Cases Flashcards Preview

Miner - Petitioner > Cases > Flashcards

Flashcards in Cases Deck (19)
Loading flashcards...

Clapper v. Amnesty International, 568 U.S. 398 (2013)

-No standing
-Summary judgment
-Sets standard!
-No standing because too attenuated; involved a federal statute for wiretapping overseas people who Amnesty Int'l lawyers occasionally had to speak to; required several independent actors to make sequential decisions
-Sets forward the "certainly impending" standard, but contemplated the substantial risk
-Susan B. Anthony List (2014) sets forward the substantial risk standard


In re Zappos, 888 F.3d 1020 (9th Cir. 2018)

-Found standing
-Motion to Dismiss
-Names, account numbers, phone #s, CC #s
-24 million customers
-No actual ID theft among this class; harm purely based on the breach
-"injury in fact based on a substantial risk that the Zappos hackers will commit identity fraud or identity theft"


Attias v. Carefirst, 865 F.3d 620 (D.C. Cir. 2017)

-Found standing
-Motion to dismiss
-Names, birthdates, email addresses, SSNs, CCs
-Relies on Remijas; no actual identity theft
-"A3 standing doesn't require the defendant be the most immediate cause, or even a proximate cause; just that it be fairly traceable."
-Members of the other putative class from the same breach had experienced identity theft


In re Horizon Healthcare, 846 F.3d 625 (3d Cir. 2017)

-Found standing; statutory claim under FCRA
-Facial, not factual, challenge to standing
-"FCRA: remedy for unauthorized transfer of personal information"
-At least one class member had experienced identity theft: false tax return filed, and a fraudulent CC use


Galaria v. Nationwide Mutual, 663 F. App'x 384 (6th Cir. 2016)

-Found standing
-Motion to dismiss
-Names, DOBs, marital status, gender, jobs, SSN, DL #s
-Uses "substantial risk," not "certainly impending"
-Courts applying have narrowed the decision
-No actual harm


Remijas v. Neiman Marcus, 794 F.3d 688 (7th Cir. 2015)

-Found standing
-Motion to dismiss
-Customers had incurred fraudulent charges!
-9200 of 350,000 cards were used fraudulently


Krottner v. Starbucks, 628 F.3d 1139 (9th Cir. 2010)

-Found standing
-Motion to dismiss
-Data on a stolen laptop; more clearly shows malicious intent
-Stolen but not misused—seems to be a CA9 thing


Pisciotta v. Old National Bancorp, 499 F.3d 629, 634 n.3 (7th Cir. 2007)

-Used in majority (decision in Dashon's favor) to compare data breach to toxic substances
-To distinguish, rely on ability of science to more accurately measure exposure & likelihood of actualized harm


Friends of the Earth v. Gaston Copper, 204 F.3d 149, 160 (4th Cir. 2000)

-Also used to compare to environmental harm
-Distinguish using ability of science to more accurately measure likelihood of harm
-Also rely on the fact that we don't know the ID of the hackers, so we can't judge their malicious intent


In re OPM, 928 F.3d 42 (D.C. Cir. 2019)

-Found standing
-Motion to dismiss
-Distinguish on NatSec grounds—this was a gov't agency protecting SSNs, birthdates, addresses, fingerprints, etc. of "a staggering number" of gov't employees
-Capacity for blackmail


Resnick v. AvMed, 693 F.3d 1317 (11th Cir. 2012)

-Found standing
-Motion to dismiss
-Only used in majority for "fairly traceable"
-Traceability here was because laptops were stolen—here, data could come from a different breach


In re SuperValu, 870 F.3d 763 (8th Cir. 2017)

-Found standing despite no substantial risk of ID theft
-Motion to Dismiss
-"Crucial to the outcome" was that one plaintiff experienced a fraudulent charge shortly after shopping at a particular SuperValu location
-Notes that cases finding standing turned on the facts of each case, not on a unifying principle
-Study: of 24 largest breaches over a 6 year period, only 4 resulted in any form identity theft
-Only upheld standing for the plaintiff who *had* experienced a fraudulent charge


Whalen v. Michael's Stores, 689 F. App’x 89 (2d Cir. 2017)

-No standing
-District court refused to extend without actual charges on CCs, and 2d Cir. affirmed on de novo review
-Implied there *may* be standing if other personally identifying information was stolen


Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017)

-Refused standing with no actual ID theft or fraudulent charges
-Data included names, birthdates, last 4 of SSNs, and physical descriptors
-Data was unencrypted
-"In Galaria, Remijas, and Pisciotta, the data thief intentionally targeted the personal information compromised in the data breaches." Here, it could have easily been IP
-Even if 33% of victims of a breach will become victims, 66% will not


Katz v. Pershing, 672 F.3d 64 (1st Cir. 2012)

-No standing
-Motion to Dismiss
-"This omission is fatal: because she does not identify any incident in which her data has ever been accessed by an unauthorized person, she cannot satisfy Article III's requirement of actual or impending injury."
-Increased risk that someone may access her data, and that once accessed, it may increase the risk of identity theft
-brokerage account-holder’s increased risk of unauthorized access and identity theft theory insufficient to constitute “actual or impending injury” after defendant failed to properly maintain an electronic platform containing her account information, because plaintiff failed to “identify any incident in which her data has ever been accessed by an unauthorized person”


Reilly v. Ceridian Corp, 664 F.3d 38 (3d Cir. 2011)

-No standing
-No evidence suggested past or future misuse of data; not known whether hacker read, copied, or understood the breached data
-"The present test is actuality, not hypothetical speculations concerning the possibility of future injury"
-BUT pre-Clapper/SBA List


Hutton v. National Board of Examiners in Optometry, 892 F.3d 613 (4th Cir. 2018)

-Relied on Beck, though
-Injury must be "fairly traceable," not "plausibly traceable;" that is, you must plausibly allege that the injury is fairly traceable
-In distinguishing from Beck, notes that (1) ID theft and CC fraud occurred here; and (2) false CCs open.


Public Citizen v. National Highway Traffic Safety Admin, 489 F.3d 1279, 1298 (D.C. Cir. 2007)

-Admin case; deals with tire pressure monitors
-if “‘all purely speculative increased risks [were] deemed injurious, the entire requirement of actual or imminent injury would be rendered moot, because all hypothesized, non-imminent injuries could be dressed up as increased risk of future injury.’”
-Frame as an illustration of speculative harm undermining A3


Summers v. Tice

-State law tort case
-Illustrates that multiple actors that could be causes can make it impossible to prove any one of the actors was responsible
-Case where multiple people shot towards a person, but only one actually shot him—impossible to tell who