UNITED STATES DISTRICT COURT EASTERN DISTRICT OF KENTUCKY CENTRAL DIVISION (at Lexington)
) ) In re CorrectCare Data Breach Litigation ) Civil Action No. 5: 22-319-DCR ) ) ) MEMORANDUM OPINION ) AND ORDER ) ) *** *** *** *** Plaintiffs Virginia Hiley, Christopher Knight, Kyle Marks, and Marlena Yates, and Defendant CorrectCare Integrated Health, LLC have entered into a proposed Class Action Settlement Agreement (the “Settlement”). The plaintiffs have filed an unopposed motion for preliminary approval of the Settlement, to approve the form and method for giving notice of the Settlement to the Settlement Class, and to schedule a final approval hearing. However, at this time, the Court lacks sufficient information to determine whether the Settlement is fair enough to begin the class-notice process. Therefore, the plaintiffs’ motion for preliminary approval will be denied, without prejudice. I. Background CorrectCare Integrated Health, LLC (“CorrectCare” or “Defendant”) is a third-party administrator that facilitates access to medical providers and manages medical claims payment for correctional facilities. On July 6, 2022, it discovered that two of its file directories located on a web server inadvertently had been exposed to the public internet (the “Data Breach”). CorrectCare subsequently sent notice to around 600,000 individuals whose personal identifiable information and personal health information (collectively “private information”) was exposed in the Data Breach. [Record No. 37, ¶ 5] The notice advised these individuals that the breach potentially exposed files that contained highly-sensitive information including,
but not limited to: full name, date of birth, social security number, department of corrections identification number, and limited health information, such as a diagnosis code and/or CPT code. Id. On December 7, 2022, Plaintiff Virginia Hiley filed suit against CorrectCare, individually and purportedly on behalf of a putative class of similarly situated individuals. Hiley, Knight, Marks, and Yates (collectively, the “plaintiffs”) were permitted to file a Consolidated Amended Complaint (“CAC”) on March 24, 2023. [Record No. 37] Each
alleges that he or she provided private information to CorrectCare as a condition of receiving medical services while serving a sentence in a correctional facility that utilized CorrectCare’s services. Each plaintiff contends that CorrectCare’s inadequate procedures caused the Data Breach, which has caused the plaintiffs to suffer identity theft and/or fraud, the risk of future identity theft and/or fraud, and lost time and resources spent mitigating the consequences of the Data Breach. The plaintiffs asserted various common law claims including negligence and
breach of implied contract, as well as state statutory claims. On May 8, 2023, CorrectCare filed a 34-page motion to dismiss the CAC in its entirety. [Record No. 53] It argued that the CAC should be dismissed for lack of Article III standing under Rule 12(b)(1) of the Federal Rules of Civil Procedure. CorrectCare also argued that the plaintiffs’ claims failed on the merits for various reasons. The plaintiffs filed their 35-page opposition to CorrectCare’s motion to dismiss on June 22, 2023, and CorrectCare filed a reply brief on July 24, 2023. [Record Nos. 55, 57]. While briefing on the motion to dismiss was underway, the parties commenced settlement discussions. This included voluntary exchange of informal discovery and, ultimately, an agreement to mediate with Bennet G. Picker of the Stradley Ronon law firm.
This ultimately resulted in both parties’ acceptance of Mr. Picker’s proposal, which was to resolve the case for a non-reversionary $6.49 million common fund. The plaintiffs now seek preliminary approval of the Settlement. II. Overview of the Proposed Settlement The Settlement provides that CorrectCare will pay $6,490,000 into a non-reversionary common fund (“the Gross Settlement Fund”). The plaintiffs will ask that up to one-third of the Gross Settlement Fund be allocated to attorneys’ fees. They also will ask that notice and
administration fees, litigation expenses, and a total of $10,000 in plaintiff service awards be deducted from this amount, resulting in a Net Settlement Fund from which the plaintiffs’ claims will be paid.1 If monies remain in the Settlement Fund after the date the class members’ settlement checks expire, those monies will not revert to CorrectCare, but will be paid to the proposed Cy Pres Recipient, the American Civil Liberties Union Foundation, National Prison Project.
