Welcome to the start of the second week of February! How’s the semester going so far? I hope you have a beautiful week ahead because you deserve nothing but the best! Keep working hard, keep studying, and know you are another week closer to your dream of becoming a lawyer. This week, I want to present to you a case dealing with standing. We mainly learn about the concept of standing in Civil Procedure and speak more about it in Constitutional Law. Whether you took that class, are in it, or still have to take it, this is a great case to read because it is a real case that shows the importance of standing and how one must have it in order to bring a lawsuit. Happy Reading!
Plaintiff was a Macy’s customer whose credit card information and identity were stolen in a cyberattack on Macy’s online database. The Plaintiff alleged that even though the hackers did not misuse his information after stealing it, the data breach caused him emotional distress. He also claimed he lost “time and money attempting to remediate the situation by cancelling his credit card, contacting each vendor that had his card number on file, and purchased data monitoring services to protect against future breaches.” The Plaintiff also alleged that he had increased risk of future harm due to the breach which constituted sufficient injury-in-fact to satisfy the standing requirement.
The Defendant, Macy’s, Inc., filed a Motion to Dismiss claiming that such harms were insufficient to constitute an injury-in-fact that would set grounds for standing to bring his claim. The judge agreed with the Defendant.
Judge Patti B. Saris referenced a Supreme Court case that decided in 2013, that a Plaintiff threatened with future injury has standing to sue when such injury is, “certainly impending”, or when there is, “substantial risk that the harm will occur.” Clapper v. Amnesty Int’l. Judge Saris stated that, “Here, even under the caselaw most generous to finding standing, [Plaintiff] has not alleged sufficient facts to support a substantial risk of future harm.” The judge continued to conclude that, “First, there are no allegations of any fraudulent use or even attempted use of the personal information to commit identity theft with respect to any Macy’s customer whose credit information was stolen. Second, the information stolen was not highly sensitive or immutable like social security numbers. Third, immediate cancellation of a credit card can effectively eliminate risk of credit card fraud in the future.” The judge granted the Defendant’s Motion to Dismiss for the Plaintiff’s lack of standing.
Massachusetts Lawyer’s Weekly, Vo. 49, No. 47.
If you were the presiding judge over this case, how would you rule?
If I was the presiding judge over this case, I would most likely rule as judge Patti B. did here and grant the defendant’s motion to dismiss because plaintiff has not proven the prima facies case beyond a reasonable doubt for emotional distress. Although plaintiff is upset about the breach of his identity from the department stores’ database cyberattack, I don’t see how the defendant can have standing to support his claim when we don’t know the particular harm he suffered from the defendant’s breach, or if that the harm will happen again.
ReplyDeleteHere, the plaintiff failed to state a claim upon which relief can be granted because the defendant suffered no specific damages to prove that the breach caused him emotional distress when plaintiff’s highly sensitive information was not used in any fraudulent activities following the breach. Furthermore, the plaintiff’s decision to monitor his credit through data monitoring services was for his benefit as a precautionary measure to protect his identity from unprivileged future breaches. Although it might have been a lot of work and time consuming to cancel each credit cards, that still does not support plaintiff’s standing to prove all the elements of emotional distress. Lastly, although plaintiff’s identity was compromised in the data breach, it does not appear that defendant intended, had knowledge or purpose to use plaintiff’s identify information in any fraudulent activity to cause him harm.
Thank you so much for your great comment! Exactly, just as judge Patti B. stated, the Plaintiff did not suffer from attempted use or use of his card by another because he had already called and cancelled his card before then. Standing requires the Plaintiff to have been injured or show some sign of imminent injury. In this case, neither occurred. Thank you for your comment. Love your analysis!
DeleteOscar,
ReplyDeleteIf I were presiding over this case, I would rule as did the Judge in this case.
The reason being is that although the plaintiff did suffer an injury, having their credit card information stolen, the plaintiff was not harmed as a result of this breach. And only assumes that they will be harmed. This brings me to my next point. Although the breach occurred, the steps taken by the plaintiff prevented them from being a target, which prevented any possible injury that would have occurred as a result of the breach. Lastly, the fact that the plaintiff assumes that they will be targeted, or have a higher probability of being targeted is without merit, or proof. It is just as likely that they will not be the subject of an attack due to the loss of their credit information, which was changed. Due to it being up in the air as it is, the matter has not yet reached the level of ripeness, and thus cannot be ruled on by the Judge. In closing, there was no true injury, and the anticipated attack on the plaintiff by the plaintiff is not ripe enough to be ruled on by the Judge.
Wow, great analysis Oscar! I agree with you. You spoke about ripeness and standing, and both are prominent concepts in this case. Thank you for sharing your comment with us!
Delete