Eighth Circuit Finds Standing, but Ultimately Rejects Claims, in Data-Breach Suit

Cruz-Alvarez_F

Featured Expert Contributor—Civil Justice/Class Actions

Frank Cruz-Alvarez, Shook, Hardy & Bacon L.L.P., with Rachel Forman, Shook, Hardy & Bacon L.L.P.

On August 21, 2017, the U.S. Court of Appeals for the Eighth Circuit, in Kuhns v. Scottrade, Inc., 868 F.3d 711 (8th Cir. 2017), affirmed the district court’s dismissal of a consolidated class action complaint.  The Eighth Circuit disagreed with the district court and held that the plaintiff had Article III standing for the contract-related claims, but nonetheless affirmed the dismissal of the complaint because it failed to state a claim upon which relief could be granted. Continue reading “Eighth Circuit Finds Standing, but Ultimately Rejects Claims, in Data-Breach Suit”

Is D.C. Circuit’s Data-Breach Standing Decision a Tipping Point for High Court Review?

cohen-david-tGuest Commentary by David T. Cohen, Counsel at Ropes & Gray LLP in its New York, NY office.

Article III of the U.S. Constitution requires all private litigants in federal court to establish “standing,” that is, to show that they are proper litigants to raise the defendant’s alleged legal violations with the court. To have standing, a plaintiff must face an actual or sufficiently imminent future injury from the legal violation.  Several recent federal appellate decisions have grappled with the issue of when, if ever, a plaintiff whose personal information was compromised in a data breach—but who has suffered no actual harm from that compromise—faces a sufficiently imminent future harm to have Article III standing.

One such recent case stands out from the pack, both because it hails from the particularly prominent U.S. Court of Appeals for the D.C. Circuit, and because it is the subject of a forthcoming petition for a writ of certiorari, setting the stage for what could become the first-ever ruling by the U.S. Supreme Court on the issue in a data breach matter. Continue reading “Is D.C. Circuit’s Data-Breach Standing Decision a Tipping Point for High Court Review?”

Ambiguity Eclipses Clarity in Two Post-“Spokeo” Standing-to-Sue Decisions

9thCirIn addition to an America-only total solar eclipse, August has brought us a remarkable flurry of significant federal appeals court decisions. Among those decisions were two that addressed a hotly contested procedural issue: plaintiff’s standing to sue for violation of a federal statute.

The rulings, both of which interpreted and applied the 2016 US Supreme Court Spokeo, Inc. v. Robins decision, further clarified that decision’s main holding while also exacerbating the confusion over what constitutes a “concrete and particularized” injury.

We’ve written quite a bit about Spokeo and its progeny here. There, the Court held that plaintiffs alleging a “bare procedural violation” of a federal statute do not meet the “case or controversy” standing requirement of Article III of the US Constitution. Such litigants must also claim an injury-in-fact, i.e. a harm that is concrete and particularized to them. Justice Alito’s opinion offered very little guidance on how courts should make that determination. Continue reading “Ambiguity Eclipses Clarity in Two Post-“Spokeo” Standing-to-Sue Decisions”

Data-Breach Plaintiffs’ Lawyers Concoct New “Overpayment” Harm Theory, with Mixed Results

vtechPlaintiffs’ attorneys, like politicians, rarely let a good crisis go to waste. Digital crises, such as data-breach and hacking events, are no exception.

Defendants in data-breach-related lawsuits, however, have had a great deal of success beating back consumer-harm claims with motions to dismiss challenging plaintiffs’ lack of standing to sue. As in many of the food-labeling class actions that helped pave the way for data-breach suits, it is often hard for plaintiffs to identify any way that they were actually harmed—because typically they weren’t.

Some data-breach plaintiffs have begun to claim injury based on “overpayment.” Continue reading “Data-Breach Plaintiffs’ Lawyers Concoct New “Overpayment” Harm Theory, with Mixed Results”

What Does Nullifying FCC’s Broadband Privacy Rules Mean for Consumers?

