InfoBytes Blog

Florida appeals court: Injury required for FACTA standing

On July 13, a Florida District Court of Appeals affirmed the dismissal of Fair and Accurate Credit Transactions Act (FACTA) class claims brought against a defendant shoe company after determining that the lead plaintiff lacked standing because he suffered no “distinct or palpable” injury. The plaintiff first filed a class action suit in federal court, claiming a receipt he received from the company included 10 digits of his credit card number—a violation of FACTA’s truncation requirement, which only permits the last five digits to be printed on a receipt. The plaintiff did not allege that his credit card was used, lost, or stolen in any way, nor was evidence presented to show there was any danger of his credit card being used. The suit was stayed pending the resolution of a different FACTA dispute in the U.S. Court of Appeals for the Eleventh Circuit. As previously covered by InfoBytes, a split en banc 11th Circuit concluded that the plaintiffs in that separate action lacked standing because they did not allege any concrete harm and vacated a $6.3 million settlement. Specifically, the en banc majority rejected the named plaintiff’s argument that “receipt of a noncompliant receipt itself is a concrete injury,” and noted that “nothing in FACTA suggests some kind of intrinsic worth in a compliant receipt.”

Following the 11th Circuit decision, the parties agreed to dismiss the federal action and remanded a later-filed action to state court where the plaintiff argued that “state standing was plenary and therefore less restrictive than federal standing.” The trial court disagreed and granted the defendant’s motion to dismiss, ruling that “Florida requires a concrete injury to have standing,” and “alleging a mere statutory violation does not convey standing per se.” The trial court ruled that “obtaining a receipt in alleged violation of FACTA does not satisfy this requirement,” and the appeals court agreed, holding that, among other things, no actual damages occurred since nothing was alleged to have been charged to the plaintiff’s account, nor was there the imminent possibility of injury because the plaintiff retained possession of the receipt. In its opinion, the appellate court cited the U.S. Supreme Court’s decisions in Spokeo and TransUnion with approval, noting that “individuals ‘must allege some threatened or actual injury resulting from the putatively illegal action.’”

Courts State Issues Florida FACTA Privacy, Cyber Risk & Data Security Class Action U.S. Supreme Court Standing Appellate

Supreme Court limits class standing in FCRA suit

On June 25, the U.S. Supreme Court issued a 5-4 decision in TransUnion LLC v. Ramirez, holding that only a plaintiff concretely harmed by a defendant’s violation of the FCRA has Article III standing to seek damages against a private defendant in federal court. In writing for the majority, Justice Brett Kavanaugh reversed and remanded a 2020 decision issued by the U.S. Court of Appeals for the Ninth Circuit, which found that all 8,185 class members had standing to recover statutory damages due to, among other things, TransUnion’s alleged “reckless handling of information” from the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), which, according to the appellate court, subjected class members to “a real risk of harm” when TransUnion erroneously linked class members to criminals and terrorists with similar names in a database maintained by OFAC. (Covered by InfoBytes here.) The 9th Circuit, however, did reduce punitive damages, explaining that, although TransUnion’s “conduct was reprehensible, it was not so egregious as to justify a punitive award of more than six times an already substantial compensatory award.” TransUnion filed a petition for writ of certiorari after the 9th Circuit denied its petition for rehearing.

The Court considered whether federal courts can certify consumer classes where the majority of class members have not alleged the type of concrete injury necessary to establish Article III standing, even if the named plaintiff suffered an injury meeting this bar. The parties stipulated prior to trial that only 1,853 members of the class had misleading credit reports containing OFAC alerts provided to third parties during the period specified in the class definition, whereas the remaining class members’ credit files were not provided to any potential creditors during that period. In applying the standing requirement of concrete harm, the majority concluded that the 6,332 class members whose credit reports were not provided to third parties did not suffer a concrete harm and thus did not have standing as to the reasonable-procedures claim. The majority further determined that even though all 8,185 class members complained about alleged formatting defects in certain mailings sent to them by TransUnion, only the lead plaintiff had demonstrated that the alleged defects caused him concrete harm, thus only he could move forward with those claims. According to the majority, the remaining class members failed to explain how the formatting error prevented them from requesting corrections to prevent future harm.

“The mere existence of inaccurate information, absent dissemination, traditionally has not provided the basis for a lawsuit in American courts,” the majority wrote, adding that while the Court “has recognized that material risk of future harm can satisfy the concrete-harm requirement in the context of a claim for injunctive relief to prevent the harm from occurring, at least so long as the risk of harm is sufficiently imminent and substantial,” in this instance the 6,332 class members have not demonstrated that the risk of future harm materialized.

