Stevens v. First Interstate Bank

• Decision Date: 17 May 2000
• Citation: 167 Or. App. 280,999 P.2d 551
• Parties: Stanley D. and Harriet A. STEVENS, husband and wife, Appellants, v. FIRST INTERSTATE BANK OF CALIFORNIA, Respondent, and First Interstate Bank of Oregon and Stanley C. Stevenson, Defendants.
• Court: Oregon Court of Appeals

999 P.2d 551

167 Or. App. 280

Stanley D. and Harriet A. STEVENS, husband and wife, Appellants, v.FIRST INTERSTATE BANK OF CALIFORNIA, Respondent, andFirst Interstate Bank of Oregon and Stanley C. Stevenson, Defendants.

(9704-02891; CA A102117)

Court of Appeals of Oregon.

Argued and Submitted September 24, 1999.

Decided May 17, 2000.

Phil Goldsmith argued the cause for appellants.With him on the briefs was Cecil B. Strange, Portland.

Thomas W. Sondag, Portland, argued the cause for respondent.With him on the brief was Lane Powell Spears Lubersky LLP.

Before De MUNIZ, Presiding Judge, and HASELTON and WOLLHEIM, Judges.

HASELTON, J.

Plaintiffs appeal from a summary judgment dismissing their claim for "breach of confidentiality," which sought emotional distress damages against defendant, First Interstate Bank of California (FICAL).That claim arises from FICAL's alleged failure to protect from third-party misappropriation and wrongful use certain personal and credit information that plaintiffs had provided to their bank.We conclude that plaintiffs' claim is not properly for "breach of confidentiality" and that, to the extent that plaintiffs' claim is properly characterized as one for negligent infliction of emotional distress, the relationship between plaintiffs, as depositors, and the defendant bank does not give rise to the sort of separate "legally protected interest" necessary to support such a claim.Accordingly, we affirm.

For purposes of summary judgment, the material facts are uncontroverted.Plaintiffs, husband and wife, maintained checking accounts with First Interstate Bank of Oregon (FIOR).In connection with those accounts, FIOR required plaintiffs to disclose to it certain private and confidential information, including social security numbers and dates of birth.

On June 27, 1994, FICAL, an affiliate of FIOR, hired Stanley C. Stevenson as a collector in its credit card department.Stevenson had a criminal conviction for grand theft.However, Stevenson lied and failed to disclose that conviction in completing FICAL's employment application, which specifically asked whether the applicant had ever been convicted of a criminal offense involving dishonesty or breach of trust.After Stevenson began work, FICAL, in accordance with bank policy and procedure, forwarded Stevenson's fingerprints to the FBI for a background check.

Between his hiring and early October 1994, Stevenson, through his job, had access to the shared customer database of FIOR and FICAL.Through that database, Stevenson gained access to plaintiffStanley Stevens's private and confidential information.Stevenson used that information to procure numerous charge cards and loans.

On October 3, 1994, three months after Stevenson began working, FICAL received a report from the FBI that disclosed Stevenson's prior grand theft conviction.FICAL promptly suspended and then terminated Stevenson because of his access to records with the "potential for * * * finding information that's not appropriate."

As a consequence of Stevenson's misappropriation and misuse of Stanley Stevens's "credit identity" in fraudulent credit-related transactions, plaintiffs were subject to collection calls for debts that they did not owe.They had to expend considerable effort to clear and correct their credit record and reputation.Although plaintiffs did not incur any monetary obligation as a result of Stevenson's activities, they suffered anxiety, embarrassment, and distress.

In April 1997, plaintiffs filed this action, naming as defendants Stevenson, FICAL, and FIOR.In February 1998, plaintiffs filed their operative second amended complaint against Stevenson and FICAL.¹That complaint did not allege that Stevenson had acted within the course and scope of his employment with FICAL in misappropriating and disclosing plaintiffs' personal and credit information.Rather, the complaint alleged that Stevenson, individually, had committed a trespass² and that FICAL was liable for "breach of confidentiality":

"15.FICA[L] had a duty to protect the private and confidential information concerning plaintiffs that was contained in its computer data base of customer information.

"16.FICA[L] breached that duty by hiring Stevenson and either:

"(a).Allowing him access to its computer data base of customer information, including the private and confidential information which plaintiffs were required to disclose to [the bank], without first having conducted a reasonable investigation of Stevenson's criminal records history or

"(b).Not adequately protecting such private and confidential information from being accessed by unauthorized employees such as Stevenson."(Emphasis added.)

