Working in an area of the law where the rules seem to evolve with every new turn in technology can leave even the best attorneys with a cloudy vision of where cases are headed.
Despite a rapidly changing legal landscape in his field, Norman E. Siegel has made one thing crystal clear: After the year he’s had, there’s no question he belongs among Missouri’s most influential lawyers.
Already well known for his extensive body of work in cybersecurity and privacy law, Siegel had a year to remember in 2019. The partner at Kansas City-based Steuve Siegel Hanson played a leading role in securing a historic multipronged settlement valued at $1.5 billion in the massive data breach at Equifax.
That alone would make quite a year, but it’s just the main attraction of his 2019.
Siegel also helped to head a class-action lawsuit against the National Board of Examiners in Optometry that resulted in the preliminary approval of a $3.25 million settlement. He has been appointed lead counsel in litigation against Quest after a data breach, and he is representing consumers after a years-long data breach at Marriott.
Oh, and in early December, Siegel was named co-lead counsel in the litigation involving another large data breach — this time at Capital One.
While there’s no doubt Siegel himself played a prominent role in his 2019 successes, he’s quick to celebrate the help he received along the way.
“Certainly a lot of things came together this year, no doubt about it,” Siegel said. “It’s a function of a lot of hard work by not just me but so many others. A lot of the building blocks to that success were in the making for several years, in some cases.”
While all of that work from 2019 is impressive, the landmark settlement with Equifax, reached in July, stands out.
Late in December, a federal judge granted final approval to the settlement, which includes a nine-digit cash fund to repay data breach victims. It forces the credit bureau to spend $1 billion over five years to bolster its data security, offer 10 years of credit monitoring and implement restrictions on how the company can gather customer data. It also imposes strict rules Equifax must follow to get data from its customers.
The wide-ranging settlement was hardly a sure thing when Siegel was appointed one of three co-lead counsels in the nationwide class-action suit. Siegel said he has had some success dealing with large data breaches in front of Chief U.S. District Judge Thomas W. Thrash Jr. in the Northern District of Georgia, such as a case involving Home Depot. But with the law continuously evolving in the cybersecurity field, Siegel said it’s tough to get a feel for how a case might go.
“It required an awful lot of investigation to figure out exactly what happened,” Siegel said. “We were dealing with common law in new technology. Because of all that, it’s nearly impossible to predict at the start where the case will end.”
During litigation, it became clear Equifax would not pay what his team believed the case was worth, with the credit bureau claiming the plaintiffs had no standing, Siegel said. Equifax moved to dismiss the case, and having the claims survive that test at the appeals court level provided the key to securing the settlement in a long, drawn-out negotiation, he said.
“We’re very proud of the outcome,” he said. “If you combine all previous data breach settlements, this one is bigger — not just the cash component, but the non-financial components, too. This should be a model for these types of cases going forward.”