Courts U.S. Supreme Court FCRA Credit Reporting Agency Appellate Ninth Circuit OFAC Class Action Standing Financial Crimes

6th Circuit: “Anxiety and confusion” not an injury under FDCPA

On May 28, the U.S. Court of Appeals for the Sixth Circuit held that a consumer’s alleged “confusion and anxiety” does not constitute a concrete and particularized injury under the FDCPA. The plaintiff alleged that the defendant’s debt collector, an attorney’s office, violated the FDCPA when it communicated with him, on behalf of a bank, by sending a letter stating the plaintiff’s mortgage loan was sent to foreclosure. The letter also informed the plaintiff that the bank “might have already sent a letter about possible alternatives,” further explaining how the plaintiff could contact the bank “to attempt to be reviewed for possible alternatives to foreclosure.” The plaintiff also alleged that the attorney’s office “sent a form of this letter to tens of thousands of homeowners and that it did so without having any attorney provide a meaningful review of the homeowners’ foreclosure files, so the communications deceptively implied they were from an attorney.” The plaintiff alleged the letter confused him because he was unsure if it was from an attorney, and that, moreover, the letter “raised [his] anxiety” by suggesting “that an attorney may have conducted an independent investigation and substantive legal review of the circumstances of his account, such that his prospects for avoiding foreclosure were diminished.”

The 6th Circuit found the plaintiff’s allegations to “come up short” in regard to proving that the statutory violations caused him individualized concrete harm. In addition, the appellate court said that “confusion doesn’t have a close relationship to a harm that has traditionally been regarded as providing a basis for a lawsuit.”

Courts Appellate Sixth Circuit Debt Collection FDCPA Standing Spokeo

6th Circuit affirms dismissal of FACTA credit card receipt suit

On May 11, the U.S. Court of Appeals for the Sixth Circuit affirmed dismissal of a putative class action for lack of subject matter jurisdiction, holding that while a merchant technically violated the Fair and Accurate Credit Transactions Act (FACTA) by including 10 credit card digits on a customer’s receipt, the customer failed to allege any concrete harm sufficient to establish standing. According to the opinion, the named plaintiff filed a class action against the merchant alleging the first six and last four digits of her credit card number were printed on her receipt—a violation of FACTA’s truncation requirement, which only permits the last five digits to be printed on a receipt. The plaintiff argued that this presented “a significant risk of the exact harm that Congress intended to prevent—the display of card information that could be exploited by an identity thief,” and further claimed she did not need to allege any harm beyond the violation of the statute to establish standing. The district court disagreed, ruling that the plaintiff “lacked standing because she alleged merely a threat of future harm that was not certainly impending” and that the merchant’s technical violation demonstrated no material risk of identity theft.

In agreeing with the district court, the 6th Circuit concluded that a “violation of the statute does not automatically create a concrete injury of increased risk of real harm even if Congress designed it so.” Moreover, the appellate court reasoned that the “factual allegations in this complaint do not establish an increased risk of identity theft either because they do not show how, even if [p]laintiff’s receipt fell into the wrong hands, criminals would have a gateway to consumers’ personal and financial data.” The appellate court further concluded, “statutory-injury-for-injury’s sake does not satisfy Article III’s injury in fact requirement” and the court must exercise its constitutional duty to ensure a plaintiff has standing.

Courts Appellate Sixth Circuit FACTA Credit Cards Class Action Standing Privacy/Cyber Risk & Data Security Consumer Finance

7th Circuit: “Stress and confusion” not an injury under the FDCPA

On March 11, the U.S. Court of Appeals for the Seventh Circuit held that a consumer’s alleged “stress and confusion” did not constitute a concrete and particularized injury under the FDCPA. The plaintiff alleged that the defendant debt collector violated the FDCPA when it directly communicated with her by sending a dunning letter related to unpaid debt even though she had previously notified the original lender that she was represented by counsel and requested that all debt communications cease. The district court granted the defendant’s summary judgment motion on the grounds that the debt collector could not have violated the FDCPA “without having actual knowledge of [the consumer’s] cease-communication request.”

On appeal, the 7th Circuit concluded that the complaint should be dismissed for lack of subject-matter jurisdiction because the plaintiff lacked standing. The 7th Circuit held that the consumer’s allegations—that the dunning letter caused her “stress and confusion” and “made her think that ‘her demand had been futile’”—did not amount to a concrete and particularized “injury in fact” necessary to establish Article III standing under the FDCPA. The court further noted that “the state of confusion is not itself an injury”—rather, for the alleged confusion to be concrete, “a plaintiff must have acted ‘to her detriment, on that confusion.’” Here, the consumer pointed only to a statutory violation and “failed to show that receiving [the debt collector’s] dunning letter led her to change her course of action or put her in harm’s way.” Additionally, the appellate court found the consumer’s argument that the dunning letter also “invaded her privacy,” raised for the first time on appeal, unpersuasive because she did not allege that injury in the complaint.

