Supreme Court denies writ challenging data breach standing
On February 20, the U.S. Supreme Court denied without comment a medical insurance company’s petition for writ of certiorari to challenge an August 2017 D.C. Circuit Court of Appeals decision, which reversed the dismissal of a data breach suit filed by the company’s policyholders in 2015. According to the D.C. Circuit opinion, the policyholders sued the medical insurance company after the company announced that an unauthorized party had accessed personal information for 1.1 million members. The lower court dismissed the policyholder’s case, holding that they did not have standing because they could not show an actual injury based on the data breach. In reversing the lower court’s decision, the D.C. Circuit, citing the Supreme Court ruling in Spokeo, Inc. v. Robins, held that it was plausible that the unauthorized party “has both the intent and the ability to use [the] data for ill.” This was sufficient to show that the policyholders had standing to bring the claims because they alleged a plausible risk of future injury.