In an opinion issued today (January 25, 2019), the Illinois Supreme Court found that a Six Flags season pass holder can claim a violation of the state’s biometric privacy law by collecting the thumbprint of plaintiff Stacy Rosenbach’s son without permission, even without alleging any actual harm.  This is an important ruling that could impact

On December 19, 2016, the U.S. District Court for the District of Kansas denied a motion to dismiss, ruling that the named plaintiff for a putative class, approximately two thousand former and current employees whose personal information had been compromised as a result if a phishing attack, had alleged sufficient harm for standing under Spokeo

computer securityCourts and litigants find themselves standing on the precipice of Spokeo v. Robins, a monumental Supreme Court decision that could have potentially wide-ranging implications for data breach cases. Given the Court’s holding in Spokeo that a plaintiff must allege and prove more than just “a bare procedural violation” to satisfy the “concrete injury” component of standing’s injury-in-fact requirement, it may prove difficult for data-breach plaintiffs to survive challenges to their allegations of standing. For example, even if a consumer’s data has been stolen, a third party (such as a bank) may ultimately pay for any out-of-pocket losses (for instance, in the case of stolen credit card numbers). Thus, in the absence of any actual monetary losses, which is often the case, plaintiffs are forced to rely on allegations of an increased likelihood of fraud or identity theft. But as the initial influx of post-Spokeo cases make clear, plaintiffs must establish that their risk of future harm is more than speculative, a leap which some courts have been reluctant to take.
Continue Reading Standing on the Precipice: The Actual Injury Requirement After Spokeo