Consumer Finance Law Blog : Consumer Finance Lawyer & Attorney : Kelley Drye & Warren Law Firm : Financial Privacy & Security

The Southern District of New York, recently, in Hammond v. The Bank of New York Mellon Corp., No. 08-6060, 2010 WL 2643307 (S.D.N.Y. June 25, 2010) joined other courts from around the country in holding that plaintiffs who bring claims based on the risk of identity theft lack Article III standing. In each case, including the 26 cases cited in Hammond, the plaintiffs’ claims were dismissed, either on a motion to dismiss or summary judgment.

In Hammond, the plaintiffs, after being notified that their personal information, contained on unencrypted back up tapes, had been “lost” while being transported by a third party, brought a putative class action asserting claims for breach of implied contract, breach of fiduciary duty, negligence, and violation of state consumer protection laws. Three of the seven named plaintiffs alleged that they actually had suffered “unauthorized credit transactions” after the tapes were lost, although they ultimately conceded that the charges were either reimbursed or unrelated to the tape loss. Bank of New York’s original motion to dismiss was denied. It then moved for summary judgment based on a lack of Article III standing and argued that the alleged emotional distress or increased risk of harm did not constitute legally cognizable harm.

Discovery in the case, particularly plaintiffs’ deposition testimony, demonstrated that the plaintiffs did not suffer any damages.  The court, recognizing the apparent inconsistencies in its decisions on defendant’s motion to dismiss and plaintiffs’ motion for summary judgment, held that a finding that Article III standing exists at the motion to dismiss stage does not necessarily mean that it will be present at summary judgment.

Hammond is the latest in a long line of cases holding that the risk of identity theft is not a cognizable injury.  Thus, dismissal in these cases is not an issue of “if,” but of “when.” 

Click here to view previous posts on these and other related issues. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In Andrews v. Equifax Information Services LLC, No.: C-08-0817, 2010 U.S. Dist. Lexis 38020 (W.D. Wash. Mar. 30, 2010), plaintiff filed suit against Equifax after it allegedly “mixed up” her information with that of another individual of the same name and disseminated that information to third parties. Plaintiff alleges that this “mix up” was caused by Equifax’s failure to follow reasonable procedures to ensure maximum possible accuracy of the information it reported as well as its failure to re-investigate her disputes, both of which are required by FCRA.

FCRA requires claims to be brought within two years after the plaintiff discovers the violation or within five years after the date the violation occurs. Invoking the former provision, Equifax argued that it was entitled to dismissal because the plaintiff had discovered the alleged violations more than two-years before she filed suit in May 2008. Equifax cited record evidence that plaintiff had called in 2004 and 2005 to dispute information in her credit file that she believed was inaccurate. Equifax contended further that it sent plaintiff the results of its investigation into her disputes on three occasions, the last of which was in late November 2005. According to Equifax, because these results contained the inaccurate information forming the basis of her FCRA allegations, plaintiff had discovered the violation more than two years before filing suit.

The Western District of Washington denied the motion, rejecting the argument that plaintiff’s knowledge of inaccurate information in her credit report put her on notice of Equifax’s alleged FCRA violation. “FCRA is not a strict liability statute,” said the court. Indeed, a credit reporting agency can escape liability under FCRA for an inaccurate credit report as long as it shows it followed reasonable procedures in generating it. Therefore, inaccurate information in a credit report, standing alone, cannot violate FCRA. According to the court, to obtain dismissal, Equifax had to show something more. Specifically, it had to produce sufficient evidence tying the investigation reports it provided to the plaintiff with plaintiff’s discovery of the precise violations alleged in the lawsuit. This, according to the court, it failed to do.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

President Obama will soon sign the final Wall Street Reform and Consumer Protection Act, which the Senate passed last week. However, in many ways, the battle over financial reform has just begun. While the law makes broad and comprehensive changes to the nation’s financial system regulatory structure, many more details will be added in the months and years ahead as the reorganized regulatory structure takes shape, the revamped regulatory processes established by the bill unfold, and the numerous studies mandated by the bill are conducted.

Many of the regulatory details expected will emanate from the newly created Consumer Financial Protection Bureau. The Bureau will have independent authority but will be housed within the Federal Reserve system. It will serve as the primary regulator of financial products that reach consumers. Time magazine lists six consumer financial issues the Bureau could address first, including student loans, credit scores, and certain mortgages. However, there will be strong differing opinions on how, when, and in what areas the Bureau should focus its attention.

