Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
March 19 --A federal district court March 12 dismissed a putative class action alleging that a data security company's actions led to a data breach at the South Carolina Department of Revenue, finding the plaintiff's claimed injuries “too speculative” to establish Article III standing ( Strautins v. Trustwave Holdings, Inc., 2014 BL 67509, N.D. Ill., No. 1:12-cv-09115, dismissed 3/12/14).
Social Security numbers for some 3.6 million taxpayers, as well as information belonging to 657,000 businesses and 387,000 credit and debit card holders, were exposed in a hacking breach at the department .
Plaintiff Amber J. Strautins sued Trustwave Holdings Inc., a Chicago-based data security company, on behalf of a proposed class of taxpayers who filed South Carolina tax returns since 1998. She alleged that Trustwave, which maintained the security of the Department of Revenue's system, inadequately protected her personally identifiable information (PII).
Judge John J. Tharp Jr. of the U.S. District Court for the Northern District of Illinois granted Trustwave's motion to dismiss and dismissed the case without prejudice.
In February 2013, a South Carolina court dismissed putative class action claims against Trustwave because the plaintiffs alleged only risk of harm from the breach rather than actual harm (12 PVLR 438, 3/11/13).
The plaintiff's claimed injuries included untimely or inadequate breach notification, improper disclosure of PII, loss of privacy, out-of-pocket expenses to mitigate an increased risk of identity theft/fraud, value of time spent mitigating identity theft/fraud, deprivation of the value of PII and violations of rights under the Fair Credit Reporting Act, the court explained.
Given that such injuries “are premised on the mere possibility that her PII was stolen and compromised, and a concomitant increase in the risk that she will become a victim of identity theft, Strautins' claim is too speculative to confer Article III standing,” the court said.
As in Clapper v. Amnesty International USA, 133 S. Ct. 1138, 2013 BL 50248 (2013) , the plaintiff failed to allege facts that would establish a “certainly impending” risk of injury, the court said.
The court rejected the plaintiff's attempt to rely on the U.S. Court of Appeals for the Seventh Circuit's decision in Pisciotta v. Old National Bancorp, 499 F.3d 629 (7th Cir. 2007), holding that consumers whose online banking information had been hacked had standing based on their risk of future harm .
In addition to predating Clapper, the Seventh Circuit's decision didn't explore thresholds for “probabilistic harm,” suggesting that any degree of risk exposure could confer standing, the district court said.
“Clapper does not completely close the door on probabilistic harm as a basis for standing--harm that is 'imminent' or 'certainly impending' is, by definition, harm that has not occurred,” the court said. “Nevertheless, the import of the Supreme Court's decision in Clapper is that, whatever verbal formulation is used to describe it, the threshold of probability for injuries that have not actually occurred is high.”
The complaint also fails to state a claim because it doesn't plausibly establish that the plaintiffs' PII was stolen and compromised, the court said. The Department of Revenue made clear that tax filers' PII was possibly compromised, the court said.
The Coffman Law Firm and Barnow and Associates PC represented the named plaintiff. Kirkland & Ellis LLP represented Trustwave.
Full text of the court's opinion is available at http://www.bloomberglaw.com/public/document/Strautins_v_Trustwave_Holdings_Inc_No_12_C_09115_2014_BL_67509_ND.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)