Tag: standing

1
The Door May Be Open, but the Ride Isn’t Free: Seventh Circuit Allows Data Breach Class Action to Survive Pleading Stage but Signals Tough Road Ahead for Plaintiffs
2
Risky Business: Whether an Increased Risk of Harm Supports Legal Standing in Data Breach Class Actions Continues to Divide Federal Courts of Appeals
3
Dismissing FDCPA Lawsuit, Sixth Circuit Calls Out Congress for Creating Statutory Remedies Where No Harm Has Occurred
4
Ninth Circuit Ruling Rejects FACTA Suit under Spokeo, Avoiding Circuit Split
5
Standing to Sue under the Fair and Accurate Credit Transactions Act after Spokeo
6
Into The Breach: D.C. Circuit Weighs in on Circuit Split Regarding Standing in Data Breach Class Actions
7
Federal Government Not Successful in Moving to Dismiss First Amendment Challenge to TCPA
8
Hold On, You Didn’t Overpay for That: Courts Address New “Overpayment” Theory from Plaintiffs in Data Breach Cases
9
A Guaranty Is Only As Good As The Person Who Signs It: Enforcing Commercial Lending Guaranties In Massachusetts

The Door May Be Open, but the Ride Isn’t Free: Seventh Circuit Allows Data Breach Class Action to Survive Pleading Stage but Signals Tough Road Ahead for Plaintiffs

By Andrew C. Glass, David D. Christensen, and Matthew N. Lowe

In Dieffenbach v. Barnes & Noble, Inc.,[1] the Seventh Circuit allowed a data breach class action to survive the pleadings stage, including a challenge to the plaintiffs’ standing.  At the same time, the Court indicated that the plaintiffs may have a tough time proving their claims on the merits or establishing that class certification is warranted.  That warning may put the brakes on this action as well as others brought on a similar theory of liability.

Read More

Risky Business: Whether an Increased Risk of Harm Supports Legal Standing in Data Breach Class Actions Continues to Divide Federal Courts of Appeals

By: Andrew C. Glass, David D. Christensen, and Matthew N. Lowe

Every data breach class action in federal court must confront a threshold question: has the plaintiff alleged a sufficient “injury in fact” to establish Article III standing?  The inquiry frequently focuses on whether a plaintiff has standing simply by pleading an increased risk of future injury from the theft of personal identifying information (PII).  This is because many named plaintiffs do not––because they cannot––allege any present harm.  The federal courts of appeals continue to weigh in on the issue of whether allegations of possible future harm suffice for Article III purposes.  But far from providing clarity or consensus, recent appellate decisions have reached differing conclusions, which appear highly dependent on the nature of the facts alleged in each case.[1]

Read More

Dismissing FDCPA Lawsuit, Sixth Circuit Calls Out Congress for Creating Statutory Remedies Where No Harm Has Occurred

By Andrew C. Glass, Gregory N. Blase, Roger L. Smerage, and David A. Mawhinney

The Sixth Circuit Court of Appeals recently ended a Fair Debt Collection Practices Act (“FDCPA”) lawsuit because the plaintiffs could not show that the allegedly offending letter had caused them actual harm.  In Hagy v. Demers & Adams,[1] the Sixth Circuit held that the plaintiffs lacked standing to sue a law firm for its technical FDCPA violation, namely failing to identify itself as a debt collector in a letter to the plaintiffs.  Debt collectors will likely applaud the practical and sensible approach the Sixth Circuit applied in Hagy.  The decision is remarkable, however, for its constitutional rebuke of Congress.  Reminding the legislative branch that it lacks general police powers to create statutory remedies where no actual harm exists, the Sixth Circuit’s decision suggests — without specifically stating — that the statutory damage provision of the FDCPA may be unconstitutional. Read More

Ninth Circuit Ruling Rejects FACTA Suit under Spokeo, Avoiding Circuit Split

By Andrew C. Glass, Gregory N. Blase, and Roger L. Smerage

The Ninth Circuit recently held in Bassett v. ABM Parking Services, Inc. that a plaintiff cannot establish Article III standing to maintain a Fair and Accurate Credit Transactions Act (“FACTA”)[1] claim merely by pleading that a business printed a credit card expiration date on the plaintiff’s receipt.[2]  In so ruling, the Ninth Circuit followed similar rulings by the Second and Seventh Circuits, avoiding a potential circuit split.  As explained below, the Bassett decision is the latest in a growing majority of cases in the wake of Spokeo, Inc. v. Robins[3] that demand a plaintiff allege actual harm to maintain a FACTA damages claim—even one for statutory damages based on an alleged willful violation.

Read More

Standing to Sue under the Fair and Accurate Credit Transactions Act after Spokeo

By: Andrew C. Glass, Gregory N. Blase, and Roger L. Smerage

After paying for groceries with a credit card or debit card, the clerk hands the receipt to the customer. In addition to the last four digits of the card number, it contains the first digit.  Or perhaps it contains the first six digits.  Or maybe the expiration date.  Is this a concrete injury that provides the customer standing to sue the grocery store?

That is the question federal courts have grappled with since the Supreme Court decided Spokeo, Inc. v. Robins[1] in May 2016.  The Fair and Accurate Credit Transactions Act (“FACTA”)[2] regulates retailers’ conduct in printing card number information on customers’ receipts and provides a private right of action for alleged violations.  But, as discussed below, a customer may not have standing to sue in federal court or even in certain state courts just because a violation may have occurred.