Plaintiffs alleged that they had suffered emotional distress and anxiety and, consequently, sought to recover compensatory damages of $60,000 for Harriett Stevens and $90,000 for Stanley Stevens.

Two related aspects of plaintiffs' claims are central to our analysis and bear immediate emphasis.First,plaintiffs' "breach of confidentiality" claim against FICAL alleges direct liability, not vicarious liability for Stevenson's conduct.Second, and concomitantly, plaintiffs' claim against FICAL is not based on Stevenson's use and disclosure of their information, but on FICAL's failure to protect that information from wrongful appropriation by third parties.

FICAL answered and, on February 13, 1998, moved for summary judgment against plaintiffs' claim for breach of confidentiality.Before the court ruled on that motion, plaintiffs moved for leave to amend their complaint to seek punitive damages from FICAL for breach of confidentiality.That matter was deferred pending the disposition of the summary judgment motion.

In March 1998, the trial court granted FICAL's summary judgment motion, concluding that plaintiffs did not have a "claim at all for breach of confidentiality."The court explained:

"It doesn't make any sense to me; okay?* * * Here's what I'm saying: The bank has a contractual duty of confidentiality, as far as I'm concerned.* * * Now, if they are negligent, then they have some other duty.Part of negligence is a duty.But it isn't a duty to confidentiality, it's a duty to hire competent people who don't steal from their customers.That's the duty that you're saying they breached."

Alternatively, the court stated that, even if it had concluded that plaintiffs had stated a tort-based claim for breach of confidentiality, it would have granted FICAL's motion on grounds that emotional distress damages were insufficient to sustain plaintiffs' claim.Specifically, the court stated that it would have granted FICAL's motion on grounds that "the kind of special relationship that creates [liability for emotional distress damages], or the kind of societal harm" necessary to recover solely for emotional distress damages was not present.Accordingly, the court entered an ORCP 67 B judgment for FICAL.That, in turn, rendered moot plaintiffs' motion to amend to seek punitive damages.This appeal followed.³

On appeal, plaintiffs raise two assignments of error: (1)The trial court erred in concluding that plaintiffs' claim against FICAL was insufficient in that it failed to state a claim for breach of confidentiality and, alternatively, that plaintiffs' claim, even if otherwise sufficient, did not support recovery of emotional distress damages only.(2)The court erred in denying plaintiffs' motion to amend to seek punitive damages.As described below, we affirm the trial court with respect to the first assignment of error.That disposition obviates the second assignment.

Before addressing the merits, we clarify and emphasize the issue presented here.In that regard, it is useful to identify what this case is not about.As framed by plaintiffs' pleadings and the parties' summary judgment submissions, this case does not involve: (a) a bank's (or its agent's) affirmative disclosure or misappropriation of a customer's personal or credit information; (b) a bank's failure to protect information provided to it as a trustee, in the course of a lending relationship, or in reliance on, and pursuant to, an express promise of protection; or (c) a claim for damages other than emotional distress damages.Rather, the issue presented here is precise: Where a third party misappropriates personal or credit information that a depositor had provided to a bank, and that misappropriation is the result of the bank's failure to adequately protect the information from such misappropriation, is the bank liable for the depositor's resulting emotional distress?

With the issue properly so described, it is apparent that—whatever plaintiffs' claim against FICAL may be—it is not a claim for "breach of confidentiality."The gravamen of the tort of breach of confidentiality,⁴ in Oregon and nationally, is the affirmative disclosure of information by a person to whom the confidential information has been entrusted.SeeHumphers v. First Interstate Bank,298 Or. 706, 717-19, 696 P.2d 527(1985);Note, Breach of Confidence: An Emerging Tort, 82 Colum.L.Rev. 1429(1982).As noted, this case is not about FICAL's affirmative disclosure of information.Rather, it is about the bank's alleged failure to protect information provided to it by a depositor from misappropriation by a bank employee acting outside the scope of his employment.Plaintiffs identify no authority— and we have found none—that expands the tort to impose liability where the defendant has not affirmatively disclosed the "entrusted" or "confidential" information.We decline to do so.SeeHumphers,298 Or. at 718,696 P.2d 527(referring to a breach of confidence as the "legal duty not to speak").

That does not, however, end our inquiry.Plaintiffs' claim, even if misdenominated, could, nevertheless, withstand summary judgment if it could otherwise support the recovery of emotional distress damages only.Cf.Curtis v. MRI Imaging Services II,327 Or. 9, 13-14,...