Eleventh Circuit Holds Monetary Damages Caused by Identity Theft Present a Cognizable Injury

Posted on September 28th, 2012 in Courts, Digital Commerce By BuckleySandler

Recently, the U.S. Court of Appeals for the Eleventh Circuit, in a case of first impression, held that the named plaintiffs in a putative class action could pursue their claims for monetary loss from a health care company that allegedly failed to protect their personal information. Resnick v. AvMed Inc., No. 11-13694, 2012 WL 3833035 (11th Cir. Sep. 25, 2012). The plaintiffs allege that they became subject to identity theft several months after laptops containing their sensitive personal information were stolen from the company’s offices. The plaintiffs sued the health care company, alleging negligence, negligence per se under Florida law, breach of contract, unjust enrichment, breach of implied covenant of good faith and fair dealing, and breach of fiduciary duty. The district court dismissed all claims, holding that the complaint failed to state a cognizable injury. On appeal, the court of appeals reversed the district court on the majority of the claims. It held that because the complaint alleges financial injury, and because monetary loss is cognizable under Florida law, the plaintiffs have alleged a cognizable injury. The court found that the plaintiffs “have shown a sufficient nexus between the data breach and the identity theft beyond allegations of time and sequence” because the plaintiffs plead that they were careful in protecting their identities and had never been victims of identity theft. Finding that causation was sufficiently plead, the court of appeals reversed the district court with regard to the counts of negligence, breach of contract, and breach of fiduciary duty. The court affirmed dismissal of the claims of negligence per se and breach of implied covenant of good faith and fair dealing because failure to comply with the relevant state statute cannot serve as a basis for negligence per se, and because the health care company’s actions were not shown to be conscious and deliberate as necessary to support a claim of breach of implied covenant. Finally, the court held that the plaintiffs alleged sufficient facts to sustain a claim for unjust enrichment because they claim to have paid monthly premiums to the company, while alleging that the company failed to implement sufficient data management and security measures. The case was remanded for further proceedings.