{"id":788,"date":"2023-09-05T13:12:16","date_gmt":"2023-09-05T17:12:16","guid":{"rendered":"https:\/\/blogs.duanemorris.com\/classactiondefense\/?p=788"},"modified":"2023-09-05T16:43:56","modified_gmt":"2023-09-05T20:43:56","slug":"arizona-federal-court-grants-pest-control-companys-motion-to-dismiss-data-breach-class-claims","status":"publish","type":"post","link":"https:\/\/blogs.duanemorris.com\/classactiondefense\/2023\/09\/05\/arizona-federal-court-grants-pest-control-companys-motion-to-dismiss-data-breach-class-claims\/","title":{"rendered":"Arizona Federal Court Grants Pest Control Company\u2019s Motion To Dismiss Data Breach Class Claims"},"content":{"rendered":"<p class=\"DMBdyTxt\"><b><a href=\"http:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/09\/data.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-790 alignleft\" src=\"http:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/09\/data-300x157.jpg\" alt=\"\" width=\"300\" height=\"157\" srcset=\"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/09\/data-300x157.jpg 300w, https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/09\/data-768x403.jpg 768w, https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/09\/data.jpg 917w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a>By Gerald L. Maatman, Jr., Jennifer A. Riley, and George J. Schaller<\/b><\/p>\n<p class=\"DMBdyTxt\"><b><i>Duane Morris Takeaways<\/i>:<i> <\/i><\/b><i>In Gannon v. Truly Nolen of America Inc., No. 22-CV-428 (D. Ariz. Aug. 31, 2023), Judge James Soto of the U.S. District Court for the District of Arizona <a href=\"http:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/09\/1717000-1717600-gannon-dismissal-order.pdf\">granted <\/a><\/i><i>Defendant\u2019s motion to dismiss with prejudice on negligence, breach of contract, and consumer fraud claims related to a data breach class action. For companies facing data breach claims in class actions, this decision is instructive in terms of how courts consider cognizable damages, especially when damages allegations are inadequately plead.<\/i><\/p>\n<p class=\"DMBdyTxt\"><b>Case Background<\/b><\/p>\n<p class=\"DMBdyTxt\">Defendant Truly Nolen of America Inc. (\u201cDefendant\u201d or the \u201cCompany\u201d), is an Arizona corporation that provides pest control services across the United States and in 30 countries around the world.\u00a0 <i>Id.<\/i> at 2.\u00a0 The Company experienced a data breach between April 29, 2022 and May 11, 2022.\u00a0 On May 11, 2022, the Company learned the breach occurred and identified personally identifiable information (\u201cPII\u201d) and personal health information (\u201cPHI\u201d) that was compromised.\u00a0 <i>Id. <\/i>\u00a0In August of 2022, Defendant sent notice letters to individuals whose data may have been compromised.\u00a0 <i>Id.\u00a0\u00a0 <\/i><\/p>\n<p class=\"DMBdyTxt\">The Named Plaintiff, Crystal Gannon (\u201cPlaintiff\u201d), alleged that she received her notice letter regarding the data breach in August of 2022.\u00a0 <i>Id.<\/i> at 3.\u00a0 In her First Amended Complaint (\u201cFAC\u201d), Plaintiff sought to represent two proposed classes of plaintiffs, including one for a Nationwide Class and one for an Arizona Sub-class, related to the data breach.\u00a0 <i>Id.<\/i> <i><\/i><\/p>\n<p class=\"DMBdyTxt\">Plaintiff alleged numerous claims such as negligence, invasion of privacy, breach of implied contract, breach of the implied covenant of good faith and fair dealing, and violation of the Arizona Consumer Fraud Act (\u201cFraud Act\u201d).\u00a0 <i>Id. <\/i>\u00a0In response, Defendant filed a motion to dismiss on the grounds that Plaintiff\u2019s case was without basis and the entire case was subject to dismissal.\u00a0 <i>Id.<\/i><\/p>\n<p class=\"DMBdyTxt\"><b>The Court\u2019s Decision<\/b><\/p>\n<p class=\"DMBdyTxt\">The Court held that there was no valid basis for Plaintiff\u2019s negligence claim.