Tim Hull reports the latest on a lawsuit that stemmed from a case involving a stolen laptop in 2008:
Starbucks employees whose personal information was stolen with a company laptop can sue the coffee kahuna for negligence, the 9th Circuit ruled Tuesday.
About 97,000 current and former Starbucks employees were exposed to identity theft in 2008 when an unknown thief stole a laptop that contained their unencrypted names, addresses and social security numbers. Starbucks informed its employees of the theft and provided free credit-watch services to the affected employees.
[…]
None of the plaintiffs claimed that they had lost any money or been the victim of a successful identity theft.
A district court dismissed the complaints, finding that the employees had failed to show an injury under Washington law though did have federal standing.
The federal appellate panel in Seattle agreed, finding sufficient evidence to show that the employees had been harmed by the theft, even though their claims were somewhat hypothetical.
“Here, plaintiffs-appellants have alleged a credible threat of real and immediate harm stemming from the theft of a laptop containing their unencrypted personal data,” Judge Milan Smith wrote for the court. “Were plaintiffs-appellants’ allegations more conjectural or hypothetical – for example, if no laptop had been stolen, and plaintiffs had sued based on the risk that it would be stolen at some point in the future – we would find the threat far less credible.”
Read more on Courthouse News. The court’s opinion can be found on the Ninth Circuit’s site.
Previous coverage on this site.
This is big, as it’s the first case I can think of where plaintiffs did not demonstrate any financial harm and are talking about other kinds of harm/injury. Of course, the fact that they can proceed with the lawsuit doesn’t mean that they’ll prevail, but it’s still pretty amazing that they got this decision.
Update: I was so excited reading parts of the decision that I totally missed the fact that the court said they affirmed the dismissal of the state level claims. In a separate memorandum, the court explained why it affirmed the dismissal of the state-level claims. It’s not clear to me what would happen if the customers/plaintiffs had fully argued/briefed on the issue of anxiety as harm/injury, but I guess that argument will have to wait for another case.