On February 11, a federal court in Texas dismissed a putative Fair Credit Reporting Act class action filed by a former patient of health services provider St. Joseph Services Corp. who alleged that the defendant’s failure to guard against a personal data breach violated the FCRA. After reviewing the state of the law regarding standing for informational injuries and related issues of causation, the court ruled that the plaintiff lacked standing to pursue her claims under the FCRA.
In her Complaint, Plaintiff claimed that she received a fraud alert on a credit card she used at one of St. Joseph’s hospitals. She also complained of an increase in spam email both to and from her email account. She asserted that the data breach had made her more vulnerable to future fraud attempts and alleged FCRA violations, as well as various state violations. St. Joseph moved to dismiss on the basis that Plaintiff lacked the type of particularized injury necessary to give rise to standing and argued in its motion to dismiss the suit that plaintiff’s claims of actual injury were not claims of quantifiable damage or loss suffered due to the prior data breach.
The court addressed the contention that the heightened risk of future identity theft or fraud from a data breach gives legal standing to a person whose data may have been compromised. In granting the motion to dismiss, the court stated: “Having reviewed the parties’ submissions and the relevant law, the court concludes that the answer is no. [Plaintiff] has not made the requisite demonstration of injury, traceability and redressability for her alleged injuries.” The court held that “the incidents identified by Peters as evidence of actual identity theft/fraud fail to meet the causation and redressibility elements of the standing test.”
Troutman Sanders LLP has extensive experience in litigating claims under the FCRA, responding to data breaches, and handling data breach-related litigation. We will continue to monitor these developments.