June 18, 2009
REGINA A. RANDOLPH, ET AL., APPELLANTS,
ING LIFE INSURANCE AND ANNUITY COMPANY, APPELLEE.
Appeal from the Superior Court of the District of Columbia (C-4932-06) (Hon. Frederick H. Weisberg, Trial Judge).
The opinion of the court was delivered by: Thompson, Associate Judge
Argued December 4, 2008
Before KRAMER and THOMPSON, Associate Judges and FARRELL, Senior Judge.*fn1
Appellants in this case are seven current or retired District of Columbia employees whose personal information related to their participation in an employee deferred compensation plan administered by ING Life Insurance and Annuity Company ("ING") was stored on a laptop computer that was stolen from an ING employee's home. Citing a "substantial risk" of identity theft and other dangers from the possible unauthorized use of their personal information, appellants sued ING for damages and other relief.*fn2 The Superior Court dismissed the suit for lack of standing. We affirm the order of dismissal.
On June 11, 2006, an ING agent's home was burglarized. Among the items stolen during the burglary was the agent's personal laptop computer, onto which he had downloaded, allegedly without encryption or password protection, personal information (including Social Security numbers) of participants in the "District of Columbia 457 Deferred Compensation Plan."*fn3 ING provides investment advice, administrative services and recordkeeping with respect to the deferred compensation plan.
On or about June 19, 2006, ING notified the District about the computer theft. ING also began alerting affected participants individually, communicating to them instructions about how to enroll in a complimentary credit-monitoring service for which ING would pay. Not satisfied with ING's response to the situation, appellants filed suit in the Superior Court on June 27, 2006. They claimed, inter alia, that ING failed "to establish and enforce appropriate... safeguards to ensure the security and confidentiality of records." The counts of the complaint advanced several common-law theories of recovery, including negligence, gross negligence, and invasion of privacy.
ING removed the case to the United States District Court for the District of Columbia on the basis of diversity and thereafter filed a motion to dismiss on the grounds of lack of standing, failure to state a claim, and mootness. The District Court (the Honorable Colleen Kollar-Kotelly) concluded that appellants had failed to establish Article III standing and therefore remanded the case to the Superior Court pursuant to 28 U.S.C. § 1447 (c). Appellants then amended their complaint, adding both common-law and statutory causes of action. As amended, the complaint alleges negligence, gross negligence, breach of fiduciary duty, willful violation of appellants' right of privacy, and violations of D.C. Code §§ 1-626.13 and 1-741 (describing the responsibilities of trustees and other fiduciaries of certain District employee retirement plans). ING moved to dismiss the amended complaint for lack of standing, failure to state a claim, and mootness. (App. 15-18.) Reaching only the first of those issues and reasoning that appellants "cannot allege an injury in fact," the Superior Court (the Honorable Frederick Weisberg) dismissed the amended complaint for lack of standing in an order dated June 13, 2007.*fn4 This appeal followed.
"Whether appellants have standing is a question of law which we consider on appeal de novo." Board of Dirs., Wash. City Orphans Asylum v. Board of Trs., Wash. City Orphans Asylum, 798 A.2d 1068, 1074 (D.C. 2002). Because our review is de novo, "we are not limited to reviewing the legal adequacy of the grounds the trial court relied on for its ruling; if there is an alternative basis that dictates the same result, a correct judgment must be affirmed on appeal." Nicola v. Washington Times Corp., 947 A.2d 1164, 1176 n.9 (D.C. 2008) (quoting Kerrigan v. Britches of Georgetowne, Inc., 705 A.2d 624, 628 (D.C. 1997)).
"[S]tanding requirements are met when a party demonstrates (1) an injury in fact, (2) a causal connection between the injury and the conduct of which the party complains, and (3) redressability, i.e., that it is likely that a favorable decision will redress the injury." Riverside Hosp. v. District of Columbia Dep't of Health, 944 A.2d 1098, 1104 (2008) (quoting Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61 (1992) (internal quotation marks and ellipses omitted)).*fn5 Injury-in-fact involves the "invasion of a legally protected interest which is (a) concrete and particularized, and (b) actual or imminent, not conjectural or hypothetical." Miller v. Bd. of Zoning Adjustment, 948 A.2d 571, 574 (D.C. 2008) (citations omitted).
Judge Weisberg reasoned that appellants' complaint failed to allege the type of concrete injury that was necessary for them to have standing to pursue their common-law claims. He summarized the deficiencies in the amended complaint as follows:
Plaintiffs allege, in the light most favorable to them, that they are more vulnerable to identity theft now that their personal data [have] fallen into the hands of the thief of the computer or one who receives it from the thief, and the Plaintiffs who are police officers allege that their home addresses may be compromised, subjecting them to possible threats or violence. No Plaintiff alleges that his or her identity has in fact been stolen or used, and no police officer Plaintiff alleges that his or her residence has been revealed or threatened in any way. The most Plaintiffs can claim is that they are worried that these harmful events may occur and that they have "incurred or will incur actual damages" to protect their credit or to repair any damage if it occurs.
