Last week, Judge Linda Lopez of the U.S. District Court for the Southern District of California dismissed the class action lawsuit against Netgain Technology due to the lack of personal jurisdiction over the business. The class action lawsuit, Lee v. NetGain Technology, LLC, resulted from a 2020 data breach that affected personal and medical information of patients at Caresouth Carolina, a community health center. Netgain Tech was the cloud-hosting service for Caresouth and many other health care and accounting organizations.

The problem: the lead plaintiff, Gerald Lee, resides in South Carolina; Netgain Tech is a Minnesota-based company. Judge Lopez held that the Southern District of California was not the appropriate forum. Lee argued that Netgain conducts a substantial portion of its business in California, has an office and employees in California, and advertises and provides services to California residents.

Judge Lopez also held that the complaint centers around Netgain’s failure to secure Caresouth patients’ information, which has nothing to do with Netgain’s operations in San Diego. Further, in order to demonstrate that the claims arose out of forum-related activities, Lee would need to show that he would not have suffered an injury without the conduct in San Diego.

Judge Lopez also rejected the motion for jurisdictional discovery (to establish that the San Diego location was at least partially responsible for the data breach), stating that Lee had no evidence to support that theory. Netgain Tech prevails for now.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.