Home Depot recently agreed to boost its data security practices and fund identity theft services in addition to paying $13 million to settle putative consumer class claims over its massive 2014 data breach, a model that attorneys say is likely to catch on as a popular way to address the difficulties with quantifying harm for data losses.
In a motion filed Monday, a putative class of consumers notified the court that it had struck a "cash-plus" deal with Home Depot Inc. that requires the retailer to establish a $13 million settlement fund to compensate consumers for out-of-pocket losses or unreimbursed expenses "fairly traceable" to the data breach, pay an additional $6.5 million to finance 18 months of "identity protection" services for all class members who had their payment card data exposed through the breach, and implement new data security measures...
"Any time that a company is committing to additional security measures, that's good for consumers," Haynes and Boone LLP attorney Emily Westridge Black said. "These things cost money, and they are being done to enhance security. They are a value that Home Depot is providing."
... "This structure will provide a model for potential settlements going forward," Black said. "It's a reasonable approach, and the Target one has already been approved by the court, so once you have a model that starts getting approval, it's an easy way to go."
Excerpted from Law360. To read the full article, click here (subscription required).