U.S. Supreme Court Declines to Revisit Data Breach Standing Debate

June 17, 2019

 

US-Supreme-Court-Opinions

Recently, the Supreme Court denied a petition for writ of certiorari to resolve the circuit split on standing in data breach class-action lawsuits[1]. This highly contested issue – whether a data breach or unauthorized disclosure, alone, constitutes an injury sufficient to establish standing – is one in need of attention and review. 

Additionally, this is the second time the Supreme Court has declined to revisit this issue[2]. For many companies, this decision is disheartening because Supreme Court review could provide guidance and clarification to limit their liability in data breach cases. For plaintiffs who have established standing based on allegations that their information was stored in a breached database, although absent claims that their information was misused, this is a welcomed response. The crux of this ongoing debate is whether a breach of someone’s data – without evidence of a later misuse of that data – satisfies the injury element needed to confer standing.

Remember Spokeo[3]? There, the Supreme Court opined that “standing requires a concrete injury even in the context of a statutory violation.” Since that decision, courts have been split on whether data breaches or unauthorized disclosures alone constitute an injury sufficient to establish one of the prongs of standing. Currently, the Third, Sixth, Seventh, Ninth, and the D.C. Circuits have found that a mere data breach may be a sufficient injury to establish standing. The First, Second, Fourth, and Eighth Circuits on the other hand have found that future harm as a result of a data breach is too speculative to meet standing requirements. 

For the foreseeable future it may be unlikely to see the Supreme Court clarify standing in the context of data breach cases, although pressure appears to be mounting. Until then, it may be best to consider the laws of the circuit where claims are filed and how those circuits view standing to sue.

[1] Zappos.com, Inc. v. Stevens, 203 L.Ed.2d 609 (U.S. 2019)

[2] Frank v. Gaos, 139 S. Ct. 1041 (2019)

[3] Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016)

 

 This information has been prepared by Validity Screening Solutions for informational purposes only and is not legal advice. The content is intended for general information purposes only, and you are urged to consult a lawyer concerning your own situation and any specific legal questions you may have.

 

Topics: Background Checks, Compliance



Jessica L. Troncoso, J.D.

Written by Jessica L. Troncoso, J.D.

Jessica focuses on Validity’s knowledge base of all laws, statutes, and enforcement actions regulating the employment screening industry. Jessica began in the Quality Assurance Department of Validity in 2012 and later worked remotely with the Research Department while attending law school. Jessica worked as a Judicial Extern for the Honorable Brian C. Wimes of the United States District Court for the Western District of Missouri and the Honorable Peggy Stevens McGraw of the 16th Circuit Court of Jackson County, Missouri.