Health-care insurance provider CareFirst Inc. has escaped another class action stemming from a 2015 data breach that compromised 1.1 million consumers’ information.

Judge Christopher R. Cooper dismissed the consumer class action Aug. 10 because the plaintiffs failed to allege sufficient harm from the data breach to establish standing.

The ability to keep a consumer class action in federal court may depend on the type of data reached and how the data is used. Philip N. Yannella, privacy and data security partner at Ballard Spahr LLP, told Bloomberg BNA Aug. 11 that even though other courts ‘‘have shown a willingness to find Article III standing in data breach cases involving actual hacks, this case is a bit different because the data that was stolen didn’t include social security numbers, credit card or financial account numbers.’’

The court relied on the U.S. Supreme Court’s standard set in Clapper v. Amnesty Int’l 133 S. Ct. 1138, 2013, that ‘‘allegations of possible future injury don’t satisfy constitutional standing requirements’’ (39 PRA, 2/27/13). The court held that the plaintiffs arguments that the non-sensitive information stolen may eventually lead to harm ‘‘is still too speculative to satisfy Clapper.’’

Yannella said that although data breaches of all types of data may cause some worry to consumers and ‘‘it’s possible that hackers could use stolen data—birth dates, names, addresses—and cobble it together with other information to commit harm, the chain of events that would be necessary’’ is quite thin, he said. That is the reason why the court ruled that the actual harm alleged was too speculative to support federal standing,” he said.