Of course, one could also argue that this has just created a new form of venture lawyering, with attorneys who give zero shits about their clients chasing compliance violations rather than ambulances, and businesses baking these lawsuits into their profitability calculations.
However, an even bigger problem is legal inequalities. Rich people can afford top legal representation and poor people cannot. We should instead have single payer legal representation. Lawyers are required to charge a standard fee and are paid by the government for their work. They are not allowed to accept payments in addition to the standard government payment or to take contingency fees.
Doing this would ensure that the poor in America are not disadvantaged due to the rich having better lawyers.
Really reduces the incentive for overspending the opposing party and encourages cheap quick settlements.
Second issue is that there is a huge variance in the skill of lawyers and that skill has huge impacts on the outcome of cases. It'd be just like fixing the pay of software engineers in terms of results.
Similarly, can I have expert testimony at my trial? Can everybody?
Lawyers are required to charge a standard fee and
are paid by the government for their work.
/s
But there is so many issues with the government taking on _more_ responsibility in our lives (like they usually do things worse). Not to mention in US, we are guaranteed right to lawyer in defense, for equality, and those lawyers make way less than private lawyers, so presumable there is a difference in quality (or something else?). Additionally, its common to see legal fees part of law suits like this zappos suit), so lawyers can work for poor people because they get paid when they win a suit, which is their job anyways.
If you cost 300M people each $20 worth of time and aggravation so that you can make $5B, your net effect on the economy is a cool negative $1B. However, no individual person would ever find it worthwhile to file a lawsuit for $20. That's why we invented class action lawsuits, but if the company settles for say $300M (that's 5 cents on the dollar), 1/3 of that goes to the legal team and 2/3 goes to the class members (in the form of free credit monitoring or a 10%-off coupon or something), and a legal team of 10 splits the legal fees, that's F-U money for every lawyer involved, under a dollar for each class members, and a profit of $4.7B for the company. The transaction is value-destroying for the economy as a whole, but happens regardless because it fits each individual participants' incentives. All because the legal system cannot scale to the harms that may be inflicted upon members of the public.
Arguably, this is the system we're living in now.
Suits do not always make the suing party whole, for a number of reasons, yet still have value in enforcing law.
Additionally, many arrangements (particularly class action) have attorneys assuming the entire financial risk of the a loss, and it's reasonable for them to be paid for this service.
---
That said...we're not taking about 30% to the plaintiff, or even 5%. It's 1.4%!!!
It's like saying Facebook founders get a combined 1.4% of the company.
It reminds me of somebody who lawyered up after being denied disability benefits. The lawyer took the case if the client signed over 25% of the payment in perpetuity.
On one hand, yes, they're helping someone resolve the issue without funds to pay for it. But I'm still bothered by the fact the lawyer is either a) cutting deeply into the funds of somebody who needs it because of a true disability or b) is helping someone game the system if they don't need it.
EG: https://www.vanityfair.com/news/2016/08/peter-thiels-foundat...
In light of that, $1.5m is probably an overall loss for the law firm.
It's similar to a car dealership trading in a car that is 'uneconomical to repair' on a new vehicle. Then they repair it anyway and sell it. Because shop costs and parts costs for them are not the same as shop costs and parts costs for you.
According to the document:
"...Both sides agreed to a settlement to avoid the uncertainty and cost of litigation, ..."
>...In light of that, $1.5m is probably an overall loss for the law firm.
I don't think there is any evidence that this is an overall loss for the firm.
We ran into this at a previous job. The firm got sued by a group of attorneys, who between them didn't have a single plaintiff. We settled out of court, which means that while they didn't get the windfall they wanted, they still got a decent payday that more than paid their filing costs.
Fantastic.
I'm sure your credit card is 100% safe.
Thanks for reminding me about that. Credit cards I get cancel and get new ones, but my passport data which Cathay Pacific failed to protect, this unfortunately cannot be changed and the data is floating around somewhere.
If I'm supposed to waste my time over their collusion with the supposed offender in order to legitimize their payday, they can waste theirs entertaining me so I actually get something out of it.
“Both sides agreed to a settlement to avoid the uncertainty and cost of litigation, and to provide benefits to Class Members more promptly. The Court did not decide in favor of the Class Representatives or Zappos. Zappos denies any liability or wrongdoing of any kind associated with the claims in this class action.”
It was a mutually agreed upon arbitration, no judges were involved in the decision.
I can't even figure out from the email how to object to this settlement. It is absolutely insane that the settlement is in a discount code. How any court could find that satisfactory is absolutely obnoxious and demonstrates that the rule of law has been perverted by large corporations.
I would appreciate it if anyone could let me know how to formalise my objection to the judge presiding this case as their website is as clear as mud.