FCCPresident Trump signed a Congressional Review Act (CRA) resolution on April 3, 2017 that nullified the Federal Communication Commission’s (FCC) privacy rule aimed at Internet Service Providers (ISPs).  As discussed in the WLF Legal Pulse’s reading list for FCC regulators last month, the Commission adopted the rule just before the 2016 election over the opposition of two Commissioners (including one who has since become FCC Chairman).  WLF filed comments last May opposing the proposed rule.  Many media commentators and self-styled consumer advocates proclaimed that the proverbial sky was falling due to the nullification.  Such ideologically-fueled Chicken-Little rhetoric, however, does not reflect reality.

Post-nullification analyses bemoaned ISPs’ collection of consumers’ “personal information” and the ability of these companies to sell such information to expand their businesses.  Nay-sayers’ complaints essentially boiled down to the bromide offered in the Washington Post:  the CRA resolution “wipe[d] away landmark privacy protections for Internet users.” Continue reading “What Does Nullifying FCC’s Broadband Privacy Rules Mean for Consumers?”

Fourth Circuit: Unsubstantiated Risks Related to Data Breach Insufficient for Article III Standing

Civil Justice/Class Actions

Cruz-Alvarez_FFrank Cruz-Alvarez, a Partner in the Miami, FL office of  Shook, Hardy & Bacon L.L.P. with Rachel Forman, an Associate with the firm.

On February 6, 2017, the U.S. Court of Appeals for the Fourth Circuit, in the consolidated appeal Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017), affirmed the district court’s order dismissing the plaintiff veterans’ putative class-action claims against the Secretary of Veterans Affairs and Dorn Veterans Affairs Medical Center (“Dorn VAMC”) officials for lack of subject-matter jurisdiction.  The Fourth Circuit held that the plaintiffs “failed to establish a non-speculative, imminent injury-in-fact for purposes of Article III standing.” Id. at 267. Continue reading “Fourth Circuit: Unsubstantiated Risks Related to Data Breach Insufficient for Article III Standing”

Friday Finger on the Pulse: From Our Blogroll and Beyond

  • FCC privacy rule frowns upon arbitration, announces forthcoming rule to ban its use in Internet service provider-customer privacy disputes (Truth on the Market)
  • Five takeaways from influential Duke Law Center for Judicial Studies conference on settlement of class actions (Class Action Countermeasures)
  • DOJ’s settlement of two False Claims Act suits indicate impacts of Yates Memo and its call for individual accountability on federal civil enforcement (D&O Diary)
  • Why are certain counties in Pennsylvania (such as Lackawanna) strong magnets for tort litigation? (Scranton Times-Tribune; HT to Overlawyered, article quotes editor Walter Olson)
  • Empty claim on empty packaging space: Federal judge says “it defies logic” that slack fill in ibuprofen bottle (that lists pill count on label) would deceive plaintiff into a purchase (Drug and Device Law)
  • Speaking of slack fill, a plaintiff named Wurtzburger is suing KFC for $20 million because her $20 bucket of chicken wasn’t overflowing (Abnormal Use)
  • Ninth Circuit denied rehearing in case discussed in WLF Legal Pulse guest commentary that equated falling air emissions with deposits of hazardous waste under CERCLA (Corporate Environmental Lawyer)
  • Ruling on a case noted in Sept. 30 WLF Legal Backgrounder, Seventh Circuit follows Supreme Court’s restrictive view of implied-certification theory under False Claims Act (Fried Frank FraudMail)
  • Two overlooked, but critical, aspects of DC Circuit’s decision finding the Consumer Financial Protection Bureau’s structure unconstitutional (Asset Securitization Report)
  • Expect more activist group petitions seeking threatened or endangered status for species based on future risk of climate change after recent adventurous Ninth Circuit ruling (Law and the Environment)