Randolph v. Ing Life Insurance and Annuity Co.

Decision Date18 June 2009
Docket NumberNo. 07-CV-791.,07-CV-791.
Citation973 A.2d 702
PartiesRegina A. RANDOLPH, et al., Appellants, v. ING LIFE INSURANCE AND ANNUITY COMPANY, Appellee.
CourtD.C. Court of Appeals

Gregory L. Lattimer, Washington, DC, for appellants.

Juan P. Morillo, Washington, DC, with whom Stephen M. Nickelsburg and Sarra Cho were on the brief, for appellee.

Before KRAMER and THOMPSON, Associate Judges and FARRELL, Senior Judge.*

THOMPSON, Associate Judge:

Appellants in this case are seven current or retired District of Columbia employees whose personal information related to their participation in an employee deferred compensation plan administered by ING Life Insurance and Annuity Company ("ING") was stored on a laptop computer that was stolen from an ING employee's home. Citing a "substantial risk" of identity theft and other dangers from the possible unauthorized use of their personal information, appellants sued ING for damages and other relief.1 The Superior Court dismissed the suit for lack of standing. We affirm the order of dismissal.

I.

On June 11, 2006, an ING agent's home was burglarized. Among the items stolen during the burglary was the agent's personal laptop computer, onto which he had downloaded, allegedly without encryption or password protection, personal information (including Social Security numbers) of participants in the "District of Columbia 457 Deferred Compensation Plan."2 ING provides investment advice, administrative services and recordkeeping with respect to the deferred compensation plan.

On or about June 19, 2006, ING notified the District about the computer theft. ING also began alerting affected participants individually, communicating to them instructions about how to enroll in a complimentary credit-monitoring service for which ING would pay. Not satisfied with ING's response to the situation, appellants filed suit in the Superior Court on June 27, 2006. They claimed, inter alia, that ING failed "to establish and enforce appropriate ... safeguards to ensure the security and confidentiality of records." The counts of the complaint advanced several common-law theories of recovery, including negligence, gross negligence, and invasion of privacy.

ING removed the case to the United States District Court for the District of Columbia on the basis of diversity and thereafter filed a motion to dismiss on the grounds of lack of standing, failure to state a claim, and mootness. The District Court (the Honorable Colleen Kollar-Kotelly) concluded that appellants had failed to establish Article III standing and therefore remanded the case to the Superior Court pursuant to 28 U.S.C. § 1447(c). Appellants then amended their complaint, adding both common-law and statutory causes of action. As amended, the complaint alleges negligence, gross negligence, breach of fiduciary duty, willful violation of appellants' right of privacy, and violations of D.C.Code §§ 1-626.13 and 1-741 (describing the responsibilities of trustees and other fiduciaries of certain District employee retirement plans). ING moved to dismiss the amended complaint for lack of standing, failure to state a claim, and mootness. (App. 15-18.) Reaching only the first of those issues and reasoning that appellants "cannot allege an injury in fact," the Superior Court (the Honorable Frederick Weisberg) dismissed the amended complaint for lack of standing in an order dated June 13, 2007.3 This appeal followed.

II.

"Whether appellants have standing is a question of law which we consider on appeal de novo." Board of Dirs., Wash. City Orphan Asylum v. Board of Trs., Wash. City Orphan Asylum, 798 A.2d 1068, 1074 (D.C.2002). Because our review is de novo, "we are not limited to reviewing the legal adequacy of the grounds the trial court relied on for its ruling; if there is an alternative basis that dictates the same result, a correct judgment must be affirmed on appeal." Nicola v. Washington Times Corp., 947 A.2d 1164, 1176 n. 9 (D.C.2008) (quoting Kerrigan v. Britches of Georgetowne, Inc., 705 A.2d 624, 628 (D.C.1997)).

III.

"[S]tanding requirements are met when a party demonstrates (1) an injury in fact, (2) a causal connection between the injury and the conduct of which the party complains, and (3) redressability, i.e., that it is likely that a favorable decision will redress the injury." Riverside Hosp. v. District of Columbia Dep't of Health, 944 A.2d 1098, 1104 (2008) (quoting Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992) (internal quotation marks and ellipses omitted)).4 Injury-in-fact involves the "invasion of a legally protected interest which is (a) concrete and particularized, and (b) actual or imminent, not conjectural or hypothetical." Miller v. Bd. of Zoning Adjustment, 948 A.2d 571, 574 (D.C.2008) (citations omitted).

Judge Weisberg reasoned that appellants' complaint failed to allege the type of concrete injury that was necessary for them to have standing to pursue their common-law claims. He summarized the deficiencies in the amended complaint as follows:

Plaintiffs allege, in the light most favorable to them, that they are more vulnerable to identity theft now that their personal data [have] fallen into the hands of the thief of the computer or one who receives it from the thief, and the Plaintiffs who are police officers allege that their home addresses may be compromised, subjecting them to possible threats or violence. No Plaintiff alleges that his or her identity has in fact been stolen or used, and no police officer Plaintiff alleges that his or her residence has been revealed or threatened in any way. The most Plaintiffs can claim is that they are worried that these harmful events may occur and that they have "incurred or will incur actual damages" to protect their credit or to repair any damage if it occurs.

June 13, 2007 Order at 6 (footnote omitted). Judge Weisberg continued:

[F]or all anyone knows at this time, there has not been any exposure of Plaintiffs' personal information. Even if the information was not password protected, as Plaintiffs allege, it is at least possible that the thief kept the computer or passed it to someone who erased it of its hard drive and memory to make it more pristine for resale. Unless and until any of the stored information is actually used, it is impossible to know whether Plaintiffs will ever suffer any real, as opposed to imagined, injury.

