In August, the Ontario Superior Court approved a class action settlement for a data breach claim against Home Depot whose payment card system was hacked in 2014. What is noteworthy about the settlement is that the court reduced its value as well as class counsels' fees.

"The case for Home Depot being culpable was speculative at the outset and ultimately the case was proven to be very weak," Justice Paul Perell wrote in his ruling in Lozanski v. The Home Depot, Inc. "The real villains in the piece were the computer hackers, who stole the data," he continued, further noting that Home Depot had responded to the data breach "as a good corporate citizen".

It also found that the plaintiff consumers had suffered minimal damages.

The data breach took place between April and September 2014. After discovering it, Home Depot promptly gave notice to the Office of the Privacy Commissioner of Canada, issued updates through press releases and published a notice in The Globe and Mail. Additionally, it sent over 500,000 emails directly to its Canadian customers, advising them that some of their payment card information might have been compromised, and another 58,605 emails, advising them that their email addresses might have been stolen in the breach.  

The class members were seeking three heads of damages as consequences of the breach: the risk of a fraudulent charge on one's credit card, the risk of identity theft and the inconvenience of checking one's credit card statement. The court fixed the damages to $250 000 (down from over $1 million), judging that the class, estimated to 500,000 Canadian customers, had suffered minimal damages. Also, there was little chance of fraudulent charges happening due to the safeguards put in place by the credit card companies. The credit card company or the retailer generally absorbs the losses if necessary. What's more, it found the risk that the information stolen would result in an identity theft to be minimal. Finally, there was nothing inconvenient about credit card holders having to check their statements since they are already required to do so.

As for honoraria damages, the court usually approves them in particular circumstances: the representative must have made an exceptional contribution that resulted in the success for the class, which was not the case in this situation. Hence, no honoraria damages were awarded.

Fee arrangements must be fair and reasonable to be approved; they should include the risk undertaken and the result achieved. They must also be appropriate so that lawyers have an economic incentive to take up a class action and to do it well.  "Fee approval," Justice Perell wrote, "is meant to be viewed through the lens of access to justice, behaviour modification, and judicial economy, and in this case, Home Depot had a good argument that it ought not to have been subject to a class proceeding at all."

Ultimately, a class action might not appear frivolous or vexatious. That does not mean that it is risk free and counsel must not anticipate that every class action will be remunerative and a profitable endeavour. "There comes a point when the litigation should be abandoned, discontinued, or settled," Justice Perell wrote.

The ultimate goal of the process of fee approval is to obtain a reasonable and fair fee given the circumstances of the case, and in the best interests of the class members. Following those criteria, Justice Perell approved the counsel fee of $120,000, down from over $400,000. 

Canadian Class Actions On Data Breach: The Good Corporate Citizen And The Villains

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.