June 13, 2007 Order at 6 (footnote omitted). Judge Weisberg continued:
[F]or all anyone knows at this time, there has not been any exposure of Plaintiffs' personal information. Even if the information was not password protected, as Plaintiffs allege, it is at least possible that the thief kept the computer or passed it to someone who erased it of its hard drive and memory to make it more pristine for resale. Unless and until any of the stored information is actually used, it is impossible to know whether Plaintiffs will ever suffer any real, as opposed to imagined, injury.
Id. at 6 n. 4 (emphasis in the original). Judge Weisberg concluded that "[f]ear of future harm, even if reasonable, is simply not the kind of concrete and particularized injury, or imminent future injury" that "suffice[s] to confer standing." Id. at 6.
As Judge Weisberg noted, in addition to the District Court for the District of Columbia (in its ruling on appellants' original complaint), a number of courts presented with risk-of-identity-theft claims have similarly ruled that plaintiffs lacked the requisite injury to establish standing to sue where they could not allege that any unauthorized use of their personal information had already occurred.*fn6 In light of the Supreme Court's reasoning in Doe v. Chao, 540 U.S. 614 (2004), we question the approach that these courts have taken.*fn7 Although citing the "traditional understanding that tort recovery requires... proof of some harm for which damages can reasonably be assessed," the Doe court acknowledged that "[t]raditionally, the common law has provided [privacy tort] victims with a claim for 'general damages,' which for privacy torts... are presumed damages: a monetary award calculated without reference to specific harm." Doe, 540 U.S. at 621 (citing 3 Restatement of Torts § 621 (1938); 4 id., § 867 (1939)). Against that background, the Doe court recognized that a plaintiff alleging a breach of privacy in violation of the federal Privacy Act has Article III standing to sue where the harm he alleges is no more than that he is "'greatly concerned and worried' because of the disclosure of his Social Security number and its potentially 'devastating' consequences."*fn8 Doe, 540 U.S. at 641 (Ginsburg, J., dissenting) (explaining that the reasoning of the Doe majority was that plaintiff Doe had "standing to sue," but simply could not succeed on his Privacy Act claim unless he had incurred an out-of-pocket expense (because, in the majority's words, 540 U.S. at 622, "Congress cut out the very language in the bill that would have authorized any presumed damages" for a statutory violation)).
As the Supreme Court has observed elsewhere, standing "often turns on the nature and source of the claim asserted." Warth v. Seldin, 422 U.S. 490, 500 (1975) (explaining also that "[t]he actual or threatened injury required by Art. III may exist solely by virtue of 'statutes creating legal rights, the invasion of which creates standing...'").Here, the amended complaint presents a mixture of theories of liability. For example, appellants allege that "as a result of ING's breach of fiduciary duty[,] their right to privacy was violated." Given the overlapping tort causes of action and the mixed common-law and statutory grounds for action that appellants asserted in their amended complaint, we think that -- rather than an analysis of standing (the test for which, the opinion in Doe suggests, is fairly easily satisfied) -- the better approach toward resolving ING's motion to dismiss is to analyze whether the amended complaint succeeded in stating a claim as to any or all of appellants' various theories of liability. See District of Columbia v. Acme Reporting Co., 530 A.2d 708, 712 (D.C. 1987) (this Court is "free to sustain the trial court judgments on grounds different from those on which the trial court relied"). We proceed to such an analysis.
