In Identity Theft Cases, Plaintiffs Must Show Evidence of Actual Injury

A ruling last month in a case stemming from the exposure of personal information about individuals became the latest in what is beginning to look like a string of decisions stopping putative victims of identity theft in their tracks.

The federal decision in Arkansas held that the plaintiff in what had been pled as a class action had no standing to sue. Plaintiff April Bell had sued Acxiom Corporation after an Acxiom client found a hole in the company’s security system and downloaded databases of personal information owned by the company’s other clients. The hacker then sold some of the information to a marketing company which then used the information for direct mail advertising. He was later caught and convicted.

The plaintiff said she alleged she was at a higher risk of receiving junk mail and of being an identity theft victim.

The court noted that in order to have standing to sue, a plaintiff must meet several requirements, one of which is to establish that she has suffered an actual injury. The ruling held that April Bell had not met that standard. “Assertions of potential future injury do not satisfy the injury-in-fact test. A threatened injury must be certainly impending to constitute injury in fact.”

The judge noted that Bell had not asserted that she had actually received a single marketing mailer, nor had her identity been “stolen.” It also noted that several courts have ruled that receipt of unsolicited and unwanted mail does not constitute actual harm. In fact, plaintiff did not even know whether her name and information were contained in the databases that had been compromised by the hacker. Her case was dismissed.

Several other cases stemming from personal information exposures were tossed by courts during the past year. The Acxiom court cited Walters v. DHL Express from Illinois, Guin V. Brazos Higher Education Service Corp., Inc. from Minnesota and Stollenwerk v. Tri-West Healthcare Alliance from Arizona.

To read more about this and other similar cases, see Class action suit over ID theft tossed out and Police blotter: Wells Fargo not required to encrypt data .