Supreme Court Shelters U.S. Federal Gov’t Violations of Credit Card Privacy Laws: Do As I Say, Not As I Do
In its first opinion of the new term, the U.S. Supreme Court has ruled against a class action brought against the federal government for violating privacy / identity theft protection laws by printing credit card numbers and expiration dates on receipts, determining that the federal government is not liable for violations of the Fair Credit Reporting Act.
The matter originated when the lead plaintiff (and lawyer) James X. Bormes, a Chicago lawyer, paid for a court filing fee using his American Express credit card, in the amount of $350. In his lawsuit, he asserted that the receipts contained the credit card’s expiration date, which violate provisions of the Fair Credit Reporting Act. Bormes brought a class action lawsuit alleging that the federal government violated FCRA. Borma asserted that the federal government did not have governmental immunity from the suit based on the Little Tucker Act, which purportedly provided the government’s consent to be sued in FCRA cases.
FCRA prohibits the showing of more than the last five digits of a card number or the expiration date on a credit card or debit card receipt, and defines a person liable under the act as “any individual, partnership, corporation, trust, estate, cooperative, association, government or governmental subdivision or agency.”
Initially, the class action was dismissed by the Northern Illinois federal court, which ruled that the federal government did not waive its immunity to be sued under FCRA. The U.S. Court of Appeals, however, reversed that ruling, and the U.S. Supreme Court granted the petition to review the case.
Authored by Justice Antonin Scalia, the Supreme Court rejected Bormes’ case, arguing that FCRA alone could determine whether it applied to the federal government, not the Little Tucker Act. The Supreme Court’s position was not surprising, given that the federal government is the nation’s largest creditor, lender, and employer. The federal government would have been responsible for “massive liability,” the U.S. government’s lawyers wrote in their filings, if Bormes’ case were successful.
Although the Supreme Court determined that Bormes’ case did not have merit based on the Little Tucker Act, they returned the case back to the Seventh Circuit Court of Appeals in Chicago, to determine whether FCRA cases can be brought against the federal government.
The ruling appears to be a big blow to consumer privacy considerations, because FCRA clearly says it applies to any “government” or “governmental subdivision or agency.” Despite this definition being included in its provisions, the U.S. Supreme Court still ruled that FCRA did not apply to the U.S. federal government. It is not only the U.S. government alone that could be affected, but the multitude of govenment contractors and quasi-governmental bodies that handle governmental functions throughout the nation, given that a significant portion of the U.S. government’s functions are actually performed by non-governmental entities and contractors. Although it is not surprising that the U.S. Supreme Court would rule in favor of the federal government and against consumers, the Bormes decision could pave the way for deeper blows to consumer privacy and identity theft concerns.