\u00a0 <i>Id.<\/i> at 4.\u00a0 Plaintiff argued that the Health Insurance Portability and Accountability Act (\u201cHIPAA\u201d) and the Federal Trade Commission Act (\u201cFTCA\u201d) created a duty in Arizona from which relief could be sought.\u00a0 <i>Id. <\/i>\u00a0The Court disagreed. It found that neither the HIPAA nor the FTCA provided a private right of action.\u00a0 <i>Id.<\/i>\u00a0 The Court reasoned that \u201c[p]ermitting HIPAA to define the \u2018duty and liability for breach is no less than a private action to enforce HIPAA, which is precluded.\u2019\u201d\u00a0 <i>Id.<\/i>\u00a0 The Court applied the same logic to the FTCA.\u00a0 <i>Id. <\/i><\/p>\n<p class=\"DMBdyTxt\">On negligence damages, the Court held that Plaintiff\u2019s FAC failed \u201cto show identity theft or loss in continuity of healthcare of any class members \u2013 only the possibility of each.\u201d\u00a0 <i>Id. <\/i>\u00a0Under Arizona law, negligence damages require more than merely a threat of future harm, and on their own, threats of future harm are not cognizable negligence injuries.\u00a0 <i>Id. <\/i>4-5.\u00a0 Similarly, as to out-of-pocket expenses, the Court opined that Plaintiff failed to demonstrate that her expenses were necessary because she did not properly show that Defendant\u2019s identity monitoring services were inadequate.\u00a0 <i>Id. <\/i>at 5.\u00a0 Finally, the Court recognized that merely alleging a diminution in value to somebody\u2019s PII or PHI was insufficient.\u00a0 <i>Id.<\/i>\u00a0 Therefore, the Court dismissed Plaintiff\u2019s negligence claims.<\/p>\n<p class=\"DMBdyTxt\">Turning to Plaintiff\u2019s breach of contract claims, the Court determined that Plaintiff did not show cognizable damages, a reasonable construction for the terms of the contract, or consideration for the existence of an implied contract.\u00a0 <i>Id.<\/i> at 6. The Court held that Plaintiff\u2019s FAC allegations only reflected speculative damages and did not allege proof of real damages.\u00a0 <i>Id. <\/i>at 5.\u00a0 The Court opined that Plaintiff\u2019s \u201cvaguely pleaded\u201d contract terms failed to show any language that would inform the terms of the agreement and Plaintiff did not point to any conduct or circumstances from which the terms could be determined.\u00a0 <i>Id. <\/i>at 5-6.\u00a0 Finally, the Court determined that even if Defendant had an obligation to protect the data at issue, such pre-existing obligations did not serve as consideration for a contract.\u00a0 <i>Id. <\/i>\u00a0Therefore, the Court dismissed all breach of implied contract claims.\u00a0 <i>Id. <\/i><\/p>\n<p class=\"DMBdyTxt\">On the claim for breach of the implied covenant of good faith and fair dealing, Plaintiff argued that Defendant breached by failing to maintain adequate computer systems and data security practices, failed to timely and adequately disclose the data breach, and inadequately stored PII and PHI.\u00a0 Because Plaintiff failed to show an enforceable promise, the Court held there could be no breach, and all claims for breach of the implied covenant of good faith and fair dealing were dismissed.\u00a0 <i>Id. <\/i>at 6.<\/p>\n<p class=\"DMBdyTxt\">The Court also dismissed Plaintiff\u2019s Fraud Act claims because Plaintiff failed to show cognizable damages.\u00a0 <i>Id. <\/i>at 7.\u00a0 The Court reasoned \u201c[p]laintiff cannot simply argue that the system is inadequate because a negative result occurred.\u201d\u00a0 <i>Id.<\/i>\u00a0 The Court also reasoned that Plaintiff failed to demonstrate that Defendant\u2019s security was inadequate when compared to other companies or any set of industry standards. <i>Id.<\/i>\u00a0 As to Plaintiff\u2019s privacy claims, the Court held that there were no cognizable claims for invasion of privacy or breach of privacy, and Plaintiff did not dispute these claims in her response.