Gambles v. Sterling Infosystems, Inc.
234 F. Supp. 3d 510
S.D.N.Y.2017Background
- Plaintiff Ralph Gambles applied for a mortgage-banker job (salary < $75,000). Sterling Infosystems produced a consumer background report about Gambles and furnished it to the prospective employer in January 2014.
- The Report listed 58 address entries (19 unique addresses) with overlapping, inconsistent, and duplicative “first seen”/“last seen” dates and included eight entries marked with a “HIGH RISK INDICATOR” (e.g., “hotel or motel,” “rooming or boarding house”).
- Gambles alleges many entries were inaccurate (addresses he never lived at, wrong dates, improper adverse characterizations) and some entries reported events older than seven years.
- Claims: (1) violation of 15 U.S.C. §1681c(a) (outdated adverse information), and (2) violations of 15 U.S.C. §1681e(b) (duplicative and inaccurate reporting / failure to use reasonable procedures). He seeks statutory/punitive damages and fees on behalf of putative classes.
- Sterling moved to dismiss for lack of Article III standing, arguing Gambles alleged only a statutory violation and did not plead that the employer relied on or was harmed by the challenged address information.
- The District Court denied the motion: it held Gambles alleged a concrete, particularized injury (privacy and reputational harms closely related to traditional torts and within Congress’s FCRA judgment) sufficient for standing even though the complaint did not allege the employer relied on the address errors.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether Gambles has Article III standing (injury-in-fact) to sue under FCRA for allegedly inaccurate/outdated address data in a consumer report | Gambles says the Report invaded his statutory privacy and falsely portrayed him as itinerant/unstable, causing concrete reputational/privacy harm and a material risk of harm to employment prospects | Sterling says Spokeo requires a concrete harm beyond a bare procedural/statutory violation; because Gambles did not allege the employer relied on or was harmed by the address errors, there is no concrete injury | Court held Gambles alleged sufficiently concrete and particularized injury: unauthorized disclosure of private/adverse info and misleading characterizations have a close common-law analogue and fall within Congress’s FCRA judgment; standing exists |
| Whether alleged inaccuracies are only “bare procedural violations” after Spokeo | Gambles argues Spokeo reaffirmed that intangible harms can be concrete and Congress may elevate injuries; here allegations present material risk of harm | Sterling contends Spokeo shows not all inaccuracies are concrete (e.g., incorrect ZIP code), and these address errors are similarly harmless absent adverse use | Court found the alleged inaccuracies (false, adverse, stigmatizing address characterizations; outdated adverse items) present a material risk of harm and mirror traditional privacy/defamation harms, so they are not merely bare procedural violations |
| Whether Congress intended FCRA provisions (§1681c(a), §1681e(b)) to protect privacy/interests alleged | Gambles points to FCRA’s purposes (accuracy, privacy) and statutory remedies (statutory damages) to show Congress recognized non-quantifiable harms | Sterling minimizes privacy interest, arguing these provisions target improper use rather than disclosure absent harm | Court relied on FCRA’s text and purpose—protecting privacy and accuracy—and Congress’s provision for statutory damages to conclude Congress intended to remedy these kinds of harms |
| Whether the claimed injury is particularized | Gambles contends the Report disclosed individualized, inaccurate information about him | Sterling suggests injury is speculative without proof of actual adverse use | Court held the particularity requirement is met: alleged harm is individualized to Gambles’s address history and personal reputation |
Key Cases Cited
- Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016) (Article III requires a concrete and particularized injury; not all statutory violations alone confer standing)
- Lujan v. Defenders of Wildlife, 504 U.S. 555 (1992) (standing’s injury-in-fact, causation, redressability elements)
- Safeco Ins. Co. of Am. v. Burr, 551 U.S. 47 (2007) (FCRA purposes: fair and accurate reporting; consumer privacy)
- Strubel v. Comenity Bank, 842 F.3d 181 (2d Cir. 2016) (Spokeo does not categorically foreclose statutory procedure violations from constituting concrete injuries)
- In re Horizon Healthcare Servs. Inc. Data Breach Litig., 846 F.3d 625 (3d Cir. 2017) (unauthorized dissemination of private information can be a de facto concrete injury supporting standing)