ClaimHour

Fee petition mechanics · Updated June 2026

Privacy class action attorney fee petition mechanics: BIPA per-scan class certification and disclosure advisory, CCPA data breach notification and statutory damages advisory, and class certification, settlement approval, and cy pres distribution advisory

Privacy class action attorneys handling BIPA (Illinois Biometric Information Privacy Act) per-scan class actions under 740 ILCS 14/15, CCPA (California Consumer Privacy Act) data breach class actions under Cal. Civ. Code § 1798.150, and privacy class action certification, settlement approval, and cy pres distribution proceedings — whose time records must satisfy the lodestar arithmetic required in any fee petition under Hensley v. Eckerhart, 461 U.S. 424 (1983) and lodestar reconstruction challenge under Welch v. Metropolitan Life Ins. Co., 480 F.3d 942 (9th Cir. 2007) arising from class action settlement approval proceedings — generate three billing gaps driven by the arrival of BIPA per-scan class certification advisory calls on each plaintiff client's own biometric data discovery calendar, CCPA data breach statutory damages advisory calls on the externally fixed breach notification calendar under Cal. Civ. Code § 1798.82, and class certification, settlement, and cy pres advisory calls on the court's scheduling order calendar: BIPA per-scan class certification and disclosure advisory calls on the plaintiff's biometric data discovery calendar (8 clients × 2 calls × 44 min × 55% untracked ≈ 6.5 hrs = $2,925–$4,875/year at $450–$750/hr), CCPA data breach notification and statutory damages advisory calls on the breach notification calendar (5 clients × 2 calls × 46 min × 55% untracked ≈ 4.2 hrs = $1,890–$3,150/year at $450–$750/hr), and class certification, settlement approval, and cy pres distribution advisory calls on the court's scheduling order calendar (4 clients × 3 calls × 48 min × 55% untracked ≈ 5.3 hrs = $2,385–$3,975/year at $450–$750/hr). For a solo privacy class action practice, the annual billing gap is $7,200–$12,000.

TL;DR

ClaimHour captures every BIPA per-scan class advisory call that arrives on the client's biometric data discovery calendar, every CCPA data breach statutory damages advisory call that arrives on the breach notification calendar, and every class certification, settlement approval, and cy pres distribution advisory call that arrives on the court's scheduling order calendar — passively, no timer, no audio, no call contents. $29–$59/mo. No PMS required.

BIPA per-scan class certification and disclosure advisory: calls on the plaintiff's biometric data discovery calendar

The Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq., imposes four core obligations on private entities that collect or possess biometric identifiers: (1) the entity must develop and make publicly available a written policy establishing a retention schedule and guidelines for permanent destruction of biometric identifiers under BIPA § 15(a); (2) the entity must obtain a written release from any person whose biometric identifier is collected or captured under BIPA § 15(b); (3) the entity must not sell, lease, trade, or profit from a person's biometric identifiers under BIPA § 15(c); and (4) the entity must not disclose a person's biometric identifiers to a third party without first obtaining consent under BIPA § 15(d). A private right of action under BIPA § 20 awards $1,000 per negligent violation or $5,000 per intentional or reckless violation per scan — meaning a class of 500 employees clocking in with fingerprint scanners twice daily over a three-year class period can generate exposure in the hundreds of millions of dollars. BIPA advisory calls arrive on each plaintiff client's own biometric data discovery calendar — when the client personally identifies that an employer or collector has violated BIPA § 15 — with no advance notice to counsel and no external regulatory trigger that would cause the advisory call to appear on any predictable schedule.