There are approximately 646,701 potential settlement class members. The Settlement proposes two general payment categories. First, any Settlement Class member who paid out of pocket for identity theft, fraud, or other expenses after July 6, 2022, which the Class Member claims is more likely than not related to the Data Breach may be reimbursed up to $10,000. Class Members seeking compensation under this category will be required to provide
1 The Settlement contains a Notice Plan, to be administered by Kroll Settlement Administration (“Kroll”). The plaintiffs did not indicate the amount of Kroll’s administration fees. reasonable supporting documentation. In the event such a claim is deemed deficient (and cannot be cured after a reasonable opportunity), it will be treated automatically as a request for an “alternative cash payment.”
The second option, for an “alternative cash payment,” does not require any supporting documentation and does not require any showing of fraud, identity theft, or other misuse of personal information. Settlement Class Members seeking an alternative cash payment will simply submit a claim form, using a unique code supplied by the Settlement Administrator, indicating that they wish to elect this option. Additionally, the parties have agreed to provide residents of California with an additional payment for statutory damages claims under the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code § 1798.100, et seq.
III. Discussion “The class-action device was designed as ‘an exception to the usual rule that litigation is conducted by and on behalf of the individual named parties only.” General Tel. Co. of the S.W. v. Falcon, 457 U.S. 147, 155 (1982). Claims of a class proposed to be certified for purposes of settlement may be settled only with the Court’s approval. Fed. R. Civ. P. 23(e). Preliminary approval is the first step of the approval process. Herbert Newberg & Alba Conte,
Newberg on Class Actions, § 13:10 (6th ed. 2023). The Court must answer two questions in deciding whether preliminary approval is appropriate. They are: (1) whether it will likely be able to certify the class for purposes of judgment on the proposal and (2) whether it will likely be able to approve the proposal under Rule 23(e)(2). Fed. R. Civ. P. 23(e)(1)(B)(ii), 23(e)(1)(B)(i). If the answer to both inquiries is “yes,” then the court must direct notice to all class members who would be bound by the settlement. Fed. R. Civ. P. 23(e)(1)(B). A. The Court will likely be able to certify the class. 1. The plaintiffs have shown that Rule 23(a)(1) is likely to be satisfied. At this stage of proceedings, the court must ensure that there is a basis to conclude that
class certification is likely to be granted following a final approval hearing. See Fed. R. Civ. P. 23, Advisory Committee Notes to 2018 Amendments. There are four prerequisites for class certification under Rule 23(a): numerosity; commonality; typicality; and adequacy of representation. See Amchem Prods. Inc. v. Windsor, 521 U.S. 591, 613 (1997). And although Rule 23 has no express “ascertainability” requirement, the Sixth Circuit has held that the class description must be sufficiently definite such that “it is administratively feasible for the court to determine whether a particular individual is a member.” Cole v. City of Memphis, 839 F.3d
530, 541 (6th Cir. 2016). Rule 23(a)(1) requires that the class be so numerous that joinder of all members is impracticable. There is no strict numerical test that applies here and courts must make common sense determinations based on the particular circumstances. Daffin v. Ford Motor Co., 458 F.3d 552 (6th Cir. 2006). See also Bacon v. Honda of Am. Mfg., Inc., 370 F.3d 565, 570 (6th Cir. 2004) (noting that “more than several hundred” class members can be the only factor
needed to satisfy Rule 23(a)(1)); Bittinger v. Tecumseh Prods. Co., 123 F.3d 877, 884 n.1 (6th Cir. 1997) (observing that joinder of parties was impracticable for a class with over 1100 members and “[t]o reach this conclusion [was] to state the obvious”). The Court finds that the 646,701 prospective class members easily satisfies the numerosity requirement. The plaintiffs also have demonstrated that there are questions of law or fact common to the proposed class. As this Court has previously observed, “[t]he commonality test is qualitative, rather than quantitative,” and “there need be only a single issue common to all members of the class.’” Peck v. Air Evac EMS, Inc., 2019 WL 3219150, at *3 (E.D. Ky. July 17, 2019) (quoting In re American Medical Sys., 75 F.3d 1069, 1080 (6th Cir. 1996)). The common questions in this case include: whether and what kind of legal duty CorrectCare had
