Daniel Kagan of Murtha Cullina cuts to the chase:
On February 16, 2018, the U.S. Supreme Court denied certiorari to review CareFirst’s appeal of the U.S. Court of Appeals, D.C. Circuit’s decision in Attias v. Carefirst, Inc., 865 F.3d 620 (D.C. Cir. 2017). The D.C. Circuit held that the threat of harm from a data breach is enough to satisfy the “injury in fact” standing requirement. Other circuit courts of appeal have reached the opposite conclusion. Unfortunately, the U.S. Supreme Court will not be addressing that circuit split this session. See our previous entry on the CareFirst case.
Kristin Ann Shepard of Carlton Fields has a bit more to say:
….. In the absence of Supreme Court guidance on this issue, we anticipate that district courts within the District of Columbia, Sixth, and Seventh Circuits – which have ruled favorably for plaintiffs on the standing issue – will emerge as the forums of choice for data breach class actions. By contrast, defendants will likely seek to consolidate data breach class actions in the district courts within the Eighth and Fourth Circuits, which have taken a narrower approach.
Does the denial of certiorari indicate a reluctance by the Court to weigh in on other thorny standing issues? As we previously reported, the Supreme Court recently denied a petition for writ of certiorari in Spokeo II, which asked the Court to resolve a circuit split over whether intangible harm to a statutorily-protected interest constitutes injury in fact even when a plaintiff cannot allege “real-world” harm or the imminent risk thereof. Until the Supreme Court addresses these questions, expect confusion rather than clarity to govern key standing issues in the class action context.
Is the Supreme Court’s refusal to hear these cases perhaps its way of saying that maybe Congress should try to use a legislative approach? If so, let me just point at our dysfunctional Congress and laugh hysterically at their naive hope.