Opinion
Case No. 2:13-cv-118 Case No. 2:13-cv-257
10-31-2017
Judge Michael H. Watson
REPORT AND RECOMMENDATION
Plaintiffs in the above-captioned actions learned in November 2012 that their personally identifiable data, which they had provided to Nationwide Mutual Insurance Company in applications for insurance coverage, had been stolen in a major data breach. Plaintiffs filed suit and asserted a number of claims against Nationwide. On August 16, 2017, this Court issued an Opinion and Order at the conclusion of which it noted that Plaintiffs' only remaining cause of action in each of these cases is a bailment claim. These actions are now before the Court to consider Defendant's Motion to Dismiss the bailment claim pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. (Case No. 2:13-cv-118, ECF No. 92.) For the reasons that follow, it is RECOMMENDED that Defendant's Motion be granted.
I. The Rule 12(b)(6) Standard
At this stage, this Court must accept all of Plaintiffs' well-pleaded factual allegations as true and construe their complaint in the light most favorable to them. Haviland v. Metro. Life Ins. Co., 730 F.3d 563, 566-67 (6th Cir. 2013). Although the complaint need not contain "detailed factual allegations," it must include more than "labels and conclusions" or "a formulaic recitation of the elements of a cause of action." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). Thus, the complaint will survive a motion to dismiss if it "contain[s] sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face." Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (internal quotations omitted). "[A] claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Hensley Mfg. v. ProPride, Inc., 579 F.3d 603, 609 (6th Cir. 2009) (quoting Iqbal, 556 U.S. at 678).
II. Analysis
Plaintiffs have not stated a claim for bailment upon which this Court may grant relief because they did not relinquish control of their personally identifiable information when they applied for insurance. Having retained control of the information, they cannot establish liability on the basis of Nationwide's alleged failure to return the information to them undamaged.
A number of courts across the country have considered bailment claims in the context of data security breaches and concluded that the scenario in which a person provides personally identifiable information to a business and the information is stolen does not give rise to bailment liability. See, e.g., In re Target Data Security Breach Litig., 66 F. Supp. 3d 1154, 1177 (D. Minn. 2014); In re Sony Gaming Networks and Customer Data Sec. Breach Litig., 903 F. Supp. 2d 942, 974 (S.D. Cal. 2012). Applying the law of various states, those courts have concluded that a person in that scenario has not transferred possession of the data with the expectation that the recipient will return the date and does not base any claim for damages on the recipient's unlawful retention of the data. Target Data Security Breach, 66 F. Supp. 3d at 1177 (applying Illinois law); Sony Gaming Networks, 903 F. Supp. 2d at 974 (applying California law).
Ohio bailment law mirrors California and Illinois law in all material respects. A bailment claim requires either a contract of bailment or a bailment implied by law. Agricultural Ins. Co. v. Constantine, 144 Ohio St. 275, 284 (1944). An implied bailment exists when a person delivers personal property to another person or entity for a specific purpose with an implied agreement that the property "shall be returned or accounted for when this special purpose is accomplished or retained until the bailor reclaims the property." Tomas v. Nationwide Mut. Ins. Co., 79 Ohio App. 3d 624, 628 (Oh. Ct. App. 1992). Liability on a bailment theory rests on the bailee's failure to return the bailed personal property as agreed or to return it in an undamaged condition. Id. at 629. The bailment theory, thus, requires a transfer of possession and custody of the bailed property. See Vandeventer v. Vandeventer, 132 Ohio App. 3d 762, 767 (Oh. Ct. App. 1999).
While this Court has not conducted a choice of law analysis, the parties appear to agree that their state law claims are governed either by the law of Ohio, where Defendant resides, or by the law of Kansas and Minnesota, where Plaintiffs reside. Both Kansas and Minnesota also view the act of bailment as a transfer of custody or control of personal property. See Prod. Credit Ass'n of St. Cloud v. Fitzpatrick, 385 N.W.2d 410, 412 (Minn. Ct. App. 1986); M. Bruenger & Co., Inc. v. Dodge City Truck Stop, Inc., 675 P.2d 864, 868 (Kan. 1984).
Intangible property, including personally identifiable data, may or may not constitute the sort of personal property that may be bailed. See Target Data Security Breach, 66 F. Supp. 3d at 1177; see also In re Sony Gaming Networks Customer Data Sec. Breach Litig., Nos. 11CV2119, 11CV2120, 2012 WL 4849054, at *23 (S.D. Cal. Oct. 11, 2012) ("the Court is hard pressed to conceive of how Plaintiffs' Personal Information could be construed to be personal property so that the Plaintiffs somehow 'delivered' this property Sony and then expected it to be returned"). The Court need not resolve that question in this action because Plaintiffs have not alleged that they transferred control or custody of their personal identifiers to Defendant with the expectation that Defendant would hold them for some purpose and then return them undamaged to Plaintiffs.
Plaintiffs provided the data, in the sense that they told Defendant what the data were, but they did not relinquish custody or control of the data to Defendant. They retained their personal identifiers and continued to use them throughout the period of the alleged bailment. They have not alleged, and could not allege, that they expected Defendant to return the data because they were never without their personal identifiers. Plaintiffs' specific allegations are that they "entrusted" the data to Defendant, which "improperly handled" and "wrongfully retained" the data. (Compl. ¶¶ 1, 3, 81, ECF No. 1.) They do not allege that the parties had agreed that Defendant would return the data, however, or that the data could have been returned. Plaintiffs have not, therefore, alleged a bailment between the parties with respect to the data.
III. Recommended Disposition
For the reasons set forth above, it is RECOMMENDED that the Court GRANT Defendant's Motion to Dismiss (Case No. 2:13-cv-118, ECF No. 92), DISMISS the bailment claim pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure, and DIRECT the Clerk to enter judgment for Defendant in each of the above-captioned actions.
IV. Procedure on Objections
If any party objects to this Report and Recommendation, that party may, within fourteen days of the date of this Report, file and serve on all parties written objections to those specific proposed findings or recommendations to which objection is made, together with supporting authority for the objection(s). A judge of this Court shall make a de novo determination of those portions of the report or specified proposed findings or recommendations to which objection is made. Upon proper objections, a judge of this Court may accept, reject, or modify, in whole or in part, the findings or recommendations made herein. 28 U.S.C. 636(b)(1). The judge may also receive further evidence or recommit this matter to the magistrate judge with instructions. Id.
The parties are specifically advised that failure to object to the Report and Recommendation will result in a waiver of the right to have the district judge review the Report and Recommendation de novo, and also operates as a waiver of the right to appeal the decision of the District Court adopting the Report and Recommendation. See Thomas v. Arn, 474 U.S. 140 (1985); United States v. Walters, 638 F.2d 947 (6th Cir. 1981).
/s/ Chelsey M. Vascura
CHELSEY M. VASCURA
UNITED STATES MAGISTRATE JUDGE