But before the Bureau can even begin to act, it needs to be created, staffed, and organized. The individual chosen to lead the Bureau out of the gate will have the opportunity to vastly influence the organization, culture, direction, scope and strength of the new regulator. The Washington Post reported today, following similar earlier reports, that Elizabeth Warren has emerged as an early leading candidate for the position. Ms. Warren is a professor at Harvard Law School and chairs the oversight panel created by Congress to monitor the Troubled Asset Relief Program. Consumer protection groups already are strongly supporting her nomination. Others fear, however, that Ms. Warren does not have the organizational experience to lead the newly-created office. Among others with greater institutional experience purportedly being considered for the position are current Assistant Treasury Secretary Michael Barr, and Eugene Kimmelman, a deputy assistant attorney general in the Justice Department's Antitrust Division and former lobbyist for Consumers Union.

Appointment of any of these candidates would send a clear message from the Obama administration that it intends to fully pursue the goal of an active consumer protection regulator. Financial service providers will have an opportunity to voice their concerns and opposition through the Senate confirmation process.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On June 29, a group of 49 individual airline ticket purchasers filed suit to enjoin the proposed merger between Continental Airlines, Inc. and United Air Lines Inc., alleging that the deal would harm competition in the airline industry. The suit claims that the companies’ CEOs held “secret and private meetings” at which they discussed potential increases in prices and fares, charging of fees for previously free services, eliminating or curtailing services, and reducing the frequency of flights and number of available seats. The complaint claims that the merger, which would combine the third and fourth largest domestic carriers, will create a monopoly in ten U.S. airports, leave just two competitors in 120 U.S. airports, and create more concentrated markets in Washington, D.C., San Diego, Seattle, and New Orleans.

The deal is currently under review by the U.S. Department of Justice Antitrust Division, which in May announced that “it would go over the merger with a fine-tooth comb to make sure it wouldn't hurt competition.” The deal has also drawn scrutiny from Congress. In June, the U.S. House of Representatives held hearings regarding the merger’s potential effect on competition. United States Representative James Oberstar (D. Minn.), chairman of the Transportation Committee, opined that the merger would harm competition, and noted that he would “explore legislation to stiffen regulation if the deal is approved.” The Consumer Travel Alliance testified that the merger would create a market with just three dominant airlines, which would be “a consumer nightmare.” In defense of the deal, the airlines’ CEOs expressed the view that the merger would not harm consumers because competition in the airline industry has heated up in recent years due in part to competition from new carriers such as Southwest Airlines, and since it has become easy for consumers to compare prices via online search portals like Expedia and Orbitz.

A case management conference has been set for October 14, 2010.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Updating a prior post, the Ninth Circuit, in Ruiz v. Gap, Inc., recently upheld a dismissal on summary judgment on the grounds that the mere risk of identity theft is too speculative of an injury to substantiate a cause of action based on negligence. See Ruiz v. Gap, Inc., No. 09-15971, 2010 WL 2170993 (9th Cir. May 28, 2010)

As background, Plaintiff, Mr. Joel Ruiz, submitted an online job application to work in a Gap store. As part of the application, Ruiz provided his social security number. Gap later disclosed that laptops were stolen from Vangent, the vendor with whom Gap had contracted for recruiting purposes. The laptops contained Ruiz’s unencrypted personal information, along with the information of nearly 800,000 other Gap job applicants.

Ruiz filed a putative class action alleging, among other things, negligence and violation of California Civil Code § 1798.85. Ruiz later amended his complaint to bring a breach of contract claim against Vangent. As discussed in a prior post, the court previously denied a motion to dismiss on the negligence claim. However, defendants were granted summary judgment on the negligence claim after discovery had done little to cure its speculative nature. See Ruiz v. Gap, Inc., 622 F. Supp. 2d 908 (N.D. Cal. 2009). The court held that an increased risk of identity theft did not constitute “the level of appreciable harm necessary to assert a negligence claim under California law.” Id. at 913.

In the opinion, the Ninth Circuit held that while the increased risk of identity theft created sufficient concern to grant plaintiff Article III standing, the alleged injury was still too speculative to sustain a negligence claim under California law. See Ruiz v. Gap, Inc., No. 09-15971, 2010 WL 2170993, at *1 (9th Cir. May 28, 2010). “It is fundamental that a negligent act is not accountable unless it results in injury to another.” Id. Notably, the court refrained from answering whether money spent on credit monitoring, as the result of personal information theft, supported a negligence claim. Id. However, the court included a footnote citing authority in favor of awarding medical monitoring costs, thus suggesting that it might be inclined to draw a parallel between these issues in the future. Id. at n1.

• Email This
• Print
• Comments
• Trackbacks
• Share Link