Courts Appellate Seventh Circuit Debt Collection FDCPA Standing

11th Circuit: Future identity theft risk does not confer standing

On February 4, the U.S. Court of Appeals for the Eleventh Circuit affirmed dismissal of a class action complaint, which raised several claims against a restaurant following a data breach that exposed customers’ financial information, for the named plaintiff’s lack of standing. According to the opinion, a restaurant chain suffered a data breach when hackers gained access to customers’ credit and debit card information through an outside vendor’s remote connection tool. The restaurant chain provided notice to customers that their information “‘may’ have been accessed.” A consumer, who made two purchases during the data breach period, cancelled the credit cards he used and filed a class action two weeks after the announcement of the breach, alleging the company was negligent in failing to safeguard the credit card data, and violated the Florida Unfair and Deceptive Trade Practices Act (FUDTPA), among others. The district court dismissed the action for lack of standing, concluding that the consumer failed to identify a “single specific, concrete injury in fact that he or anyone else [] suffered as a result of any misuse of customer credit card information.”

On appeal, the 11th Circuit affirmed the district court’s holding. The appellate court rejected the consumer’s theories of standing, which were predicated on (i) a threatened “future injury” of identity theft, and (ii) the consumer’s alleged suffering of “mitigation injuries” (i.e., lost time, lost rewards points, and loss of access to accounts). The appellate court explained that in data breach cases like this, to have Article III standing the consumer must show a “substantial risk” of harm or that harm (e.g., identity theft) is “certainly impending.” The appellate court noted that despite the consumer still carrying “some risk of future harm involving identify theft,” that risk “is not substantial and is, at best, speculative” because the consumer “immediately cancelled his credit cards following disclosure [of the breach], effectively eliminating the risk of credit card fraud in the future.” Moreover, according to the appellate court, the consumer did not sufficiently allege an actual, present injury, through “inflicting injuries on himself to avoid an insubstantial, non-imminent risk of identity theft.” The appellate court reasoned that “[t]o hold otherwise would allow an enterprising plaintiff to secure a lower standard for Article III standing simply by making an expenditure based on a nonparanoid fear.”

Courts Privacy/Cyber Risk & Data Security Data Breach Appellate Eleventh Circuit Standing State Issues

Split en banc 11th Circuit vacates $6.3 million FACTA settlement

On October 28, the U.S. Court of Appeals for the Eleventh Circuit, in a 7-3 en banc decision, vacated a $6.3 million Fair and Accurate Credit Transactions Act (FACTA) class action settlement, concluding the plaintiffs lacked standing because they did not allege any concrete harm. According to the opinion, the named plaintiff filed a FACTA class action against a chocolate retailer, alleging that the retailer printed too many credit card digits on receipts over several years. The complaint only pursued statutory damages and explicitly stated it did “not intend[] to request any recovery for personal injury.” The parties agreed to settle the litigation for $6.3 million prior to the U.S. Supreme Court decision in Spokeo, Inc. v. Robins (holding that a plaintiff must allege a concrete injury, not just a statutory violation, to establish standing). After Spokeo, the district court approved the class action, and class objectors appealed, with one objector arguing that the district court lacked jurisdiction to approve the settlement because the named plaintiff did not allege an injury in fact. On appeal, the 11th Circuit issued multiple opinions, with the first two affirming the settlement approval. The full panel ordered a rehearing en banc, vacating the last opinion.

The en banc panel vacated the district court order approving the settlement, concluding that the named plaintiff lacked standing under Spokeo. Specifically, the panel rejected the named plaintiff’s argument that “receipt of a noncompliant receipt itself is a concrete injury,” noting that “nothing in FACTA suggests some kind of intrinsic worth in a compliant receipt.”  Moreover, the panel disagreed with the named plaintiff’s distinction that his claim was a “substantive” violation and not just a “procedural” one, reasoning that “no matter what label you hang on a statutory violation, it must be accompanied by a concrete injury.” Because the complaint did not allege a concrete injury, the panel vacated the order.

In dissent, one judge argued that the named plaintiff plausibly alleged concrete harm by establishing that the retailer’s FACTA violation elevated his risk of identity theft. In the second dissent, another judge asserted that both common law and congressional intent support the conclusion that the plaintiff’s complaint constitutes a concrete injury in fact. And lastly, the third dissent argued that the order should not be dismissed outright because the majority made “assumptions about the risks of identity theft without the benefit of a factual record, expert reports, or adversarial testing of the issue in the district court.” 

