute the case. See Hanlon, 150 F.3d at 1020.
The court also finds preliminarily (and for settlement purposes only) that questions of law or
United States District Court
Northern District of California
11
12
fact common to class members predominate over any questions affecting only individual
13
members, and a class action is superior to other available methods for fairly and efficiently
14
adjudicating the controversy. See Fed. R. Civ. P. 23(b)(3); Brown v. Hain Celestial Group, Inc.,
15
No. 11-cv-03082-LB, 2014 WL 6483216, at *15–20 (N.D. Cal. Nov. 18, 2014). The court
16
identified the common factual and legal questions, above. There are no individual issues that
17
predominate over these common questions. All claims arise from one data breach, and liability can
18
be determined on a class-wide basis. See Betorina, 2017 WL 1278758, at *5. Given the class size,
19
and the prospect of individual, expensive trials, the class action is a superior method of
20
adjudication.
The court finds too that certification of a nationwide class under California law is appropriate
21
22
under the facts of this case. See Ellsworth v. U.S. Bank, N.A., No. 3:12-cv-02506-LB, 2015 WL
23
12952698, *3 (N.D. Cal. Sept. 24, 2015).
The court thus conditionally certifies the Settlement Classes for settlement purposes only and
24
25
for the purposes of giving the Classes notice of the settlement and conducting a final approval
26
hearing.
27
28
27
Id. at 12–13.
ORDER – No. 17-cv-02760-LB
7
1
2
3. Preliminary Approval of Settlement
The approval of a class-action settlement has two stages: (1) the preliminary approval, which
3
authorizes notice to the class; and (2) a final fairness hearing, where the court determines whether
4
the parties should be allowed to settle the class action on the agreed-upon terms.
5
Settlement is a strongly favored method for resolving disputes, particularly “where complex
6
class action litigation is concerned.” Class Plaintiffs v. City of Seattle, 955 F.2d 1268, 1276 (9th
7
Cir. 1992); see, e.g., In re Pac. Enters. Sec. Litig., 47 F.3d 373, 378 (9th Cir. 1995). A court may
8
approve a proposed class-action settlement only “after a hearing and on finding that it is fair,
9
reasonable, and adequate.” Fed. R. Civ. P. 23(e)(2). The court need not ask whether the proposed
settlement is ideal or the best possible; it determines only whether the settlement is fair, free of
11
United States District Court
Northern District of California
10
collusion, and consistent with the named plaintiffs’ fiduciary obligations to the class. See Hanlon,
12
150 F.3d at 1026–27 (9th Cir. 1998). In Hanlon, the Ninth Circuit identified factors relevant to
13
assessing a settlement proposal: (1) the strength of the plaintiff’s case; (2) the risk, expense,
14
complexity, and likely duration of further litigation; (3) the risk of maintaining class-action status
15
throughout trial; (4) the amount offered in settlement; (5) the extent of discovery completed and
16
the stage of the proceeding; (6) the experience and views of counsel; (7) the presence of a
17
government participant; and (8) the reaction of class members to the proposed settlement. Id. at
18
1026 (citation omitted).
19
“Where a settlement is the product of arms-length negotiations conducted by capable and
20
experienced counsel, the court begins its analysis with a presumption that the settlement is fair and
21
reasonable.” Garner v. State Farm Mut. Auto Ins. Co., 2010 WL 1687832, *13 (N.D. Cal. Apr. 22,
22
2010); see, e.g., Rodriguez v. West Publ’g Corp., 563 F.3d 948, 965 (9th Cir. 2009) (“We put a
23
good deal of stock in the product of an arms-length, non-collusive, negotiated resolution . . . .”);
24
Nat’l Rural Telecomm. Coop. v. DirecTV, Inc., 221 F.R.D. 523, 528 (C.D. Cal. 2004).
25
26
The court has evaluated the proposed settlement agreement for overall fairness under the
Hanlon factors and concludes that preliminary approval is appropriate.
27
28
ORDER – No. 17-cv-02760-LB
8
First, the settlement is the product of serious, non-collusive, arm’s-length negotiations and was
1
2
reached after mediation with an experienced mediator and after extensive settlement discussions
3
involving sophisticated counsel for all parties.
Second, the parties engaged in discovery regarding liability and damages.
5
Third, the settlement has no obvious deficiencies. There is no reversion. The settlement
6
provides real benefits to the class, including cash benefits and changed business practices that
7
benefit employees. Looking at the plaintiffs’ possible recoveries through litigation, it is unlikely
8
that they would receive a more favorable result. (The harm identified by the plaintiffs includes
9
harm resulting from monitoring accounts, dealing with fraudulent tax returns, delayed refunds (for
10
some), and decreased credit scores for two named plaintiffs due to unauthorized credit checks run
11
United States District Court
Northern District of California
4
on their names.28) A related point about damages is that there are risks that attend data breach
12
litigation, including issues about standing (as SFG argued in its motion to dismiss).29
In sum, the court finds that viewed as a whole, the proposed settlement is sufficiently “fair,
13
14
adequate, and reasonable” such that preliminary approval of the settlement is warranted. See
15
Officers for Justice v. Civil Serv. Comm’n of the City and Cnty. of San Francisco, 688 F.2d 615,
16
625 (9th Cir. 1982). The court thus approves the settlement agreement preliminarily and authorizes
17
notice to the class.
18
The court will address the issue of attorney’s fees at the final fairness hearing. See Hanlon, 150
19
F.3d at 1029 (twenty-five percent is a benchmark in common fund cases); cf. Vizcaino v. Microsoft
20
Corp., 290 F.3d 1043, 1048 (9th Cir. 2002) (twenty-five percent benchmark, though a starting
21
point for analysis, may be inappropriate in some cases; fees must be supported by findings).
22
23
4. Appointment of Class Representative, Class Counsel, and Claims Administrator
24
The court appoints the plaintiffs Irene Sung, Kimberly Carboni, Annie Fulton, Cary Berger,
25
Emmalyne Owens, Ruth Phelps, Christine Willetts, Linda Graves, and Christine Nizibian as Class
26
27
28
28
Mot. – ECF No. 46-1 at 8.
29
Mot. – ECF No. 15.
ORDER – No. 17-cv-02760-LB
9
1
Representatives for the Settlement Employee Class. The court appoints the plaintiff Melissa
2
Berger as Class Representative for the Settlement Third-Party Class. The court finds provisionally
3
that they have claims that are typical of members of the Settlement Classes generally and that they
4
are adequate representatives of the other members of the proposed Settlement Classes.
5
The court appoints Rosemary M. Rivas of Levi & Korsinsky, LLP and Gayle M. Blatt of
6
Casey Gerry Schenk Francavilla Blatt & Penfield LLP as Settlement Class Counsel and finds that
7
they have the appropriate qualifications, experience, and expertise in prosecuting class actions.
8
The court designates and approves Rust Consulting as the claims administrator. It will
9
10
administer the settlement subject to the oversight of the parties and this court, as described in the
Settlement Agreement.
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
5. Class Notice
The court approves the class notice and plan, including the Short Form and Long Form
Notices and the Affirmation Form, Reimbursement Form, and Election Form.30 The court finds
that the class notice provides the best notice practicable, satisfies the notice requirements of Rule
23, adequately advises Settlement Class Members of their rights under the settlement agreement,
and meets the requirements of due process. The forms of notice fairly, plainly, accurately, and
reasonably provides class members with all required information, including (among other things):
(1) a summary of the lawsuit and claims asserted; (2) a clear definition of the classes; (3) a
description of the material terms of the settlement; (4) a disclosure of the release of the claims
should they remain class members; (5) an explanation of class members’ opt-out rights, a date by
which they must opt out, and information about how to do so; (6) the date, time, and location of
the final fairness hearing; and (7) the identity of class counsel and the provisions for attorney’s
fees, costs, and class-representative service awards.31 See Fed. R. Civ. P. 23(c)(2)(B). The parties
— by agreement — may revise the Notice forms in ways that are not material, such as for
accuracy or formatting.
30
Settlement Agreement – ECF No. 46-2 at 91–117, Exs. A–E.
31
Notice – ECF No. 145-1 at 33–42.
ORDER – No. 17-cv-02760-LB
10
1
7.2
Final Approval Hearing
The Final Approval Hearing will be on May 31, 2018, at 9:30 a.m. at the United States
2
Courthouse for the Northern District of California, 450 Golden Gate Avenue, 15th Floor,
4
Courtroom C, San Francisco, CA 94102. At the hearing, the court will consider whether to: (1)
5
grant final certification of the Settlement Classes; (2) finally approve the Settlement Agreement
6
and the releases in it; (3) approve the service awards; and (4) award attorney’s fees and costs to
7
Class Counsel. The court may, for good cause, extend any of the deadlines in this order or
8
continue the final approval hearing without further notice to the Settlement Class members, except
9
that notice of any such extensions must be included on the Settlement Website. Settlement Class
10
Members should check the Settlement Website regularly for updates and further details regarding
11
United States District Court
Northern District of California
3
extensions of these deadlines. Exclusions and Objections must meet the deadlines and follow the
12
requirements set forth in the approved Class Notice in order to be valid.
13
7.3
Requests for Exclusion From the Settlement
14
Class members may exclude themselves from the settlement by sending a written notice of that
15
intent to the designated post office box designated in the Notice. All requests for exclusion must
16
be postmarked by May 14, 2018.
17
7.4
Objections to the Settlement
18
Settlement Class Members may object to the settlement (so long as they do not timely opt out
19
of the Settlement Class) by sending written objections postmarked no later than May 14, 2018 to
20
the Clerk of Court, with the following information: (1) the case name and number (Sung v.
21
Schurman Fine Papers, No. 3:17-cv-02760-LB); (2) the Class Member’s name, current postal
22
address, current phone number and any email address; (3) a written statement of the grounds for
23
the objection, accompanied by any legal support for the objection and any evidence that the
24
objecting Settlement Class Member wants to introduce as evidence; (4) the identity of any counsel
25
representing the objector, including any former or current counsel who may claim entitlement to
26
compensation for any reason related to the objection to the Settlement or the Fee Application; (5) a
27
statement confirming whether the objector will appear and/or testify at the Final Approval Hearing
28
and the identification of any counsel representing the objector who intends to appear at the Final
ORDER – No. 17-cv-02760-LB
12
1
Approval Hearing; (6) a list of any persons who will be called to testify at the Final Approval
2
Hearing; and (7) the objector’s signature signed under oath and penalty of perjury or, if legally
3
incapacitated, the signature of a duly authorized representative (along with documentation setting
4
forth the incapacitation and representation).33 Settlement Class Members who want to speak for or
5
against the proposed Settlement may speak at the Final Approval Hearing, if they have provide the
6
written notice of their intent to appear (together with the other information set forth earlier in this
7
paragraph) postmarked or filed by May 14, 2018 (45 days after the Notice of Class Action
8
Settlement is completed). The court can excuse a failure to comply with this requirement for good
9
cause. At the Final Approval Hearing, Settlement Class Counsel and counsel for SRG must be
prepared to respond to objections filed by Settlement Class Members and to provide other
11
United States District Court
Northern District of California
10
information, as necessary, bearing on whether the Settlement should be approved
12
7.5
Other Orders
13
Settlement Class Counsel and Defendant are authorized to take, without further court approval,
14
all necessary and appropriate steps to implement the Settlement Agreement including the approved
15
notice plan.
CONCLUSION
16
17
The court approves the settlement preliminarily. This disposes of ECF No. 46.
18
IT IS SO ORDERED.
19
Dated: March 11, 2018
______________________________________
LAUREL BEELER
United States Magistrate Judge
20
21
22
23
24
25
26
27
28
33
Settlement Agreement – ECF No. 46-2 at 69–70 (¶ 8.10.1).
ORDER – No. 17-cv-02760-LB
13
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
