Privacy & Information Security Law Blog

On April 6, 2016, U.S. District Judge R. Gary Klausner approved a settlement in Corona v. Sony Pictures Entertainment, Inc., No. 14-CV-09600 (RGK). As we previously reported, the litigation centered on a data breach involving the stolen personal information of at least 15,000 former and current employees. After a partial success on its motion to dismiss, Sony still faced potential liability for negligence based on its three-week delay in notifying its employees of the data breach, as well as statutory claims under the California Confidentiality of Medical Information Act and the Unfair Competition Law.

Under the terms of the settlement, Sony will provide three years of identity theft protection, an optional service that will reimburse up to $1 million dollars and a fund for additional losses. An exact settlement amount is not available at this time. The deadline for Sony employees to sign up for the services offered in the settlement has not yet passed.

On April 14, 2016, Judge Klausner took issue with the request of $3.49 million in plaintiffs’ attorneys’ fees due to: (1) a lack of itemization and (2) the belief that fees for 17 billable hours per day, every day, during 61 weeks of litigation were unreasonable. Instead, the Court approved only 4,500 billable hours at a $509.34/hour blended rate. Consequently, $2,587,574.96 in attorneys’ fees and costs were approved as reasonable, but the Court allowed the parties to independently negotiate any fees and costs above that amount.