Tomorrow, the Supreme Court will hear argument in United States v. Bormes, a case that apparently has not captured the attention of most class action practitioners. That’s understandable: The question presented (pdf) is “whether the Little Tucker Act, 28 U.S.C. § 1346(a)(2), waives the sovereign immunity of the United States with respect to damages actions for violations of the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.” But the impetus for the federal government’s request for immunity—the enormous liability generated by aggregating statutory damages in a FCRA class action—is one that routinely affects businesses targeted by similar class actions. Businesses therefore should stay tuned to see what, if anything, the Court might say about the concerns that result from piling up large amounts of potential statutory damages in class actions.
The lawsuit in Bormes is just one in a trend of class actions under the Fair and Accurate Credit Transactions Act (FACTA) amendments to FCRA. Those amendments prohibit a “person” who “accepts credit cards or debit cards” from “print[ing] more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction.” 15 U.S.C. § 1681c(g)(1). After Chicago attorney James Bormes e-filed a lawsuit in federal court and paid the filing fee online with his credit card, the pay.gov website displayed a confirmation web page and sent him an e-mail, both of which showed the expiration date for his credit card. He then filed a class action against the federal government, contending that the confirmation page and e-mail constitute “receipt[s]” in violation of FACTA, entitling him and a class of ECF users to statutory damages of up to $1,000 per violation, plus punitive damages and attorneys’ fees. Given the high volume of transactions processed in this manner, the government faces massive potential liability from the lawsuit—“billions of dollars,” according to the government’s reply brief.
In my view, the claims in Bormes are weak. The point of FACTA is to prevent identity theft by discouraging businesses from printing sensitive information on receipts that criminals might retrieve from trash cans. Unsurprisingly, a number of courts have held that online and e-mail confirmations of Internet transactions are not “print[ed] . . . receipt[s]” regulated by FACTA. See, e.g., Shlahtichman v. 1-800 Contacts, Inc., 615 F.3d 794 (7th Cir. 2010).
Nonetheless, the lure of FACTA to certain segments of the class-action bar has been irresistible. If the plaintiff can threaten the business with liability of $1,000 for almost every transaction it has conducted—a total that may bankrupt the company several times over—the plaintiff might be able to strong-arm the business into a settlement.
The federal government opted to respond to the lawsuit in Bormes by pulling the sovereign-immunity ripcord, emphasizing that Congress could not have intended the “enormous impact” on the “federal Treasury” that such FACTA lawsuits threaten to create. But private businesses do not enjoy the luxury of governmental immunity. Instead, they can move to dismiss the lawsuit for failure to state a claim and try to obtain protection from the extortionate nature of the aggregation of statutory damages by moving to strike the class allegations. My colleagues John Nadolenco, Archis Parasharami, and Joey Minta have written an article arguing that courts should refuse to certify class actions when a lawsuit involves claims for statutory damages (pdf). As they discuss, when Congress enacts statutes that provide for statutory damages, the idea is to encourage individual litigants to file claims, not to create the potential for massive—potentially bankrupting—liability through the use of the class-action device. That is especially so when—as in most FACTA cases—neither the named plaintiff nor most (if any) absent class members have suffered from identity theft or any other concrete injury.