Negligence and gross negligence. To maintain an action for negligence, a plaintiff must allege more than speculative harm from defendant's allegedly negligent conduct. "[S]peculative harm, or the threat of future harm - not yet realized - does not suffice to create a cause of action for negligence." In re Estate of Curseen v. Ingersoll, 890 A.2d 191, 194 (D.C. 2006) (emphasis in the original) (citation omitted). Here, as Judge Weisberg found, no "Plaintiff alleges that his or her identity has in fact been stolen or used, and no police officer Plaintiff alleges that his or her residence has been revealed or threatened in any way." June 13, 2007 Order at 6. Rather, appellants allege that "these harmful events may occur."*fn9 Id. We also agree with Judge Weisberg that, to the extent that appellants allege actual harm from expenses they have incurred to undertake credit monitoring or other security measures to guard against possible misuse of their data, they have alleged an injury that is "not the result of any present injury, but rather the [result of] the anticipation of future injury that has not materialized." Id. at 7 (quoting Randolph v. ING Life Ins. & Annuity Co., 486 F. Supp. 2d at 8; see also Shafran v. Harley-Davidson, 07 Civ. 01365 (GBD), 2008 U.S. Dist. LEXIS 22494, *8-9 (S.D.N.Y. Mar. 24, 2008)) (explaining that "[c]courts have uniformly ruled that the time and expense of credit monitoring to combat an increased risk of future identity theft is not, in itself, an injury that the law [of negligence] is prepared to remedy"). Accordingly, with respect to appellants' negligence and gross negligence counts, we conclude that the amended complaint failed to state a claim.*fn10
Common-law breach of fiduciary duty. For much the same reason, appellants' common-law breach-of-fiduciary-duty count also fails to state a claim. "[B]reach of fiduciary duty is not actionable unless injury accrues to the beneficiary or the fiduciary profits thereby." Beckman v. Farmer, 579 A.2d 618, 651 (D.C. 1990) (quoting Day v. Avery, 548 F.2d 1018, 1029 n.56 (D.C. Cir. 1976), for the proposition that "since neither injury to appellant nor profit to any appellee can be shown to flow from any nondisclosure complained of, appellant's allegation of breach of a fiduciary duty by nondisclosure must also fail").*fn11 Assuming without deciding that ING had a fiduciary duty to appellants, we conclude that appellants' allegations about the risk of identity theft, and about danger from the possible disclosure of police officers' addresses to those who may harbor ill-will toward police, do not state the type of injury required to maintain a suit for common-law breach of fiduciary duty.*fn12
Invasion of privacy. Count II of the amended complaint alleges a "willful and intentional failure [by ING] to establish appropriate safeguards to ensure the privacy and security of District of Columbia employee records... in violation of [appellants'] clearly established right of privacy." At least arguably, this Count alleges common-law invasion of privacy, a tort that the District of Columbia "has long recognized." Vassiliades, supra n.11, 492 A.2d at 587.Among the invasions that may constitute this tort are "public disclosure of private facts" and "intrusion upon one's solitude or seclusion." Danai v. Canal Square Assocs., 862 A.2d 395, 400 n.3 (D.C. 2004) (citing Wolf v. Regardie, 553 A.2d 1213, 1216-17 (D.C. 1989)); Vassiliades, 492 A.2d at 587 (citing Peay v. Curtis Pub. Co., 78 F. Supp. 305, 309 (D.D.C. 1948)) ( "[a] person who unreasonably and seriously interferes with another's interest in not having his affairs known to others... is liable to the other"); Restatement 2d of Torts § 652B (1977) ("One who intentionally intrudes... upon the... seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person").
Section 652D of the Restatement explains, in comment c, that "[t]he protection afforded to the plaintiff's interest in his privacy must be relative to the customs of the time and place...." Because "[m]odern life... has created novel situations, that in turn gave rise to the problem of protecting the individual who desires... freedom from intrusion into his private life as well as from undue and undesirable publicity," Peay, 78 F. Supp. at 309, the common law must be "constantly molded and adjusted to meet changing conditions." Id. In this age of identity theft and other wrongful conduct through the unauthorized use of electronically-stored data, we have little difficulty agreeing that conduct giving rise to unauthorized viewing of personal information such as a plaintiff's Social Security number and other identifying information can constitute an intrusion that is highly offensive to any reasonable person, and may support an action for invasion of privacy (irrespective of whether the plaintiff alleges that economic or other resultant injuries have already come to pass).*fn13 Cf. Danai, supra, 862 A.2d at 400 n.4 (explaining that "examining a plaintiff's private bank account" or "other invasions of that nature" are among the types of invasion that may constitute tortious invasion of privacy) (citing Wolf, supra, 553 A.2d at 1217-18); Restatement 2d of Torts § 652B, comment b ("The intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the... information"); Vassiliades, supra, 492 A.2d at 587 ("a cause of action for the invasion of privacy 'represents a vindication of the right of private personality and emotional security'" (emphasis added) (quoting Afro-American Pub. Co. v. Jaffe, 366 F.2d 649, 653 (D.C. Cir. 1966)).