to protect the data of Class Members, whether express or implied contracts existed and were breached, and whether CorrectCare acted negligently in storing the data. This requirement is, therefore, satisfied for preliminary approval purposes. See In re Countrywide Fin. Corp. Customer Data Sec. Breach Litig., 2009 WL 5184352, at *3 (W.D. Ky. Dec. 22, 2009) (finding that similar common questions satisfied commonality for purposes of certifying a class in a data breach settlement). Next, the plaintiffs must establish that “the claims or defenses of the representative
parties are typical of the claims or defenses of the class.” Fed. R. Civ. P. 23(a)(3). Claims are typical when they arise “from same event or practice or course of conduct that gives rise to the claims of other class members, and if [the representatives’] claims are based on the same legal theory.” Beattie v. CenturyTel, Inc., 511 F.3d 554, 561 (6th Cir. 2007); Green v. Platinum Rests. Mid-Am., LLC, 333 F.R.D. 102, 110 (W.D. Ky. 2019). The plaintiffs’ claims of harm resulting from the Data Breach are based on the common theory that the defendant failed to
take adequate measures to protect the plaintiffs’ private information. See In re Countrywide Fin. Corp. Customer Data Sec. Breach Litig., 2009 WL 5184352, at *3. Accordingly, Rule 23(a)(3)’s typicality requirement is met. Rule 23(a)(4) requires that “the representative parties will fairly and adequately protect the interests of the class.” Fed. R. Civ. P. 23(a)(4). Class representatives must meet two criteria: “(1) the representative must have common interests with unnamed members of the class, and (2) it must appear that the representatives will vigorously prosecute the interests of the class through qualified counsel.” Young v. Nationwide Mut. Ins. Co., 693 F.3d 532, 543 (6th Cir. 2012). These requirements ensure that the representatives’ interests are “aligned with the interests of the represented class members so that, by pursuing their own interests, the class
representatives also advocate the interests of the class members.” In re Whirlpool Corp. Front- Loading Washer Prods. Liab. Litig., 722 F.3d 838, 852-53 (6th Cir. 2013). Ultimately, the “inquiry under Rule 23(a)(4) serves to uncover conflicts of interest between named parties and the class they seek to represent.” Amchem, 521 U.S. at 625. The named plaintiffs satisfy both requirements under Rule 23(a)(4). Each of the named plaintiffs claims that the defendant negligently disclosed his or her private information as a result of the Data Breach. Further, the plaintiffs and putative class members ostensibly have
a “common goal of maximizing recovery for the class,” and there is no apparent conflict between them. See Thacker v. Chesapeake Appalachia, LLC, 259 F.R.D. 262, 268 (E.D. Ky. 2009). Counsel report that the plaintiffs have “vigorously prosecuted the interests of the class.” [Record No. 84-1, p. 27] That assertion appears to be accurate, based on the named plaintiffs’ participation in the case thus far, which necessarily has included the provision of information and cooperation with counsel. Although the named plaintiffs will receive service awards under
the Agreement, such awards are not prohibited under Sixth Circuit precedent and they are relatively modest in this case. See Shane Grp. Inc. v. Blue Cross Blue Shield of Mich., 833 F. App’x 430, 431 (6th Cir. Jan. 14, 2021). Accordingly, the plaintiffs have made a sufficient showing that the named plaintiffs are adequate for purposes of Rule 23(b)(3). The Court also must find that class counsel are adequate. Rule 23(g) of the Federal Rules of Civil Procedure set forth the following criteria for determining whether this requirement is satisfied: “(i) the work counsel has done in identifying or investigating potential claims in the action; (ii) counsel’s experience in handling class actions, other complex litigation, and the types of claims asserted in the action; (iii) counsel’s knowledge of the applicable law; and (iv) the resources that counsel will commit to representing the class . . . .”