Two BIPA per-scan class certification and disclosure advisory call types that arrive on the plaintiff's biometric data discovery calendar: (1) BIPA initial disclosure review and class definition advisory call — arrives on the day the client identifies that an employer or biometric data collector violated BIPA § 15 by collecting biometric identifiers (fingerprints, retinal scans, facial geometry scans, or voiceprints) without first obtaining a written release under BIPA § 15(b), without maintaining a public-facing written retention policy under BIPA § 15(a), or by selling or disclosing biometric data to a third party without consent under BIPA § 15(d), requiring analysis of whether per-scan damages of $1,000 per negligent violation or $5,000 per intentional violation under BIPA § 20 are available, whether the class period can be defined by reference to the employer's or collector's biometric clock-in system logs (which constitute the Welch v. Metropolitan Life, 480 F.3d 942 (9th Cir. 2007) public-record temporal anchor for BIPA billing reconstruction because the log entries record the date, time, and identity of each scan that forms a distinct per-scan cause of action), and the three-year limitations period under BIPA as construed in Tims v. Black Horse Carriers, Inc., 2023 IL 127801 (holding that the five-year catchall limitations period of 735 ILCS 5/13-205 applies to BIPA § 15(a), (b), and (e) claims and the two-year limitations period of 735 ILCS 5/13-202 applies to BIPA § 15(c) and (d) claims, though the Illinois Supreme Court's Tims holding itself confirmed three-year availability for the predominant § 15(b) per-scan claim) (42–46 min); (2) BIPA class certification and Illinois Supreme Court release-timing advisory call — arrives when the case develops to the class certification stage under 735 ILCS 5/2-801, requiring analysis of numerosity (BIPA class actions are routinely certified in Illinois state court at 50–10,000 class members based on employer size and the biometric clock-in enrollment records), adequacy of class counsel, and the Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 standing holding (confirming that each scan without a compliant written release and public retention policy disclosure is a per-scan concrete injury sufficient for 735 ILCS 5/2-801 class certification even absent actual harm, thereby rejecting actual-harm standing requirements and enabling certification of large BIPA classes on a per-scan basis without individualized damages proof at the certification stage) (42–46 min). At 55% untracked: 8 clients × 2 calls × 44 min × 55% = 387.2 min / 60 ≈ 6.5 hours = $2,925–$4,875/year at $450–$750/hr.

CCPA data breach notification and statutory damages advisory: calls on the breach notification calendar

The California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100–1798.199, creates a private right of action for consumers whose personal information is subject to unauthorized access and exfiltration, theft, or disclosure as a result of a business's failure to implement and maintain reasonable security procedures and practices appropriate to the nature of the information under Cal. Civ. Code § 1798.150(a). Statutory damages between $100 and $750 per consumer per incident — or actual damages if greater — are available without proof of actual injury, and the CCPA's statutory damages framework, applied class-wide to a data breach affecting millions of California consumers, routinely generates aggregate exposure in the nine figures that creates settlement pressure independent of any showing of concrete harm. CCPA data breach advisory calls arrive on the breach notification calendar under Cal. Civ. Code § 1798.82 — the external event is the date the breached business sends breach notification letters to affected consumers, which is publicly dateable from California Attorney General breach notifications, press coverage, and class complaint allegations — meaning the advisory call arrives on the date the individual client receives their breach notification letter without any advance notice to counsel.

Two CCPA data breach notification and statutory damages advisory call types that arrive on the breach notification calendar: (1) CCPA data breach initial disclosure and 30-day cure period advisory call — arrives when the client receives notice of a data breach involving personal information under Cal. Civ. Code § 1798.82(a) or learns of a security incident affecting their personal information in a business's custody, requiring analysis of whether the breached data is "personal information" under CCPA § 1798.140 (including geolocation data, biometric information, browsing and search history, inferences drawn to create consumer profiles, and financial information, in addition to traditional PII categories such as Social Security numbers and financial account credentials), whether the breach triggers the California Attorney General's breach notification requirement under Cal. Civ. Code § 1798.82(a) (notification within 45 days of discovery of the breach), and whether the 30-day cure period under CCPA § 1798.150(b) has expired — meaning that if the business has not cured the data security failure within 30 days of receiving written notice from the consumer, the private right of action for statutory damages between $100 and $750 per consumer per incident under CCPA § 1798.150(a)(1) is fully available without any further prerequisite (42–48 min); (2) CCPA statutory damages calculation and class action viability advisory call — arrives after the 30-day cure period when class action certification mechanics under Fed. R. Civ. P. 23 (for federal court filings invoking CAFA removal under 28 U.S.C. § 1332(d)) or Cal. Code Civ. Proc. § 382 (for state court filings) become the central focus, requiring analysis of aggregate statutory damages exposure ($100–$750 per consumer per incident applied class-wide can generate nine-figure damage totals that create settlement pressure independent of actual harm to individual class members), the impact of TransUnion LLC v. Ramirez, 594 U.S. 413 (2021) on Article III standing for absent class members receiving only statutory damages without a concrete Article III injury in fact (TransUnion held that a bare statutory violation — here, a CCPA data breach without downstream misuse — does not automatically confer Article III standing for absent class members in a federal Rule 23 action, requiring individualized standing analysis at certification), and whether the federal CAFA removal threshold of $5 million in aggregate controversy under 28 U.S.C. § 1332(d)(2) has been exceeded, which is critical because federal forum provides access to CAFA's mass-action provisions and Ninth Circuit class action settlement review standards under In re Bluetooth (40–44 min). At 55% untracked: 5 clients × 2 calls × 46 min × 55% = 253 min / 60 ≈ 4.2 hours = $1,890–$3,150/year at $450–$750/hr.

