Second Circuit rules that risk of future identity theft not enough to support standing in data breach class action

Elizabeth Casale, Rachel Harris, Layla Husen, and Luke Sosnicki of of Thompson Coburn write:

The Second Circuit recently joined a growing number of federal courts to decide when a data breach of personally identifiable information (“PII”) is actionable. According to the Second Circuit, plaintiffs do not have standing to bring a lawsuit when there is no allegation their PII was targeted or misused.

…. In McMorris v. Carlos Lopez & Associates, former employees brought a class action after an employer accidentally emailed 65 employees a spreadsheet containing social security numbers, home addresses, dates of birth, telephone numbers, educational degrees, and dates of hire for approximately 130 current and former employees.[1] The plaintiffs alleged they were “at imminent risk of suffering identity theft” and becoming victims of “unknown but certainly impending future crimes.”  However, the plaintiffs did not allege that the spreadsheet was shared with anyone outside the employer or otherwise taken or misused by third parties.

Read more on JDSupra.

About the author: Dissent

Comments are closed.