Read More

Into The Breach: D.C. Circuit Weighs in on Circuit Split Regarding Standing in Data Breach Class Actions

By Andrew C. Glass, David D. Christensen, and Matthew N. Lowe

The D.C. Circuit recently gave its opinion as to whether pleading an increased risk of future injury is sufficient to establish Article III standing to sue in a data breach class action filed in federal court. The issue has divided federal circuit courts of appeals.

In answering in the affirmative, the D.C. Circuit joined the view of the Sixth, Seventh, and Eleventh Circuits. Compare Attias v. CareFirst, Inc., — F.3d —-, No. 16-7108, 2017 WL 3254941 (D.C. Cir. Aug. 1, 2017), with Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012); Galaria v. Nationwide Mut. Ins. Co., 663 Fed. Appx. 384 (6th Cir. 2016) (unpublished); Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016); and Remijas v. Neiman Marcus Grp., LLC, 794 F.3d 688 (7th Cir. 2015).  In Attias, the plaintiffs did not allege that they had suffered identity theft as the result of a hacking incident involving a system containing their data.  The defendant argued that the mere threat of future harm was too speculative to give rise to standing.  But the D.C. Circuit held that it was plausible that the unauthorized party had “the intent and the ability to use [the] data for ill” and thus that the plaintiffs had jurisdictional standing at least at the pleading stage. Id. at *1, *5-*6.  Notably, the standing issue arises under Fed. R. Civ. P. 12(b)(1) as an issue of subject matter jurisdiction. The D.C. Circuit did not otherwise decide whether the plaintiffs’ allegations stated a claim that could withstand a motion to dismiss under Fed. R. Civ. P. 12(b)(6), allowing the district court the opportunity to first review the question.

By contrast, the Second and Fourth Circuits have held that data breach plaintiffs lack standing where they plead nothing more than an increased risk of future injury. See Whalen v. Michaels Stores, Inc., — Fed. Appx. —-, No. 16-260, 2017 WL 1556116, at *1 (2d Cir. May 2, 2017) (unpublished); Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017), cert. denied sub nom., Beck v. Shulkin, No. 16-1328, 2017 WL 1740442 (U.S. June 26, 2017).

Notwithstanding the circuit court split, the United States Supreme Court has yet to grant certiorari to review the issue. We will continue to monitor and report on developments in data breach standing law as they occur.

Federal Government Not Successful in Moving to Dismiss First Amendment Challenge to TCPA

By Andrew C. Glass, Gregory N. Blase, Christopher J. Valente, and Michael R. Creta

A North Carolina federal district court recently denied a motion by the federal government to dismiss claims raising a First Amendment challenge to a portion of the Telephone Consumer Protection Act (“TCPA”). See American Ass’n of Political Consultants v. Lynch, Case No. 5:16-00252-D (E.D.N.C.). At this early stage of the case, the government did not address the substance of the constitutional challenge. Rather, the government asserted that the court did not have jurisdiction over the case and that the political organizations which filed the suit did not have standing to maintain suit. The court, however, rejected the government’s arguments and allowed the case to proceed.

Read More

Hold On, You Didn’t Overpay for That: Courts Address New “Overpayment” Theory from Plaintiffs in Data Breach Cases

By Andrew C. Glass, David D. Christensen and Matthew N. Lowe

With the ever-increasing amount of personal information stored online, it is unsurprising that data breach litigation has become increasingly common. A critical issue in nearly all data breach litigation is whether a plaintiff has standing to pursue claims—especially where there is no evidence of actual fraud or identity theft resulting from the purported data breach. The plaintiffs’ bar has pursued a litany of legal theories in the attempt to clear the standing hurdle, including the recent theory of “overpayment” (a/k/a “benefit of the bargain” theory). Under this theory, the plaintiff alleges that the price for the purchased product or service—whether sneakers, restaurant meals, or health insurance—included some indeterminate amount allocated to data security. Depending on how the theory is framed, the purported “injury” is either that the plaintiff “overpaid” for the product or service, or that the plaintiff did not receive the “benefit of the bargain,” because the defendant did not appropriately use the indeterminate amount to provide adequate data security. Despite plaintiffs’ attempts to establish standing through this novel theory, courts have limited its applicability in a variety of ways discussed in this alert.

To read the full alert, click here.

A Guaranty Is Only As Good As The Person Who Signs It: Enforcing Commercial Lending Guaranties In Massachusetts

By: Robert W. Sparkes, III and David A. Mawhinney

Guaranties are common practice in the commercial lending industry. Typically, the borrower is a small corporation, limited liability company, or similar entity that is thinly capitalized with few (likely encumbered) assets. Under these circumstances, the borrower’s promise to pay a debt is cold comfort to a commercial lender in the event of a default, where its only source of recovery is likely to be the collateral it holds. For this reason, commercial lenders often condition loans not only on a security interest in the borrower’s property, but also on a separate, individual guaranty agreement executed by a third party, usually the principals of the corporate borrower. Such guaranties provide another avenue through which commercial lenders may recover loan amounts and damages due to the borrower’s default.

To read the full alert, click here.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.