As courts continue to grapple with close calls on standing following the U.S. Supreme Court’s seminal decision in Spokeo v. Robins, another court has given defendants a win for intangible injuries and risk of future harm.  On June 6, the District of New Jersey dismissed – for the second time – a putative class action lodged against J. Crew for a technical violation of the Fair and Accurate Credit Transactions Act (“FACTA”) because the alleged damages were too speculative to establish Article III standing.  In Kamal v. J. Crew, et al., 2017 WL 2443062 (D.N.J. June 6, 2017), U.S. District Judge William Martini granted J. Crew’s motion to dismiss plaintiff Ahmed Kamal’s Second Amended Complaint alleging the retailer printed too many credit card digits on receipts because – pursuant to Spokeo and a 2017 Third Circuit decision applying Spokeo – plaintiff failed to allege a sufficiently concrete injury.

Plaintiff alleged that J. Crew wilfully violated FACTA by printing the first six and last four digits of plaintiff’s credit card number on receipts, as FACTA directs that businesses shall not “print more than the last 5 digits of the card number.” As described by Judge Martini, the Complaint’s allegations boiled down to two distinct injuries: (1) disclosure of information considered “intrinsically private” by law; and (2) increased risk of future credit card fraud or identity theft.  Ultimately, though, neither injury was a “concrete” harm, and thus plaintiff failed to establish constitutional standing, leading to the dismissal.
Continue Reading J. Crew Credit Card Digit Class Action Dismissed Again Because of Overly Speculative Identity Theft, Fraud Risks

In data breach class actions, standing is often the major obstacle, and has taken on renewed focus following the U.S. Supreme Court’s ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016). See, e.g., Federal Court Finds Intangible Harm Caused by Robocalls Sufficient for Post-Spokeo Standing in TCPA Claim Alleging Privacy Invasion, Technology Law Dispatch (July 6, 2016); Wisconsin Federal Court Finds Spokeo Spells the End for Consumer Privacy Class Action, Technology Law Dispatch (June 21, 2016).  However, as a recent decision from the U.S. District Court for the Northern District of Illinois indicates, prevailing on standing is just one battle, but is far from winning the war.  Earlier this week, Barnes & Noble escaped a data breach class action after the court found plaintiffs cleared the standing hurdle but could not survive the retailer’s motion to dismiss because of a lack of out-of-pocket damages.
Continue Reading Despite Plaintiffs Satisfying Standing Requirements, Barnes & Noble Closes the Book on Data Breach Class Action

This post was also written by Amy J. Greer and Frederick C. Leech.

On February 28, 2012, the Securities and Exchange Commission (SEC) and the Commodity Future Trading Commission (CFTC) issued a proposed regulation, Regulation S-ID. This regulation, if adopted, would set forth specific guidance for SEC and CFTC-regulated entities in implementing their internal