Fed. R. Civ. P. 23(g)(1)(A). On February 22, 2023, the Court granted the plaintiffs’ request to appoint attorneys Benjamin F. Johns; Gary M. Klinger; Gerard Stranch IV; and Lynn A Toops as interim co- lead class counsel. [Record No. 33] The Court previously reviewed each attorney’s background and experience and determined that each has substantial knowledge and is experienced with respect to class actions involving data breaches. Id. at p. 5. The Court further noted that each of the attorneys and their law firms were willing and able to expend the
resources necessary to ensure vigorous prosecution of the plaintiff’s claims. Id. The Court continues to believe that the aforementioned attorneys are adequate as defined under Rule 23(g). Finally, for a class to be ascertainable, the proposed definition must be precise and objective and must not rely on subjective factors such as a class member’s state of mind. In re Polyurethane Foam Antitrust Litig., 2015 WL 4459636, at *5 (N.D. Ohio July 21, 2015).
Here, the proposed class includes “[a]ll individuals residing in the United States whose Private Information was compromised as a result of the Data Breach.” Such individuals should be readily identifiable based on information disclosed during informal discovery and, therefore, the class is sufficiently ascertainable. 2. The parties have shown that Rule 23(b)(3) is likely to be satisfied. Having made a satisfactory preliminary showing with respect to Rule 23(a), the Court turns to the type of class action involved. A class action may be maintained only if Rule 23(a) is satisfied and one of the types of class actions described in Rule 23(b) is established. The plaintiffs assert that they have made a preliminary showing with respect to Rule 23(b)(3). A class action may proceed under Rule 23(b) when
[t]he court finds that the questions of law or fact common to class members predominate over any questions affecting only individual members, and that a class action is superior to other available methods for fairly and efficiently adjudicating the controversy. The matters pertinent to these findings include: (A) the class members’ interests in individually controlling the prosecution or defense of separate actions; (B) the extent and nature of any litigation concerning the controversy already begun by or against class members; (C) the desirability or undesirability of concentrating the litigation of the claims in a particular forum; and (D) the likely difficulties in managing a class action.2
Rule 23(b)(3) is “framed for situations in which class-action treatment is not clearly called for,” but “individual adjudications would be impossible or unworkable.” Modern Holdings, LLC v. Corning, Inc., 2018 WL 1546355, at *11 (E.D. Ky. Mar. 29, 2018) (quoting Wal-Mart Stores, Inc. v. Dukes, 564 U.S. 338, 362 (2011)). To qualify under this provision, “a class must meet two requirements beyond the Rule 23(a) prerequisites: Common questions must ‘predominate over any questions affecting only individual members’ and class resolution must be ‘superior to other available methods for the fair and efficient adjudication of the controversy.” Id. at *12 (quoting Amchem Prods., Inc., 521 U.S. at 615).
2 The Court need not consider case management or litigation concerns when entertaining a request to certify a class for settlement purposes, as opposed to trial. See In re Nat’l Prescription Opiate Litig., 976 F.3d 664, 674 (6th Cir. 2020). The Rule 23(b)(3) predominance requirement mirrors the commonality requirement in Rule 23(a)(2), but subdivision (b)(3) “contains the more stringent requirement that common issues ‘predominate over individual issues.’” In re Countrywide Fin. Corp. Customer Data
Sec. Breach Litig., 2009 WL 5184352, at *6 (quoting In re Medical Sys., Inc., 75 F.3d at 1084). To satisfy the predominance requirement under Rule 23(b)(3), plaintiffs must show that “the issues in the class action that are subject to generalized proof . . . predominate over those issues that are subject to only individualized proof.” Id. (quoting Beattie v. CenturyTel, Inc., 511 F.3d 554, 564 (6th Cir. 2007)). In other words, the Court must determine whether the question common to the class are “at the heart of the litigation.” Id. (quoting Powers v. Hamilton Cnty. Pub. Defender Com’n, 501 F.3d 592, 619 (6th Cir. 2007)).
