The six-year fight over the type of harm a plaintiff must allege to satisfy the “injury in fact” requirement for lawsuits alleging false reporting of credit information took its latest turn this week. On Tuesday, August 15, 2017, the U.S. Court of Appeals for the Ninth Circuit, on remand from the United States Supreme Court, issued its opinion- hyperlink to the opinion] in Spokeo, Inc. v. Robins, a highly-watched case challenging whether a plaintiff can satisfy Article III standing based solely on a technical violation of the Fair Credit Reporting Act. Plaintiff Thomas Robins brought a putative class action for willful violations of the FCRA against Spokeo, Inc., a company that generates profiles about people based on publicly available data. Among other things, Robins averred that Spokeo published an allegedly inaccurate profile about him on its website and therefore harmed his employment prospects at a time when he was out of work. The Ninth Circuit’s three-judge panel held that the publication of materially inaccurate information about Robins sufficed as concrete injury for purposes of Article III standing, even without specific allegations of tangible harm from that publication.
On Monday, May 16, 2016, the Supreme Court of the United States issued its highly anticipated opinion in Spokeo, Inc. v. Robins, a case that examined the question of whether a plaintiff who sued for a technical violation of the Fair Credit Reporting Act could maintain Article III standing for a class action without claiming any real-world injury. The case before the Court involved a putative class action brought against petitioner Spokeo, Inc., a company that generates profiles about people based on information obtained though computerized searches. Respondent Thomas Robins was one of the people with a profile on Spokeo’s website. According to Robins, the information on that profile was inaccurate. Robins filed a class-action complaint against Spokeo in federal court, alleging violations of the FCRA, which requires consumer reporting agencies to “follow reasonable procedures to assure maximum possible accuracy of” consumer reports. The Ninth Circuit held that by alleging the violation of a statutory right Robins had satisfied the injury-in-fact requirement of Article III standing.
On Wednesday, January 5, the FTC released a report titled “Big Data: A Tool for Inclusion or Exclusion?” The Report addresses the effects of the growing use of big data analytics on low-income and underserved populations, and the FTC’s role in monitoring and regulating the impacts of this commercial use of big data. There are two high-level takeaways from the Report: First, big data is a powerful tool that can be used to include or to exclude. Used responsibly, it can be a key to unlocking opportunities for underprivileged and underserved classes; but, when used with disregard for its effects, big data can serve to shut the underprivileged and underserved out of those same opportunities. Second, the FTC will be the cop on the beat. The Report’s emphasis on the tools at the FTC’s disposal for regulating the use of big data analytics, signals that the FTC intends to make use of its enforcement powers where it can.
Last week, the Supreme Court granted certiorari in Spokeo, Inc. v. Robins, a case that may significantly impact the ability of plaintiffs to sue in federal court based solely on an alleged infringement of statutory rights. Plaintiffs often allege violation of statutory rights in privacy cases where standing for common law causes of action has proven more difficult to demonstrate and dismissal more frequent. A ruling from Supreme Court could upend this strategy, forcing plaintiffs to allege more than just a statutory injury across all their claims.
As part of its 2014 Spring Privacy Series, the Federal Trade Commission in March held a seminar to examine alternative scoring products and the possible benefits and risks of their growing use. During the seminar, FTC attorneys Katherine Armstrong and Andrea Arias of the Division of Privacy and Identity Protection moderated a panel discussion between various stakeholders that included public interest groups, the data industry, and academics.
On Monday, a federal district court dismissed two related putative class action suits filed against Nationwide Mutual Insurance Company following a data breach at Nationwide in October 2012 that affected over 1 million individuals. The opinion shows that courts remain skeptical of plaintiffs’ ability to show any real injury from the fact that their personally identifiable information was compromised without some additional evidence of concrete harm such as identity fraud. The opinion also sheds important light on the ability of plaintiffs to overcome this standing barrier by alleging that their injury derives from the violation of a federal statute.
In its first enforcement action under the Fair Credit Reporting Act (“FCRA”) about the sale of data compiled from publicly available online sources in the context of employment screening, the Federal Trade Commission (“FTC”) announced yesterday that it had entered into a $800,000 settlement with an online data broker, Spokeo, for allegedly marketing consumer profiles to employers and recruiters without complying with the requirements of FCRA. In addition, the FTC settled charges that Spokeo violated Section 5 of the FTC Act by posting surreptitious endorsements of its services under the names of others.
The FTC Red Flags Rules were not specific to the securities industry and there was some confusion as to which entities were subject to their requirements. This blog entry describes proposed rulesto applyRed Flag rules to certain broker-dealers, investment companies, investment advisers, futures commission merchants, commodity pool operators, introducing brokers, and other SEC- and CFTC-regulated entities
In the report issued by the FTC yesterday, the FTC calls on Congress to consider enacting targeted legislation to provide greater transparency for, and control over, the practices of information brokers and to allow consumers to access their data maintained by information brokers. The FTC notes that Congress could model any such legislation on a bill that the House passed during the 111th Congress, as well as similar bills introduced in the 112th Congress. These bills included some data accuracy and access provisions that were targeted specifically to information brokers. The bills are detailed in this blog entry.
On January 19, the Supreme Court decided NASA v. Nelson, a case brought by NASA contractors alleging that questions asked by the federal agency in a background check violated their constitutional right to information privacy — i.e., a constitutional privacy interest in the government “avoiding the disclosure of personal matters” recognized in a pair of 1977 cases, Whalen v. Roe and Nixon v. Administrator of General Services. At issue were questions that asked whether the contractors received “any treatment or counseling” regarding illegal drug use within the previous year (as a follow up to a question regarding whether they used, possessed, supplied or manufactured illegal drugs within that year), and questions directed toward references for information bearing on “suitability for government employment or security clearance,” including “adverse information” about an the contractor’s “honesty or trustworthiness,” “violations of the law,” “financial integrity,” “abuse of alcohol and/or drugs,” “mental or emotional stability,” “general behavior or conduct,” or “other matters.”
On October 27, the Commodity Futures Trading Commission (CFTC) issued proposed privacy and data security rules under the Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA), pursuant to the Dodd-Frank Act.
On July 1, 2010, final regulations will go into effect that impose new obligations on entities that furnish information about individuals (“data furnishers”) to consumer reporting agencies (“CRAs”) for use in reports about those individuals. These regulations require data furnishers to institute reasonable policies and procedures that (1) ensure the accuracy and integrity of furnished information and (2) allow individuals to formally dispute the correctness of certain information that is furnished about them to CRAs directly with the data furnisher.
FTC Chairman Leibowitz: “Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix the problem quickly.”
The Federal Trade Commission (FTC) announced today that it is delaying enforcement of its FACTA Red Flags Rule until June 1, 2010 “[a]t the request of Congress.”
The Personal Data Privacy and Security Act (“PDPSA”), recently reintroduced by Sen. Patrick Leahy (D-VT) and referred to the Senate Judiciary Committee proposes comprehensive federal regulation of data broker services. While enactment of the PDPSA remains uncertain, the draft legislation may presage future legislative and regulatory trends. Comprehensive Federal Regulation of “Data Brokers” Title II […]