Privacy & Information Security Law Blog

On August 3, 2015, Neiman Marcus requested en banc review of the Seventh Circuit’s recent decision in Remijas v. Neiman Marcus Group, LLC, No. 14-3122. As we previously reported, the Seventh Circuit found that members of a putative class alleged sufficient facts to establish standing to sue Neiman Marcus following a 2013 data breach. During that breach, hackers gained access to customers’ credit and debit card information.

In its petition for rehearing en banc, Neiman Marcus argued that the panel’s use of an “objectively reasonable likelihood” of future injury was rejected by Clapper v. Amnesty Int’l USA 133 S. Ct. 1138 (2013), which required potential future injuries to be “certainly impending.”

Neiman Marcus also contended that the panel relied on speculation and conjecture rather than concrete factual allegations to assess injury. It emphasized that the plaintiffs had been fully re-reimbursed for fraudulent charges and, according to Neiman Marcus, the cost of mitigating future harm does not satisfy standing unless that future harm is imminent, as stated under Clapper.

In the Neiman Marcus data breach, only credit card information was compromised. Neiman Marcus argued that the likelihood of identity theft is significantly lower when card information is the only information compromised. In contrast, the likelihood of identity theft may be higher when names, addresses, log-in information, and Social Security numbers are compromised.

As Neiman Marcus noted, there is now a circuit split on whether the risk of future fraud and identity theft, or their associated mitigation costs, confer standing. In a pre-Clapper decision, Reilly v. Ceridian Corp., 644 F.3d 38 (3d Cir. 2011), the Third Circuit ruled that the risk of future harm does not establish standing where hackers gained access to names, addresses, Social Security numbers, dates of birth, and bank account information.

According to The Practitioner’s Handbook for Appeals to the United States Court of Appeals for the Seventh Circuit at 161, “it is more likely to have a petition for writ of certiorari granted by the Supreme Court than to have a request for en banc consideration granted.”