The Injuries Reilly Ignored: Consumer Data Breaches and Injury-in-Fact

Law student Shannon Grammel writes:

The U.S. Supreme Court denied review in 2012 to thousands of individuals whose data was breached who were alleging increased harm of identity theft and seeking to reverse the U.S. Court of Appeals for the Third Circuit’s decision to deny them standing in Reilly v. Ceridian Corp.1 In so doing, the Supreme Court declined a valuable opportunity to address the Third Circuit’s flawed renunciation of the parallels between data breach, medical monitoring and toxic tort cases.2 Such renunciation erred in conspicuously excluding from its calculus two critical injuries present in all three types of cases: heightened “at risk” status and fear of future harm. These injuries, this article argues, ought to have sufficed for Article III standing in Reilly.

This article proceeds in four parts. It first summarizes the injury-in-fact standing requirement. Next, it introduces the circuits’ divergent approaches to analogizing data breach, medical monitoring, and toxic tort cases. An illustration of the critical oversight the Third Circuit made in mistakenly rejecting these analogies follows. It concludes by urging that the present injuries of “at risk” status and fear of future harm be given their due consideration in the standing calculus.

Read more on Bloomberg BNA.

About the author: Dissent

Comments are closed.