James Bogan III of Kilpatrick Townsend & Stockton LLP writes:
Takeaway: In a prior article, we reported on the Second Circuit’s decision in McMorris v. Carlos Lopez & Associates, LLC, 995 F.3d 295 (2d Cir. 2021), in which the court, ruling on an issue of first impression, set out a non-exhaustive three-factor test for determining whether allegations of injury flowing from a data breach rise to the level of a cognizable Article III injury-in-fact. See Data breach class actions: Second Circuit sets out parameters for Article III injury-in-fact (May 28, 2021). The Southern District of New York recently applied McMorris to dismiss a data breach class action in Aponte v. Northeast Radiology, P.C., No. 21 CV 5883 (VB), 2022 WL 1556043 (S.D.N.Y. May 16, 2022), while acknowledging that the decision might not have survived the Supreme Court’s ruling in TransUnion LLC v. Ramirez, 141 S. Ct. 2190 (2021), that standing may not be based on “the mere risk of future harm.”
Read more at JDSupra.