In this era where there appears to be a new data security incident announced each month, there is surprisingly little class certification jurisprudence for data security class actions. Indeed, to date we know of only four decisions that have addressed class certification of data privacy actions, excluding settlement certification: Dolmage v. Combined Ins. Co. of Am., No. 14 C 3809, 2017 WL 1754772, at *7 (N.D. Ill., May 3, 2017); In re Target Corp. Customer Data Sec. Breach Litig., 309 F.R.D. 482, 484 (D. Minn., 2015); In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., 293 F.R.D. 21, 33 (D. Me., 2013); and In re TJX Companies Retail Sec. Breach Litig., 246 F.R.D. 389, 397-98 (D. Mass., 2007). With only one exception (Target), courts have refused to certify contested data privacy classes.