To whom it may concern,
I received an email about this "settlement". The email was unclear on how to object to this "settlement". I wish to formally state my objection to this settlement. I fail to see how a discount for future purchases will dissuade organisations from not implementing appropriate security measures. If anything this is a boon to Zappos as to receive the benefit you must spend money with them.
This settlement is incongruous with the purpose of equity courts which is to right a wrong. A discount for a future purchase does not right a wrong and makes a mockery of the court. Further, this settlement does not accord with the consequences of e: Equifax Inc. Customer Data Security Breach Litigation, Case No. 1:17-md-2800-TWT.
I hope the court rejects this agreement and seeks proper remedies for those impacted and appropriate consequences on those who failed in their duties that caused this lawsuit.
>Regards
Marking this bug works as intended.
That said, I'm a bit surprised to see a "Rake them over the coals" attitude on HN. They leaked a DB with hashed passwords, user data, and last 4 digits of credit cards. That happens to even the most responsible websites all the time, even with seven years of best practices to build upon. I know it would have absolutely happened to the awful, framework-less PHP I was writing back in 2012.
Without letting Zappos off the hook for not taking security more seriously, it seems to me that substantial, non-ridiculous monetary punishments should be reserved for instances of deliberate recklessness, or at least clear, preventable negligence.
Consequences should motivate companies to be secure. i.e. it should be much cheaper to hire a large competent security team who has a chunk of engineer time than it is to pay tiny settlements to teams of lawyers.
Data breaches aren't just necessary evils, they can be prevented, but not without a lot of extra work. Companies should consider a data breach to be an existential threat, not a cost of business.
If judgments like this were the only reason to prioritize security, then sure. But hopefully there are at least some market/reputational forces at work too.
It looks like the $22,500 is just for 9 named plaintiffs ($2,500 each). The other victims get nothing.
If you can't manage PCI compliance then you shouldn't be involved with credit cards.
If you were writing framework-less PHP in 2012, you were doing it wrong. There were major frameworks well before that point: CakePHP (Apr 2005), Symfony (Oct 2005), CodeIgniter (2006) and even Laravel (2011).
Because on the other hand, it's risky and time intensive.
You stand to lose quite a bit as well, since class actions don't usually pay the lawyers on loss.
In other words - is this an "American corporate greed" sort of tragedy, or is this standard result of such a lawsuit in all major countries?
By tragedy, I mean over 90% of the proceeds of the lawsuit going to lawyers rather than individuals affected in the data breach.
the legal theory is that
1) punishing the bad actor is more important than restitution. it's more important that Zappos is punished to discourage bad behavior from Zappos or anyone else, less important how exactly the punishment money is split up
2) since lawyers can get paid out of the settlement, it incentivizes independent lawyers to go after bad companies wherever they may be rather than needing regulators. so you don't need to maintain and hire a bunch of regulators and their legal teams, which will often be too many or too few.
other countries may prefer things the other way around and often do. it's easy to think of pros and cons either way.
1) not involve a civil suit whatsoever - instead of filing a class action claim resulting in a settlement or penalty assigned by a court, the people would complain to the relevant regulator, who'd investigate, impose fines and mandate changes in company processes.
2) in a scenario like this - where none of the complaintants assert any specific direct loss but simply generic increased future risk - there would be no payments to the affected individuals at all, any fines would go to the government; the main goal will be to enforce future compliance with the rules, and punish past incompliance with fines to deter other violators. Individuals can demand and get compensation that will cover specific actual damages that can be demonstrated, but no more, and nothing unless/until any consequences materialize. The "You wronged me, I'll sue you for $$$$ despite not being actually $$$$ out of pocket right now" style of civil claims (that seems to be common in USA, at least in mass media) is rare, and when it happens, it's usually unsuccessful.
When a suit starts in 2012 and ends in 2019, the human capital invested is simply enormous.
I was shocked how much of law was simple find/replace on templates.
The point of legal system should be to compensate the wronged party, not to enrich lawyers.
For example - if someone is criminally wronged in a property crime, wouldn't it make more sense to leave them free but garnish their wages to make the wronged individual whole instead of putting them in prison for decades? Yet if you bring up the idea of compensating the victim instead of punitive justice, a majority of people are extremely offended by the idea.
From that point of view, it isn't surprising at all that class action lawsuits are much more about retribution than restoration in the adversarial system.
But I agree. I am tired of getting practically nothing from class action lawsuits, while lawyers who did not get harmed walk away with millions.
If you said my settlenent is $80 I'd say go for broke. Take it all the way or go home. No but the lawyer sees a perfectly cromulent payday for themselves so they'll encourage the class to accept the deal.
I thought that fees and expenses were generally 30%-40% of settlements.