Cyber security, data security, and electronic privacy protection are hot topics these days. The law in this area is rapidly developing, and keeping up with the best practices to protect your electronic information and complying with legal requirements can seem daunting.
The Federal Trade Commission (FTC) appears poised to continue as the lead agency in enforcement of privacy and data security, but the Federal Communications Commission (FCC) is also beginning to take an active role. And, if the threat of administrative enforcement was not enough, several consumer-initiated actions are set to make waves in data security law.
The U.S. Supreme Court is expected to issue a decision in the first half of 2016 in Spokeo v. Robins, addressing whether consumers can sue companies such as Spokeo Inc., a personal information aggregating website, for violations of the Fair Credit Reporting Act (FCRA) and similar statutes without alleging specific damages. In that case, a consumer named Thomas Robins sued the self-proclaimed “people search engine” for alleged violations of the FCRA because it posted inaccurate information about his financial situation, which he claims harmed his employment prospects. Spokeo argued that the case should be dismissed because Robins did not prove that the publication of inaccurate personal information in violation of the Fair Credit Reporting Act was an injury-in-fact sufficient to confer standing under Article III. The Ninth Circuit sided with Robins and found that Spokeo’s alleged violation of the FCRA amounted to an injury.
Although the case involves primarily the FCRA, a statute all employers should be familiar with, it is anticipated that the Supreme Court’s decision could have significant impact on the overall ability of consumers to maintain actions, including class actions, where the plaintiffs have not suffered actual damages.