The U.S. Supreme Court's 2016 holding in Spokeo v. Robins that a technical violation of a statute is insufficient to establish Article III standing does not preclude a suit over a potential disclosure of information by barcodes on debt collection letters, a federal judge in Newark has ruled.
In Stever v. Harrison, a collection lawyer's mail to debtors was sent in envelopes with transparent windows that revealed a barcode. The plaintiffs assert that popular and free smartphone applications allow the barcodes to be read by anyone, which would reveal the account number assigned by defendants to the recipient. But the plaintiffs presented no evidence suggesting anyone ever read the bar codes.
The violation of a procedural right under the Fair Debt Collection Practices Act was sufficient to constitute injury in fact, and the plaintiff need not allege any harm other than the one Congress identified when it passed the act, U.S. District Chief Judge Jose Linares of the District of New Jersey ruled, denying the defendants' motion to dismiss.
The case claims Denville debt collection attorney Michael Harrison violated the FDCPA with letters sent out to collect medical debts. By failing to conceal the bar codes, Harrison, who was named as a defendant along with his firm, Michael S. Harrison LLC, recklessly made debtors' information available to the public, violating an FDCPA provision barring use of "any language or symbol, other than a debt collector's address, on any envelope when communicating with a consumer by use of the mails," according to the plaintiffs.
The defendants, relying on Spokeo, argued that the plaintiffs "have not been harmed in any concrete or particularized way and their allegations that the bar code contained 'personal identifying information' does not meet the burden to confer Article III standing."
But Linares noted that in Spokeo, the Supreme Court held that a concrete injury need not be a tangible one. The justices reiterated in that case that Congress may "elevate to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate at law," Linares said. He cited the court's holding in that case that "the violation of a procedural right granted by statute can be sufficient in some circumstances to constitute injury in fact. In other words, a plaintiff in such a case need not allege any additional harm beyond the one Congress has identified."
The U.S. Court of Appeals for the Third Circuit has not addressed the issue of what makes an injury in fact under the FDCPA since Spokeo, Linares said. But he said the court's January 2017 ruling In re Horizon Healthcare Services Data Breach Litigation, which analyzed standing under the Fair Credit Reporting Act, was "highly instructive." In that case, which concerned the theft of two laptop computers containing sensitive personal information from a health insurance company, the appeals court reversed a district court judge's finding that plaintiffs failed to plead a cognizable injury.