We nonetheless affirm the dismissal of appellants' invasion-of-privacy count, because the amended complaint fails to allege all of the elements of the tort of invasion of privacy. First, in this jurisdiction, invasion of privacy is an intentional tort. See Heard v. Johnson, 810 A.2d 871, 881 n.5 (D.C. 2002); see also Bailer v. Erie Ins. Exch., 687 A.2d 1375, 1381 (Md. 1997) ("The tort [of invasion of privacy] cannot be committed by unintended conduct amounting merely to lack of due care").*fn14 Notwithstanding appellants' claim that ING's "willful and intentional" conduct violated their right of privacy, the allegations of the complaint (e.g.., the failure to establish safeguards to 14 protect employee records) do not appear to allege intentional conduct.*fn15
But even if the amended complaint sufficiently alleges intentional conduct, there is an additional reason why appellants' allegations fail to state a claim for common-law invasion of privacy. An essential element of the tort (whether the focus is on "intrusion upon... seclusion" or "public disclosure of private facts") is that private facts must be accessed or publicly disclosed. See Vassiliades, supra, 492 A.2d at 588 (observing that, in that case, "[t]he nature of the publicity ensured that it would reach the public"). Here, as the Superior Court recognized, appellants' amended complaint makes no allegations about what happened to the data on the stolen laptop computer. As Judge Weisberg suggested, it is possible that the thief unloaded the computer without ever accessing appellants' data or that the thief or whoever later took possession of the computer deleted the data from the hard drive without ever scrolling through it.*fn16 Without an allegation that the data involved here were disclosed to and viewed by someone unauthorized to do so, appellants have failed to state a claim for invasion of privacy.*fn17
Statutory counts. The remaining counts of the amended complaint allege that ING's failure to safeguard appellants' "457 Deferred Compensation" personal information gives appellants a cause of action arising under D.C. Code §§ 1-626.13 and 1-741. Section 1-626.13 describes the duty of fiduciaries "with respect to the Trust" to discharge their duties "[w]ith the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent individual acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims." Id., § 1-626.13 (a)(2). Section 1-741 describes the same duty of fiduciaries "with respect to the Fund." Id., § 1-741 (a)(2)(B).
As Judge Weisberg recognized, the "Trust" to which section 1-626.13 refers is "the Section 401 (a) Trust established by [D.C. Code] § 1-626.11," the entity into which the District places funds of the defined contribution plan described in D.C. Code § 1-626.05(3). See D.C. Code §§ 1-626.04(7) and -626.11 (a) (2001). The term "Fund" to which section 1-741 refers holds the retirement funds described in D.C. Code §§ 1-712, -713, and -714. See D.C. Code § 1-702(10) (2001). We agree with Judge Weisberg that neither the "Trust" nor the "Fund" appears to be the § 457 Deferred Compensation fund as to which (according to the amended complaint) ING held appellants' personal data. D.C. Code § 1-626.05(2) describes "an employee deferred compensation plan pursuant to § 457 of the Internal Revenue Code" that appears to be distinct from both the section 401 (a) "Trust" and from the retirement funds that constitute the "Fund," whose fiduciaries have the duties described in D.C. Code §§ 1-626.13 and 1-741. It follows that, although D.C. Code § 1-626.14 permits a "participant or beneficiary of the Trust" to bring a civil action for "appropriate legal and equitable relief" with respect to an act or practice that violates any provision of this chapter (D.C. Code §§ 1-601.01 et seq.), section 1-626.14 does not create a right of action relating to the "457 Deferred Compensation Plan."*fn18 Furthermore, as we held in Thomas v. District of Columbia, 942 A.2d 1154 (D.C. 2008), section 1-624.14 does not authorize a civil action to recover damages for personal injury or other consequential damages. 942 A.2d at 1159.
A similar analysis applies with respect to D.C. Code § 1-747. Section 1-747 permits a "beneficiary" or "participant" to bring a civil action to obtain redress and appropriate relief with respect to "any act or practice that violates any provision of this chapter [D.C. Code §§ 1-701 et seq.]" (emphasis added). Thus, section 1-747 does not appear to create a right of action relating to the "457 Deferred Compensation Plan" described in D.C. Code § 1-626.05(2). Appellants' argument is that section 1-747 does not limit a plan participant's right of action to "enforce the terms of a retirement program," D.C. Code § 1-747 (a)(3)(B)(ii), to programs described in section 1-701 through 1-753. Even if we assume that this interpretation is correct and that section 1-747 applies to claims arising out of the 457 Deferred Compensation Plan, we still would conclude that the provision does not give appellants a cause of action for redress of their concerns about identity theft. Section 1-747 is virtually identical to a counterpart civil enforcement provision contained in section 502 (a) of the Employee Retirement Income Security Act of 1974 ("ERISA"), 29 U.S.C. § 1132 (2009). In Massachusetts Mutual Life Ins. Co. v. Russell, 473 U.S. 134 (1985), the Supreme Court rejected the view that 502 (a) gives plan beneficiaries a private right of action for compensatory or punitive relief or other "extracontractual damages" (such as damages for mental distress occasioned by a delay in payment) that go beyond recovery of plan benefits wrongfully withheld or denied. See 473 U.S. at 144. Appellants have suggested no reason why we should adopt a more expansive interpretation of the authority that D.C. Code § 1-747 confers on plan participants and beneficiaries to obtain relief with respect to the "terms of a retirement program." D.C. Code §§ 1-747 (a)(1)(B), (a)(3)(A), and (a)(3)(B)(ii). We decline to construe section 1-747 to establish a statutory private right of action to sue for damages for conduct creating a risk of identity theft.
For the foregoing reasons, we affirm the judgment of the Superior Court dismissing the amended complaint.