Update (August 28, 2014): I guess we’ll see what the U.S. Court of Appeals for the Eighth Circuit has to say…
Original post (July 31, 2014): Apparently not. United States Court Judge Susan R. Nelson (D. Minn.) has thrown out a putative class action against a lock manufacturer who, it is alleged, has made and sold a few lock models that are “stupidly simple” to pick.
The issue: no standing. That is, in the Court’s view, based on recent U.S. Supreme Court precedent, the plaintiffs have suffered no injury (or “no present injury in fact for purposes of standing”). Really?
Arguably, the Court correctly followed Clapper, a recent U.S. Supreme Court case:
Where plaintiffs do not face a threat of certainly impending injury, the costs they have incurred to avoid injury are simply the product of their fear of that injury…[S]uch a fear is insufficient to create standing.
But this seems like a somewhat surprising and disappointing result. One wonders whether it would have come out the same way if the defect in the lock were even more obvious and defective.
What if the defective product was a bullet-proof vest? Would police forces have to wait until the defect resulted in tragedy before they had standing to sue the manufacturer?
Also, I wonder whether the hotel plaintiffs could not have found any evidence of any potential hotel guests who, aware of the bad locks, elected to stay elsewhere, thereby resulting in the plaintiffs’ economic damages (and resulting, then, in a “present injury”)?
The Court also analogizes to “lost data” cases and these cases do seem to carry some weight in favor of the Court’s ruling. If someone negligently lets customer’s confidential financial information escape its possession and control, many courts adopt the position, “Plaintiff, call me when or if you ever get hurt (by, for example, being the victim of identity theft). You have no standing until then.”
But there are at least a few counter-arguments to the analogy. First, “lost data” cases are different in that, in many of them, the risk is far more remote and speculative. In some of these cases, it is not even known if the data was stolen by a wrong-doer. The data just got lost. Second, the sheer size of many of these “lost data” cases or “information breach cases” where sometimes tens of millions of people’s confidential information is involved is different from the hotels’ case. The overwhelming volume of “lost data” cases weighs in favor of a narrower application of standing in those cases. And, finally, in the “bad hotel lock” scenario, the risk posed by the defendant’s allegedly defective locks is to innocent third parties (that is, hotel guests). Therefore, the plaintiff hotels are far more compelled to take costly precautionary measures (or they should be). So, while the “data breach victim” can decide for him or herself to undertake enhanced credit-monitoring steps or other kinds of I.D. theft prevention, the “hotel lock victims,” on the other hand, face potentially crippling liability to third-party claims unless they undertake immediate (and, presumably not cost-free) remedial measures.