The U.S. Supreme Court recently decided to hear a case brought under the Fair Credit Reporting Act (“FCRA”) to determine whether individual consumers have standing to sue a consumer reporting agency for statutory violations of the FCRA when no “actual damages” were suffered by the consumer.

The FCRA, like other privacy laws, imposes monetary damages against consumer reporting agencies for statutory violations. When Congress enacted the FCRA, it also created a private cause of action for “consumers” against “consumer reporting agencies” for statutory violations, but it did not require a consumer to allege that the violation caused any harm as a result of the violation.

The Supreme Court will likely approach the issue within the context of analyzing Congressional authority to confer Article III standing. The resolution of this separation of powers argument could have significant consequences for companies and employers covered by the FCRA and other privacy laws.

In Spokeo, Inc. v. Robins, the plaintiff consumer alleged that Spokeo, a website that aggregates personal data from public records and other online sources, failed to maintain procedures to assure the “maximum possible accuracy” of any consumer report it creates. According to the complaint, the consumer report for the plaintiff that was produced by Spokeo was not accurate and interfered with the plaintiff’s ability to obtain employment. The Ninth Circuit determined that while there may not be any consequential damages resulting from the inaccurate information, the harm to the plaintiff is inferred by the FCRA’s creation of a private cause of action for such violation.

This case could have a significant impact on class action lawsuits because those plaintiffs who may have otherwise been excluded for failing to allege actual damages would be included as class members.

Tags: Background Checks, business, decisions, employer, Fair Credit Reporting Act, FCRA, Spokeo, Supreme Court
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Read more about Jason C. Gavejian
Show more Show less
Related Posts
Online Public Records Aggregators Not Protected from FCRA Suit by Section 230
December 21, 2022
Employers Can Be Vicariously Liable for Employee Data Breaches
January 22, 2018
Supreme Court Will Not Hear Ninth Circuit Decision Regarding Willful Violations of FCRA's Disclosure Provision
December 6, 2017