\u00a0 <i>Id.<\/i><\/p>\n<p class=\"DMBdyTxt\">Accordingly, the Court granted Defendant\u2019s motion to dismiss as to all claims, denied Plaintiff leave to amend her complaint, and dismissed the case with prejudice. <i>Id. <\/i><\/p>\n<p class=\"DMBdyTxt\"><b>Implications For Companies<\/b><\/p>\n<p class=\"DMBdyTxt\">Companies confronted with data breach lawsuits should take note that the Arizona federal court in <i>Gannon <\/i>relied heavily on inadequately pleaded allegations in considering cognizable damages for purposes of granting Defendant\u2019s motion to dismiss. Further, from a practical standpoint, companies should carefully evaluate pleadings for insufficient or speculative assertions on damages.<\/p>\n<p class=\"DMBdyTxt\">\n","protected":false},"excerpt":{"rendered":"<p>By Gerald L. Maatman, Jr., Jennifer A. Riley, and George J. Schaller Duane Morris Takeaways: In Gannon v. Truly Nolen of America Inc., No. 22-CV-428 (D. Ariz. Aug. 31, 2023), Judge James Soto of the U.S. District Court for the District of Arizona granted Defendant\u2019s motion to dismiss with prejudice on negligence, breach of contract, &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blogs.duanemorris.com\/classactiondefense\/2023\/09\/05\/arizona-federal-court-grants-pest-control-companys-motion-to-dismiss-data-breach-class-claims\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Arizona Federal Court Grants Pest Control Company\u2019s Motion To Dismiss Data Breach Class Claims&#8221;<\/span><\/a><\/p>\n","protected":false},"author":575,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[91],"tags":[],"ppma_author":[7,9,96],"class_list":["post-788","post","type-post","status-publish","format-standard","hentry","category-data-breach-class-actions"],"authors":[{"term_id":7,"user_id":575,"is_guest":0,"slug":"gmaatman","display_name":"Gerald L. Maatman, Jr.","avatar_url":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2022\/09\/maatmangerald-100x100.jpg","author_category":"","last_name":"Maatman Jr.","first_name":"Gerald L.","job_title":"","user_url":"https:\/\/www.duanemorris.com\/attorneys\/geraldmaatman.html","description":"<a href=\"https:\/\/www.duanemorris.com\/attorneys\/geraldmaatman.html\">Read Gerald's bio.<\/a>"},{"term_id":9,"user_id":576,"is_guest":0,"slug":"jariley","display_name":"Jennifer A. Riley","avatar_url":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/08\/rileyjennifer-100x100.jpg","author_category":"","last_name":"Riley","first_name":"Jennifer A.","job_title":"","user_url":"https:\/\/www.duanemorris.com\/attorneys\/jenniferriley.html","description":"<a href=\"https:\/\/www.duanemorris.com\/attorneys\/jenniferriley.html\">Read Jennifer's bio.<\/a>"},{"term_id":96,"user_id":655,"is_guest":0,"slug":"gschaller","display_name":"George Schaller","avatar_url":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2023\/07\/schallergeorge-100x100.jpg","author_category":"","last_name":"Schaller","first_name":"George","job_title":"","user_url":"https:\/\/www.duanemorris.com\/attorneys\/georgeschaller.html","description":"<A HREF=\"https:\/\/www.duanemorris.com\/attorneys\/georgeschaller.html\">Read George's Bio<\/a>"}],"_links":{"self":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/posts\/788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/users\/575"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/comments?post=788"}],"version-history":[{"count":0,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/posts\/788\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/media?parent=788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/categories?post=788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/tags?post=788"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/ppma_author?post=788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}