On June 25, 2021, the U.S. Supreme Court decided TransUnion v. Ramirez, which held that even when a statute has been violated, and that statute provided a private right of action, plaintiffs still need a concrete injury in fact to have standing to bring a lawsuit in federal court. In this case, the statutory framework at issue is the Fair Credit Reporting Act (FCRA). Though this case arises in the context of the FCRA, its outcome is likely to have a sweeping impact on many areas of class action litigation where the concreteness of injury is at issue, such as data breach litigation.
Continue Reading No Harm, No Foul: Supreme Court Narrows Article III Standing to Require That All Class Members Suffer a Concrete Injury in Fact

Last year, the U.S. Supreme Court issued a decision in Spokeo Inc. v. Robins, holding that a plaintiff bears the burden of establishing Article III standing by alleging an injury in fact that is concrete, particularized, and actual or imminent.1 The Court stated that “Article III standing requires a concrete injury even in the context of a statutory violation,” and that a plaintiff cannot “allege a bare procedural violation, divorced from any concrete harm, and satisfy the injury in fact requirement of Article III.”2

Following Spokeo, courts across the nation have been grappling with how to interpret and apply the decision. In particular, a jurisdictional divide has arisen regarding courts’ interpretations of the standing issue in Fair Credit Reporting Act (FCRA) consumer protection class actions. Courts in the Seventh and Eighth Circuits, for example, have tended to find no standing in FCRA cases.3 Conversely, the Ninth Circuit has leaned toward plaintiff-friendly findings of standing in FCRA cases.4 Thus, the post-Spokeo FCRA class action jurisprudence demonstrates the criticality of forum in determining a defendant’s likelihood of success in challenging standing.Continue Reading Post-Spokeo Jurisdictional Divide Continues as Northern District of California Rejects TransUnion’s Lack of Standing Argument

Data may well be the asset of the 21st century, but selling access to certain data about individuals may raise the risk of attracting unwanted attention from both regulators1 and class action litigants. As organizations collect more types of data about consumers, they are more likely to have data that may constitute “consumer report” data under the Fair Credit Reporting Act (FCRA).2 Organizations that try to monetize such data by selling access to consumer profiles can easily run afoul of the FCRA.

This article discusses recent Federal Trade Commission (FTC) enforcement actions against two background check companies that allegedly failed to avoid the FCRA trip wires and face a combined $1.5 million in fines.3 The FTC aggressively enforces the FCRA and violations commonly occur due to a failure to create and implement adequate policies and procedures. This article also explains how the U.S. Supreme Court may review the Ninth Circuit’s recent decision to join other federal appellate courts in making FCRA class action lawsuits easier to bring for plaintiffs. Given the appellate courts’ interpretations of the FCRA, plaintiffs likely will increasingly make FCRA claims in an effort to obtain compensation for alleged general privacy violations. Any organization that sells access to data profiles about individuals is advised to determine whether it must comply with the FCRA and, if necessary, implement policies and procedures that meet the FCRA’s requirements.
Continue Reading FTC Continues Its Aggressive FCRA Enforcement and Ninth Circuit Lowers Standing Threshold in FCRA Cases

In early May, Theodore Moss, the CEO of online background-check provider Crimcheck.com, received a letter from the Federal Trade Commission (FTC) notifying him that “recent test-shopping contacts” had indicated that his company was possibly selling consumer information unlawfully.1 Crimcheck.com provides background-check services to businesses conducting employment screenings for potential job candidates.2 Such companies, often referred to as “data brokers,” collect and compile information on individual consumers, drawing from public sources such as court databases and consumer credit records to piece together profiles of individuals’ financial, retail, recreational, and criminal behaviors.3 But it is precisely that assembling of detailed information on individuals—even information compiled from public sources—that can trigger provisions of the Fair Credit Reporting Act, prompting the FTC to take a closer look at how these companies collect and use consumer information.
Continue Reading Policing Privacy: Undercover FTC Staff “Test-Shop” Data Brokers to Identify FCRA Violators