On Monday, the United States Supreme Court granted certiorari in a case that may lower the bar for plaintiffs in data-breach litigation. As reported by the Wall Street Journal, the Supreme Court is now set to determine whether a violation of federal statute—without more—is sufficient to grant a plaintiff standing to sue in federal court. As the law currently stands, data-breach plaintiffs are often susceptible to be thrown out of court at the motion to dismiss stage because, while they may be able to show that a statute or regulation was violated, they cannot show that they actually suffered any harm. (And actual harm is generally a requirement for standing under Article III of the United States Constitution.) Rather, many data-breach plaintiffs can show only the potential risk of future harm as a result of the breach.
If the Supreme Court rules in favor of the plaintiff in this case, there will likely be a significant increase in data-breach litigation. And if that happens, many companies will likely redouble their cyber-security efforts to avoid data-breaches and ensuing litigation. The stakes for United States businesses and consumers are high on this appeal, so we can expect numerous amicus filings in the next few months.
If you have any questions about this case or other data-breach issues, please contact us. You can also read about this case’s potential implications for the insurance industry by clicking here and being directed to the Miller Nash Graham & Dunn blog, The Northwest Policyholder.