Mark Rasch writes about an issue that has long plagued privacy litigation — establishing standing to sue when it is hard to show a concrete injury. I’ll skip that intro to his piece and jump to this:
The U.S. Supreme Court is currently considering a case in which credit reporting giant TransUnion improperly listed thousands of people as being on a U.S. government terrorist watch list by using a third-party service provider that simply matched these people’s names against a government list of “Specially Designated Nationals” (SDN’s) who were prohibited, by law, from engaging in financial transactions in the U.S. Thus, if your name was similar to a name on the list, your credit file was flagged as being that of a terrorist. When you applied for credit, this information would show up at the car dealership, mortgage broker, or your local Best Buy. Congress had long had a law – the Fair Credit Reporting Act – which required credit reports to be accurate, and which provided a “private right of action” – a right to sue for violations of the statute.
But who, exactly has “standing” to sue for the violations? While thousands of people had erroneous SDN information placed on their credit reports in violation of the statute, only a subset of those thousands had actually applied for credit and been denied as a result of someone seeing that bad information.
Read more on Security Boulevard.