Having reviewed the record and the data-breach cases cited by the plaintiffs, the Court is persuaded that common issues predominate in this matter. The nature of the harm alleged as a result of the disclosure of private information may vary to some degree among the class members. However, certain questions, which are common to all class members, predominate. These questions include: whether the defendant owed a duty to the class members to safeguard their personal information; whether the defendant breached that duty; whether the defendant
entered into implied contracts with the plaintiffs; and whether the defendant breached those contracts. See id. (observing that the predominance requirement was satisfied when the proof required focused on the defendant’s conduct—not on the individual class members). See also In re Wawa, Inc. Data Sec. Litig., 2021 WL 3276148, at *4 (E.D. Pa. July 30, 2021). Finally, the plaintiffs have demonstrated that a class action is the superior method of litigation for fairly and efficiently resolving their claims. The United States Supreme Court has observed that class action is appropriate in situations that “vindicate[e] the rights of groups of people who individually would be without effective strength to bring their opponents into court at all.” Amchem, 521 U.S. at 617. Given the relatively low value of the individual claims, class members are unlikely to bring individual lawsuits against CorrectCare. See In re
Whirlpool, 722 F.3d at 861. B. The Court lacks sufficient information to determine whether the settlement is fair enough to begin the class-notice process. Having concluded that the Court will likely be able to certify the class, the Court turns to the question of whether it will likely be able to approve the proposal under Rule 23(e)(2). A primary purpose of preliminary approval is to ensure that the settlement is “fair enough” to begin the class-notice process. Moeller v. Week Pubs., Inc., 649 F. Supp.3d 530, 540 (E.D. Mich. 2023); In re Papa John’s Employee & Franchisee Emp. Antitrust Litig., 2023 WL 5997294, at *2 (W.D. Ky. Sept. 15, 2023) (quoting Garner Props. & Mgmt., LLC v. City of Inkster, 333 F.R.D. 614, 626 (E.D. Mich 2020) (assessing “whether the settlement is fair enough that it is worthwhile to expend the effort and costs associated with sending potential
class members notice and processing opt-outs and objections”). In making this determination, courts within the Sixth Circuit consider the overlapping factors articulated in Rule 23(e)(2)(A)-(D) and Int’l Union, United Auto., Aerospace & Agricultural Implement Workers of America v. Gen. Motors Corp. (“UAW v. GMC”), 497 F.3d 615 (6th Cir. 2007). Rule 23(e)(2) instructs the courts to consider whether: (A) the class representatives and class counsel have adequately represented the class; (B) the proposal was negotiated at arm’s length; (C) the relief provided for the class is adequate, taking into account: (i) the costs, risks, and delay of trial and appeal; (ii) the effectiveness of any proposed method of distributing relief to the class, including the method of processing claim-member claims; (iii) the terms of any proposed award of attorney’s fees, including time of payment; and (iv) any agreement required to be identified under Rule 23(e)(3).3 In UAW v. GMC, 497 F.3d at 631, the Sixth Circuit observed that the following factors also guide the Court’s inquiry into whether a proposed class action settlement is fair, reasonable and adequate: the risk of fraud or collusion; the complexity, expense, and likely duration of the litigation; the amount of discovery engaged in by the parties; the likelihood of success on the merits; the opinions of class counsel and class representatives; the reaction of absent class members; and the public interest. The Court has considered all of the relevant factors and concludes that they largely weigh in favor of preliminary approval of the Settlement. For instance, the record indicates
that the parties negotiated the Settlement at arm’s length and there is no evidence of fraud or collusion. This is highlighted by the parties’ stalled settlement negotiations, which they were able to work through only with the assistance of any experienced mediator. See Bert v. AK Steel Corp., 2008 WL 4693747, at *2 (S.D. Ohio Oct. 23, 2008) (observing that “participation of an independent mediator in settlement negotiations virtually insures that the negotiations were conducted at arm’s length and without collusion between the parties”). As discussed previously, the plaintiffs have sufficiently demonstrated that counsel and
the representative parties have adequately represented the class. Further, settlement is a favorable outcome considering the likely expense and duration of continued litigation. As this Court has noted, “[t]here is a strong public interest in encouraging settlement of complex litigation and class action suits because they are notoriously difficult and unpredictable and
3 The plaintiffs report that there are no agreements to be identified under Rule 23(e)(3). settlement conserves judicial resources.” Ware v. CKF Enters., Inc., 2019 WL 2996914, at *1 (E.D. Ky. July 9, 2019) (quoting Dick v. Sprint Commc’n. Co., L.P., 297 F.R.D. 283, 297 (W.D. Ky. 2014)).