Id. at 6 n. 4 (emphasis in the original). Judge Weisberg concluded that "[f]ear of future harm, even if reasonable, is simply not the kind of concrete and particularized injury, or imminent future injury" that "suffice[s] to confer standing." Id. at 6.

As Judge Weisberg noted, in addition to the District Court for the District of Columbia (in its ruling on appellants' original complaint), a number of courts presented with risk-of-identity-theft claims have similarly ruled that plaintiffs lacked the requisite injury to establish standing to sue where they could not allege that any unauthorized use of their personal information had already occurred.5 In light of the Supreme Court's reasoning in Doe v. Chao, 540 U.S. 614, 124 S.Ct. 1204, 157 L.Ed.2d 1122 (2004), we question the approach that these courts have taken.6 Although citing the "traditional understanding that tort recovery requires ... proof of some harm for which damages can reasonably be assessed," the Doe court acknowledged that "[t]raditionally, the common law has provided [privacy tort] victims with a claim for `general damages,' which for privacy torts ... are presumed damages: a monetary award calculated without reference to specific harm." Doe, 540 U.S. at 621, 124 S.Ct. 1204 (citing 3 Restatement of Torts § 621 (1938); 4 id., § 867 (1939)). Against that background, the Doe court recognized that a plaintiff alleging a breach of privacy in violation of the federal Privacy Act has Article III standing to sue where the harm he alleges is no more than that he is "`greatly concerned and worried' because of the disclosure of his Social Security number and its potentially `devastating' consequences."7 Doe, 540 U.S. at 641, 124 S.Ct. 1204 (Ginsburg, J., dissenting) (explaining that the reasoning of the Doe majority was that plaintiff Doe had "standing to sue," but simply could not succeed on his Privacy Act claim unless he had incurred an out-of-pocket expense (because, in the majority's words, 540 U.S. at 622, 124 S.Ct. 1204, "Congress cut out the very language in the bill that would have authorized any presumed damages" for a statutory violation)).

As the Supreme Court has observed elsewhere, standing "often turns on the nature and source of the claim asserted." Warth v. Seldin, 422 U.S. 490, 500, 95 S.Ct. 2197, 45 L.Ed.2d 343 (1975) (explaining also that "[t]he actual or threatened injury required by Art. III may exist solely by virtue of `statutes creating legal rights, the invasion of which creates standing ...'"). Here, the amended complaint presents a mixture of theories of liability. For example, appellants allege that "as a result of ING's breach of fiduciary duty[,] their right to privacy was violated." Given the overlapping tort causes of action and the mixed common-law and statutory grounds for action that appellants asserted in their amended complaint, we think that—rather than an analysis of standing (the test for which, the opinion in Doe suggests, is fairly easily satisfied)—the better approach toward resolving ING's motion to dismiss is to analyze whether the amended complaint succeeded in stating a claim as to any or all of appellants' various theories of liability. See District of Columbia v. Acme Reporting Co., 530 A.2d 708, 712 (D.C.1987) (this Court is "free to sustain the trial court judgments on grounds different from those on which the trial court relied"). We proceed to such an analysis.

IV.

Negligence and gross negligence. To maintain an action for negligence, a plaintiff...

To continue reading

Request your trial
39 cases
  • Phillips v. Spencer
    • United States
    • U.S. District Court — District of Columbia
    • 15 Julio 2019
    ...of a fiduciary duty." Cumis Ins. Soc'y, Inc. v. Clark , 318 F. Supp. 3d 199, 210 (D.D.C. 2018) ; see also Randolph v. ING Life Ins. & Annuity Co. , 973 A.2d 702, 709 (D.C. 2009) (recognizing that a breach of fiduciary duty claim is cognizable under D.C. law). Nonetheless, this Court will re......
  • In re Equifax, Inc.
    • United States
    • U.S. District Court — Northern District of Georgia
    • 28 Enero 2019
    ...information by criminal hackers presents a much more significant risk of identity fraud.The Defendants also cite Randolph v. ING Life Insurance and Annuity Company .89 There, the plaintiffs sued after a laptop computer containing their personal information was stolen from the home of one of......
  • Grayson v. At & T Corp.., s. 07–CV–1264
    • United States
    • D.C. Court of Appeals
    • 20 Enero 2011
    ...Park, Inc. v. District of Columbia and Clark Realty Capital, LLC, 806 A.2d 1201, 1206–07 (D.C.2002); Randolph v. ING Life Ins. and Annuity Co., 973 A.2d 702, 706 n. 4 (D.C.2009); Fisher v. Government Emps. Ins. Co., 762 A.2d 35, 38 n. 7 (D.C.2000). Regardless of the words used in different ......
  • Cumis Ins. Soc'y, Inc. v. Clark
    • United States
    • U.S. District Court — District of Columbia
    • 19 Julio 2018
    ...action and such a [breach of fiduciary duty] claim is cognizable under District of Columbia law." (citing Randolph v. ING Life Ins. & Annuity Co., 973 A.2d 702, 709 (D.C. 2009) ) ). And while CUMIS has asserted a claim for breach of fiduciary duty in regard to the same allegations that supp......
  • Request a trial to view additional results
1 firm's commentaries
  • Data Breaches And Litigation: It's The American Way
    • United States
    • Mondaq United States
    • 21 Febrero 2012
    ...and contract claims); Cherny v. Emigrant Bank, 604 F. Supp. 2d 605, 608-09 (S.D.N.Y. 2009); Randolph v. ING Life Ins. & Annuity Co., 973 A.2d 702, 708 (finding that monitoring costs were not compensable); Shafran v. Harley-Davidson, Inc., 2008 U.S. Dist. LEXIS 22494, at *8 (S.D.N.Y. Mar......

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT