Conduct Remedies: The Undervalued Element of Cybersecurity and Privacy Class Actions

Locke Lord's Tara Trifon, Rusty Perdew and Hannah Oswald co-authored an article for Cybersecurity Law Report on conduct remedies as an important element of cybersecurity and privacy class action settlements. Though conduct-remedy provisions add long-lasting obligations for companies and may cost them more money, defending companies and class-action plaintiffs alike should consider including such provisions in settlement agreements, the authors write.

“Non-monetary terms in the settlement agreement can reduce or eliminate the vulnerabilities for the company facing a privacy violation or cyber incident, while at the same time conferring a benefit on the class members,” they elaborate.

The authors also offer practical guidance on crafting non-monetary terms, including what types of terms to consider, how to keep them specific and how to evaluate whether the costs of the terms outweigh their benefits. They note that regulatory and enforcement agencies may increasingly play a role negotiating conduct remedy provisions as well, given the prevalence of actions under regulations such as the California Consumer Privacy Act and the Illinois Biometric Information Privacy Act.

To read the full article, click here (subscription may be required).