On Friday, the Third Circuit issued a decision in In re Horizon Healthcare Services Inc. Data Breach Litigation. In that case, the plaintiffs sued after two laptops, containing sensitive personal information about them and others, were stolen from health insurer Horizon Healthcare Services, Inc. The plaintiffs alleged willful and negligent violations of the Fair Credit Reporting Act, as well as violations of state law, premised on the claim that Horizon inadequately protected their personal information. The district court dismissed the suit for lack of Article III standing. That court reasoned that none of the plaintiffs claimed a cognizable injury because, although their personal information had been stolen, none of them had adequately alleged that the information was actually used to their detriment. The Third Circuit Court of Appeals vacated and remanded the case back to the district court. It explained: “In light of the congressional decision to create a remedy for the unauthorized transfer of personal information, a violation of FCRA gives rise to an injury sufficient for Article III standing purposes. Even without evidence that the Plaintiffs’ information was in fact used improperly, the alleged disclosure of their personal information created a de facto injury. Accordingly, all of the Plaintiffs suffered a cognizable injury, and the Complaint should not have been dismissed.”
The opinion is here.