Although the parties did not engage in formal discovery, CorrectCare informally provided the plaintiffs with information concerning the size and scope of the class, as well as the private information that was allegedly comprised. This gave the parties sufficient information to engage in settlement negotiations and to reach an agreement that is ostensibly reasonable. See N.Y. State Teachers’ Ret. Sys. v. Gen. Motors Co., 315 F.R.D. 226, 236 (E.D. Mich. 2016) (noting that formal discovery is not necessarily required, so long as the parties have obtained sufficient information to evaluate the relative strength of their positions).
The likelihood of success is the most important of the UAW factors. The plaintiffs’ likelihood of success on the merits of their individual claims is unclear. There is considerable room for argument, as evidenced by the parties’ extensive briefing on the defendant’s motion to dismiss. The Court notes that many unnamed class members may not have standing to pursue their claims individually. While each named plaintiff has alleged some type of concrete harm, other proposed class members might not be able to do the same, which would be fatal
to their ability to succeed on the merits. See Galaria v. Nationwide Mutual Ins. Co., 663 F. App’x 384, 388-89 (6th Cir. 2016) (citing quoting Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138, 1155 (2013)). Viewed in isolation, this factor easily weighs in favor of preliminary approval. However, “[t]his is not simply an estimation of the plaintiffs’ chances of success on the merits, but rather a balancing of the likelihood of success ‘against the amount and form of the relief offered in the settlement.’” Ware, 2020 WL 2441415, at *11. The Settlement makes clear that class members with documented out-of-pocket losses may submit claims for up to $10,000, which is a strong indicator of fairness for these plaintiffs. However, questions remain with respect to the relief that will be available to plaintiffs
seeking an alternative cash payment. It appears that any valid out-of-pocket claims will be subtracted from the Net Settlement Fund before class members seeking an alternative cash payment can obtain any relief. [See Record No. 84-2, p. 51 (defining “Cash Payment Fund”). Based on the information that has been provided to the Court, it also appears possible (although perhaps unlikely) that the Net Settlement Fund will be depleted prior to any allocations to class members seeking alternative cash payments. The plaintiff’s Plan of Allocation of the Net Settlement Fund appears to contemplate
this scenario, as it provides: “If the amount of valid claims for Out-of-Pocket Losses exceeds the limit for all claimants listed on the Key Terms Page, then each payment will be reduced pro rata until all payments total the limit for all claimants.” [Exhibit F, Record No. 84-2, p. 51] However, the “Key Terms Page,” does not provide a limit for out-of-pocket losses. Instead, it states “See Plaintiffs’ Plan of Allocation” for “Out-of-Pocket Losses Maximum Payment Amount.” [Record No. 84-2, p. 2] Given the Settlement’s apparent lack of a
Maximum Payment Amount for out-of-pocket losses (and the resulting lack of assurance that there will be funds to pay the alternative-cash-payment plaintiffs), the Court cannot say that the relief is adequate or that the Agreement treats the class members equitably relative to each other. IV. Conclusion Based on the foregoing, it is hereby ORDERED as follows: 1. The plaintiffs’ unopposed motion for preliminary approval of class action settlement [Record No. 84] is DENIED, without prejudice. 2. Within 21 days, the parties are directed to tender a status report or a renewed motion for preliminary approval of settlement which is consistent with this Memorandum Opinion and Order and addresses the Court’s concerns. Dated: April 1, 2024. SIO ce we. coy im Danny C. Reeves, Chief Judge Sar ay United States District Court “Se Eastern District of Kentucky
-15-