Supreme Court Rejection of CareFirst Review Prolongs Data Breach Standing Circuit Split
February 22, 2018On Feb. 21, the U.S. Supreme Court declined to grant certiorari in CareFirst, Inc. v. Attias, No. 17-641, in which the U.S. Court of Appeals for the District of Columbia Circuit held that data breach victims could—at the pleading stage—establish standing to sue under Article III of the U.S. Constitution based solely on the risk of future identity theft. Last month, the Court denied review in a similar data security case from the Ninth Circuit, Robins v. Spokeo, Inc., 867 F.3d 1108 (9th Cir. 2017), which found that, as a matter of pleading, the “concrete injury”requirement for standing could potentially be satisfied based on a future injury related to false background information published by a website.
To continue reading Craig Newman and Jonathan Hatch's article from Bloomberg BNA’s Privacy and Security Law Report, please click here.