Courts Eleventh Circuit FACTA Settlement Class Action Spokeo Standing Appellate

11th Circuit will not rehear en banc city’s Fair Housing Act suit

On April 27, a majority panel for the U.S. Court of Appeals for the Eleventh Circuit denied the City of Miami Gardens’s petition for rehearing en banc after determining that the City “faced an uphill battle” to establish standing to bring a Fair Housing Act lawsuit against a national bank because it mainly relied on “an attenuated theory of injury.” As previously covered by InfoBytes, last July the 11th Circuit dismissed the City’s lawsuit against the bank for lack of standing after concluding, among other things, that the City’s evidence that certain loans may go into foreclosure at some point in the future “does not satisfy the requirement that a threatened injury be ‘imminent, not conjectural or hypothetical,’” and that the City failed to provide evidence that certain foreclosed loans had an effect on property-tax revenues or municipal spending or were issued on discriminatory terms. In explaining their decision to not rehear its 2019 ruling en banc, the majority stated that its decision—that the City failed to satisfy its burden of establishing standing—respects “the concerns and fairness and notice demanded by” both U.S. Supreme Court and 11th Circuit precedent. Two dissenting judges countered, however, that the rehearing should have been granted because, among other things, the 11th Circuit’s dismissal for lack of standing was done sua sponte “even though the City received neither proper notice that it failed to prove standing nor a legitimate opportunity to discover or produce the requisite evidence.”

Courts Appellate Eleventh Circuit Fair Lending Fair Housing Fair Housing Act Foreclosure Property Tax Standing Mortgages

7th Circuit holds both parties lack standing in FCRA suit

On January 28, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of claims and counterclaims in a privacy lawsuit, holding that neither party had standing under the Fair Credit Reporting Act (FCRA). In 2016, the consumer filed a lawsuit against the credit reporting agency claiming privacy violations and emotional distress after the agency released his credit information without authorization. According to the consumer, his credit information appeared on a “prescreen list” given to a prospective lender that was no longer under contract with the agency to make loan offers to pre-screened consumers. The agency filed an FCRA counterclaim arguing that the plaintiff violated the FCRA when he obtained a copy of the prescreen list without authorization in order to file the lawsuit. The district court dismissed both claims, ruling that neither party had standing to sue because they had not suffered a concrete injury.

On appeal, the 7th Circuit agreed with the decision, concluding the plaintiff failed to meet the injury-in-fact requirements under Article III and that any harm he may have suffered when the prescreen list was shared was “exceedingly remote and speculative.” According to the appellate court, “[i]dentifying a violation of a statutory right does not automatically equate to showing injury-in-fact for standing purposes.” Moreover, the plaintiff “had to come forward with something showing that he did not receive a firm offer, that [the prospective lender] would not have honored a firm offer, that he was affected by the lack of a firm offer, or that he suffered any actual emotional damages,” the 7th Circuit wrote, which he failed to do. The 7th Circuit also agreed with the district court that the company’s alleged reputational harm was insufficient to confer standing. The appellate court further rejected the agency’s second argument that defending the suit counted as a concrete injury, holding that the agency was attempting to “shoehorn itself into another cause of action,” and that the FCRA does not create an independent cause of action for which the agency can recover its costs.

Courts Appellate Seventh Circuit FCRA Credit Reporting Agency Standing

6th Circuit affirms dismissal of FDCPA action for lack of standing

On January 3, the U.S. Court of Appeals for the Sixth Circuit affirmed the dismissal for lack of standing of an FDCPA suit brought by a consumer who claimed that because collection letters sent to him by a law firm caused him anxiety, the firm had violated the FDCPA. According to the opinion, the consumer had two delinquent accounts with a bank, which the law firm attempted to recover by sending collection letters to the consumer. The consumer asserted that the letters the law firm sent caused him “an undue sense of anxiety” that he would be sued by the firm, and he subsequently filed a lawsuit against the firm for violating the FDCPA. The court held that the consumer did not have standing to sue under Article III of the U.S. Constitution, for three main reasons: (i) the debtor’s anxiety about a potential lawsuit amounted to a fear of future harm that was not “certainly impending” because the consumer had not alleged that the law firm had threatened to sue him or that he refused to pay, and, therefore, his anxiety did not satisfy the injury-in-fact element for Article III standing; (ii) the consumer was “anxious about the consequences of his decision to not pay the debts that he does not dispute he owes,” and such a “self-inflicted injury” is not a basis for standing because it was not “fairly traceable” to the law firm’s conduct, but instead reflected the consumer’s own behavior; and (iii) “even assuming [the law firm” violated the statute by misrepresenting that an attorney had reviewed [the consumer’s] debts,” that violation did not cause any injury to the consumer because the consumer gave the court “no reason to believe he did not owe the debts,” and, therefore, he could not show that the law firm’s alleged procedural violation of the FDCPA, by itself, was an “injury in fact.” Because the court held that the consumer did not have standing, it affirmed the lower court’s dismissal of the action.

Courts Appellate FDCPA Debt Collection Credit Reporting Agency Sixth Circuit Standing