Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
The U.S. Supreme Court Feb. 20 opted not to settle a question that has left plaintiffs, attorneys, and companies on the edge of their seats: how much harm must a data breach victim suffer to pursue claims in federal court?
At stake is a pot of gold. Every year, large numbers of data breaches are reported, with 2017 seeing an all-time high, according to the Identity Theft Resource Center. If a plaintiff class can proceed with a case, the damages could be large. The question is: if a plaintiff is left unscathed by a data breach, can he or she show enough harm to sustain a lawsuit? The answer would be a game-changer for consumers and companies.
Federal appeals courts have been split on whether mere fear of identity theft constitutes sufficient harm to support consumer data breach cases. The Sixth, Seventh, Ninth and D.C. Circuits have found a substantial risk of identity theft is enough to bring claims in federal court. The Third and Fourth Circuits have ruled that such harms are too speculative
The rejection of a request for review by CareFirst Inc. signals Supreme Court comfort with its 2016 decision in Spokeo, Inc. v. Robins, which held that plaintiffs must allege harm that is “actual or imminent,” rather than speculative, to have standing in federal court. The high court may be messaging that lower courts need more time to apply Spokeo in data breach cases, attorneys told Bloomberg Law Feb. 20.
The Supreme Court likely “believes that the law is still in a state of constant change, which it is, and they may want to see more solidification of the split before weighing in,” Alfred J. Saikali, litigation partner at Shook Hardy & Bacon LLP and chair of the firm’s privacy and data security practice, said.
Courts that have been favorable to plaintiffs in data breach cases, such as the Sixth, Seventh, Ninth and D.C. Circuits, will likely be the battleground for more clarity.
“There are now several Circuits that have carved out a more favorable standard for plaintiffs, and we can expect their attorneys to take full advantage of that,” Frances Goins, litigation partner at Ulmer & Berne LLP in Cleveland and co-chair of the firm’s cybersecurity and privacy practice, told Bloomberg Law.
“The Supreme Court’s cert denial is consistent with Spokeo’s intended effect, as confirmed by the several appellate court decisions since Spokeo demonstrated that plaintiffs can satisfy standing without further guidance from the Court,” Amy E. Keller, class action litigation partner at DiCello Levitt & Casey LLC in Chicago and co-lead attorney for plaintiffs in Equifax Inc.'s data breach class action, told Bloomberg law.
A CareFirst spokesman declined Bloomberg Law’s email request for comment. Plaintiffs’ representatives didn’t immediately respond to Bloomberg Law’s email requests for comment.
“In the absence of government action, consumers can still rely upon private, civil lawsuits (such as class actions) to enforce their rights and seek damages for injuries that result from data breaches,” Keller said.
In any event, don’t expect the Supreme Court to settle data breach harm issues in the near future, attorneys said.
“The law will continue to be unsettled for the foreseeable future, a condition that will likely work to plaintiffs’ advantage,” Goins said.
The case arose out of 2015 data breach that compromised the information of 1.1 million CareFirst customers. CareFirst asked the Supreme Court to review an August 2017 ruling by the U.S. Court of Appeals for the District of Columbia Circuit that revived class data breach claims.
CareFirst was represented by Eversheds Sutherland LLP. The plaintiffs were represented by Paulson & Nace Pllc and the Giatras Law Firm.
The case is CareFirst, Inc. v. Attais, U.S., No. 17-641, review denied 2/20/18 .
To contact the reporter on this story: Daniel R. Stoller in Washington at email@example.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)