Class certification, settlement approval, and cy pres distribution advisory: calls on the court's scheduling order calendar

Privacy class actions — whether BIPA per-scan class actions in Illinois state court or CCPA data breach class actions in federal court — proceed through a common series of court-supervised milestones: Rule 23(b)(3) class certification, settlement negotiation and preliminary approval, notice administration, final fairness hearing, fee award determination, and post-settlement cy pres distribution of unclaimed funds. Each milestone arrives on the court's scheduling order calendar — a court-imposed case management timeline that the plaintiff's attorney cannot predict at the outset of the representation and that shifts whenever the court modifies deadlines in response to discovery disputes, expert scheduling conflicts, or trial calendar congestion. Advisory calls at each milestone must be delivered on the day the scheduling deadline arrives, regardless of whether the attorney has a contemporaneous time entry, because the scheduling order date is a fixed external trigger that determines when the call must occur. The court's scheduling order date itself — published on PACER/CM/ECF — is the Welch v. Metropolitan Life, 480 F.3d 942 temporal anchor for the class certification, settlement, and cy pres distribution advisory call cluster, enabling lodestar reconstruction by correlating attorney billing records to the publicly documented scheduling milestones in the case docket.

Three class certification, settlement approval, and cy pres distribution advisory call types that arrive on the court's scheduling order calendar: (1) Fed. R. Civ. P. 23(b)(3) class certification and Daubert expert advisory call — arrives on the court's scheduling order at the class certification expert disclosure deadline, requiring analysis of whether a privacy class action can satisfy Rule 23(b)(3) predominance when statutory damages vary by individualized facts (e.g., the number of biometric scans per class member under BIPA § 20 or the number of breach-affected records per class member under CCPA § 1798.150(a)), the role of the damages expert in quantifying per-scan or per-incident damages class-wide without individualized inquiry that would defeat predominance, the impact of Wal-Mart Stores, Inc. v. Dukes, 564 U.S. 338 (2011) commonality analysis on privacy class actions (requiring rigorous analysis at the certification stage of whether there are common questions of law and fact that generate common answers), and whether Daubert challenges to the damages expert should be briefed contemporaneously with or sequentially after the class certification motion under the court's scheduling order (44–50 min); (2) class action settlement fairness hearing and fee award advisory call — arrives on the court's Rule 23(e) settlement approval hearing calendar, requiring analysis of whether the settlement amount is fair, reasonable, and adequate under the Ninth Circuit's Hanlon factors (Hanlon v. Chrysler Corp., 150 F.3d 1011 (9th Cir. 1998), assessing strength of plaintiff's case, risk of continued litigation, settlement stage of proceedings, amount offered, extent of discovery, experience of counsel, and reaction of class members), the fee award calculation under the percentage-of-fund method (typically 25% benchmark in the Ninth Circuit under Bluetooth) versus lodestar cross-check as required by In re Bluetooth Headset Prods. Liab. Litig., 654 F.3d 935 (9th Cir. 2011), and whether the settlement exhibits any of the Bluetooth collusion indicators (clear sailing agreements where defendants agree not to oppose fee awards, reversionary clauses returning unclaimed settlement funds to defendants, or settlement structures suggesting class counsel negotiated the fee award separately from the class recovery) that would require additional judicial scrutiny under Rule 23(e)(2) (44–50 min); (3) cy pres distribution and class notice administration advisory call — arrives on the court's post-settlement scheduling calendar for distribution of unclaimed settlement funds to cy pres recipients, requiring analysis of the cy pres nexus requirement under Dennis v. Kellogg Co., 697 F.3d 858 (9th Cir. 2012) (cy pres recipients must bear a substantial nexus to the interests of class members — in BIPA and CCPA class actions, privacy advocacy organizations, digital rights nonprofits, or cybersecurity research institutions satisfy the nexus requirement while general charitable organizations do not), objector appeals of cy pres awards, and the attorney's fee petition documentation required under Hensley v. Eckerhart, 461 U.S. 424 (1983) to withstand lodestar reconstruction challenge under Welch (the fee petition must identify each billing entry by date, time, and task, and the Welch temporal correlation analysis confirms that advisory calls at class certification, settlement, and cy pres milestones were delivered on the scheduling order dates documented in the PACER/CM/ECF docket) (44–50 min). At 55% untracked: 4 clients × 3 calls × 48 min × 55% = 316.8 min / 60 ≈ 5.3 hours = $2,385–$3,975/year at $450–$750/hr.

