C.D. Cal.: Data Protection Measures Fail to Meet Minimum for Diversity Jurisdiction
On Wednesday, Judge Otis D. Wright II, issued a decision, Zarrabian v. Tech Rabbit, LLC, No. 2:18-cv-10648-ODW, 2019 U.S. Dist. LEXIS 107274 (C.D. Cal. June 26, 2019), granting a motion to remand the case back to state court and denied a motion to dismiss. The plaintiff brought state law claims against the defendant arising from a data breach on its web site that led to the disclosure of personal information to third parties. The defendant sought to remove the case to federal court on the basis of diversity jurisdiction. Federal law court requires that the amount in controversy in diversity cases exceed $75,000.
Zarrabian sought equitable relief in the form of Tech Rabbit being required to implement data collection, storage, and security measures for its customer data. While Tech Rabbit's COO submitted a declaration that implementing such measures was estimated by multiple vendors to cost in excess of $300,000, Judge Wright found it deficient because:
1. Vendor proposals were not included as exhibits to the declaration.
2. The estimates were based on security standards for banks, not a tech company like Tech Rabbit.
3. The COO himself stated that that the best technology platforms would be too expensive to implement.
4. The COO lacked expertise on the cost of data protection measures.