Technical FACTA Violation Insufficient to Confer Standing

A federal court in Texas cut short a putative class action alleging violation of the truncation requirement under the Fair and Accurate Credit Transactions Act (FACTA), sending a clear message to plaintiffs that minor inconvenience flowing from a procedural violation of FACTA does not establish standing. This decision comes as more good news to the defense bar, as it joins a growing list of cases extending the U.S. Supreme Court’s watershed Spokeo decision to cases brought under FACTA.

The plaintiff sued Houston-based restaurant company Luby’s, Inc. after twice purchasing meals using his debit card and receiving computer-generated receipts displaying more than the last five digits of his card number. FACTA provides that “no person that accepts credit cards or debit cards for the transaction of business shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of sale or transaction.” 15 U.S.C. § 1681c(g)(1). Thus, the plaintiff alleged a clear violation of the statute.

But that isn’t enough, the court held, granting the defendant’s motion to dismiss for lack of subject matter jurisdiction and rejecting the plaintiff’s argument that simply alleging a statutory violation is sufficient to confer standing. “The Fifth Circuit has not had the occasion to consider the question of standing in a case involving a FACTA violation,” the court noted. “The U.S. Supreme Court’s holding in Spokeo, Inc. v. Robins, however, is instructive and does not support the plaintiff’s position,” reasoned U.S. District Judge Kenneth M. Hoyt.

Under Spokeo, a plaintiff must show an actual injury flowing from the statutory violation in question. That injury must be “concrete and particularized” and “actual or imminent, not conjectural or hypothetical.” As a consequence of receiving the offending receipts from Luby’s, the plaintiff alleged that he had to check his bank statements and credit report to ensure that he was not the victim of identity theft. Further, he argued that the defendant’s statutory violation “wrongfully placed a burden on [him] to make sure the receipts were either destroyed or secured.”

The court made short work of these allegations, holding that such inconveniences do not rise to the level of actual injury. Further, because it was undisputed that the plaintiff discovered the violation immediately and the receipts remained in his possession, there was no impending risk of harm. So the court sent the plaintiff packing pursuant to Fed. R. Civ. P. 12(b)(1) — and gave the defense bar an additional arrow in their 12(b)(1) quiver.

About The Author

Matt has counseled clients on the evaluation of data privacy risks, responses and solutions, and he serves as a breach coach, providing analysis and advice to address data breach events, including forensics, notification pursuant to federal and state laws, credit monitoring, and public relations issues. In addition to breach response, Matt has counseled insurers on the underwriting of cyber/tech policies.

Tagged with: , , , , ,
Posted in Litigation, Privacy
About Cyber Law Monitor
In the new digital world, individuals and businesses are almost entirely dependent on computer technology and electronic communications to function on a daily basis. Although the power of modern technology is a source of opportunity and inspiration—it also poses huge challenges, from protecting privacy and securing proprietary data to adhering to fast-changing statutory and regulatory requirements. The Cyber Law Monitor blog covers privacy, data security, technology, and cyber space. It tracks major legal and policy developments and provides analysis of current events.
Subscribe For Updates

cyberlawmonitor

Cozen O’Connor Blogs