How ClaimHour fits privacy class action practice

If you represent plaintiffs in BIPA per-scan class actions under 740 ILCS 14/15 and CCPA data breach class actions under Cal. Civ. Code § 1798.150 — with BIPA initial disclosure review advisory calls arriving on each client's own biometric data discovery calendar the day the client identifies a BIPA violation, CCPA data breach statutory damages advisory calls arriving on the breach notification calendar under Cal. Civ. Code § 1798.82 when the client receives a breach notification letter, and class certification, settlement approval, and cy pres distribution advisory calls arriving on the court's scheduling order calendar at milestones the court controls — and your invoices consistently understate the BIPA class definition advisory calls that arrive without notice, the CCPA cure-period advisory calls that arrive when the breach notification letter lands, and the Bluetooth lodestar cross-check advisory calls that arrive at settlement fairness hearings on the court's calendar — ClaimHour was built for that gap.

Get early access

Related questions

How do BIPA per-scan class certification and disclosure advisory calls generate billing gaps on the plaintiff's biometric data discovery calendar?

BIPA 740 ILCS 14/15 imposes no fixed disclosure deadline on individual plaintiffs — each client identifies a BIPA violation when they personally encounter a noncompliant biometric collection by an employer or data collector. Advisory calls arrive on the client's own discovery-of-violation timeline without advance notice to counsel. Two call types: initial disclosure review and class definition advisory (42–46 min, arriving on the day the client identifies the violation) and BIPA class certification and Illinois Supreme Court release-timing advisory (42–46 min, arriving at the 735 ILCS 5/2-801 certification stage). Per-scan damages under BIPA § 20 ($1,000 negligent/$5,000 intentional) and the Rosenbach v. Six Flags, 2019 IL 123186 per-scan standing holding are central to both calls. At 55% untracked: 8 clients × 2 calls × 44 min × 55% ≈ 6.5 hours = $2,925–$4,875/year at $450–$750/hr.

How do CCPA data breach notification and statutory damages advisory calls generate billing gaps on the breach notification calendar?

CCPA data breach advisory calls arrive on the breach notification calendar under Cal. Civ. Code § 1798.82 — the external trigger is the breach notification letter date, which the attorney cannot predict and which arrives when the breached business sends notice to affected consumers. Two call types: breach disclosure and 30-day cure period advisory (42–48 min, arriving on the date the client receives the breach notification letter) and statutory damages calculation and class action viability advisory (40–44 min, arriving after the cure period expires and Rule 23 certification mechanics become the focus). TransUnion LLC v. Ramirez, 594 U.S. 413 (2021) Article III standing analysis and CAFA removal under 28 U.S.C. § 1332(d) are central to the second call. At 55% untracked: 5 clients × 2 calls × 46 min × 55% ≈ 4.2 hours = $1,890–$3,150/year at $450–$750/hr.

How do class certification, settlement approval, and cy pres distribution advisory calls generate billing gaps on the court's scheduling order calendar?

Privacy class action certification, settlement, and cy pres advisory calls arrive on the court's scheduling order — an externally imposed case management calendar that shifts whenever the court modifies deadlines and that counsel cannot predict at the outset of the representation. Three call types: Rule 23(b)(3) certification and Daubert expert advisory (44–50 min, arriving at the class certification expert disclosure deadline), settlement fairness hearing and fee award advisory (44–50 min, arriving on the Rule 23(e) settlement approval hearing date under Hanlon and Bluetooth), and cy pres distribution and fee petition documentation advisory (44–50 min, arriving on the post-settlement cy pres distribution calendar under Dennis v. Kellogg and Hensley). At 55% untracked: 4 clients × 3 calls × 48 min × 55% ≈ 5.3 hours = $2,385–$3,975/year at $450–$750/hr.

How does privacy class action attorney billing differ from consumer financial protection attorney billing?

Privacy class action attorney billing centers on BIPA 740 ILCS 14/15 and CCPA Cal. Civ. Code § 1798.150 representation of data subjects — with BIPA per-scan class advisory calls arriving on the plaintiff's biometric data discovery calendar, CCPA data breach statutory damages advisory calls arriving on the breach notification calendar under Cal. Civ. Code § 1798.82, and class certification, settlement approval, and cy pres advisory calls arriving on the court's scheduling order calendar. Consumer financial protection attorney billing centers on CFPB enforcement defense and TILA/ECOA adverse action representation, with fee-shifting under TILA 15 U.S.C. § 1640(a)(3) and ECOA 15 U.S.C. § 1691e(d) providing attorney's fee mechanics parallel to BIPA § 20 and CCPA § 1798.150(a)(1). Annual privacy class action billing gap: 6.5 + 4.2 + 5.3 = 16.0 hours = $7,200–$12,000/year at $450–$750/hr.

Further reading