RLI Insurance Company v. Banks, No. 1:2014cv01108 - Document 35 (N.D. Ga. 2015)

Court Description: ORDER granting in part and denying in part 22 Motion to Dismiss. Signed by Judge Thomas W. Thrash, Jr on 1/27/2015. (ss)

Download PDF
RLI Insurance Company v. Banks Doc. 35 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION RLI INSURANCE COMPANY, Plaintiff, v. CIVIL ACTION FILE NO. 1:14-CV-1108-TWT ELISABETH BANKS, Defendant. OPINION AND ORDER This is an action seeking to prevent the Defendant from retaining and disclosing confidential information. It is before the Court on the Defendant Elisabeth Banks’ Motion to Dismiss [Doc. 22], which is GRANTED in part and DENIED in part. I. Background On May 20, 2013, the Defendant, Elisabeth Banks, began working for the Plaintiff, RLI Insurance Company, as a Claim Examiner/Manager in the Plaintiff’s Atlanta, Georgia, office.1 The Defendant remained employed with the Plaintiff until March 25, 2014, when the Plaintiff terminated the Defendant’s employment for 1 Compl. ¶ 7. T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd Dockets.Justia.com performance related issues.2 The Plaintiff maintains confidential, proprietary, and trade secret information on its computer systems and network.3 In order to protect this data, the computer system is equipped with software called Websense, which prohibits users from accessing certain websites, such as the cloud data storage site, Dropbox.4 Additionally, the Plaintiff maintains a Code of Conduct and Information Protection Policy for all employees, which both require employees to keep the information confidential.5 On January 2, 2014, the Defendant attempted to access Dropbox from the Plaintiff’s computer network, but her access was denied.6 The Defendant then used the Plaintiff’s computer system to research Dropbox alternatives, and at 8:02 P.M. on January 2, 2014, accessed a cloud data storage website called Jottacloud.7 She then uploaded 757 customer claim files and other files containing proprietary information to her personal Jottacloud account between January 2, 2014, and her termination on 2 Id. 3 Id. ¶ 21. 4 Id. ¶¶ 23-24. 5 Id. ¶ 27. 6 Id. ¶ 32. 7 Id. ¶¶ 33, 35. T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd -2- March 25, 2014.8 On March 24, 2014, the Plaintiff specifically revoked the Defendant’s permission to access the computer network, including the files and information therein.9 Roughly twenty minutes after the Plaintiff revoked the Defendant’s access, the Defendant sent an email from her RLI account to her personal account with eighty-eight confidential RLI emails attached.10 The Plaintiff filed its Verified Complaint on April 15, 2014, seeking damages and injunctive relief on various state law grounds as well as under the federal Computer Fraud and Abuse Act (“CFAA”). On April 16, 2014, this Court granted the Plaintiff a temporary restraining order, ordering the Defendant to return all RLI documents in her possession and allow RLI to inspect her Jottacloud account as well as her personal computers, tablets, and other devices. The Defendant now moves to dismiss the Plaintiff’s claims. II. Legal Standard A complaint should be dismissed under Rule 12(b)(6) only where it appears that the facts alleged fail to state a “plausible” claim for relief.11 A complaint may survive 8 Id. ¶ 39. 9 Id. ¶ 41. 10 Id. ¶ 42. 11 Ashcroft v. Iqbal, 129 S. Ct. 1937, 1949 (2009); Fed. R. Civ. P. 12(b)(6). T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd -3- a motion to dismiss for failure to state a claim, however, even if it is “improbable” that a plaintiff would be able to prove those facts; even if the possibility of recovery is extremely “remote and unlikely.”12 In ruling on a motion to dismiss, the court must accept the facts pleaded in the complaint as true and construe them in the light most favorable to the plaintiff.13 Generally, notice pleading is all that is required for a valid complaint.14 Under notice pleading, the plaintiff need only give the defendant fair notice of the plaintiff’s claim and the grounds upon which it rests.15 III. Discussion A. Georgia Trade Secrets Act Preemption of State Law Claims The Defendant moves to dismiss the Plaintiff’s claims for conversion, breach of the duty of loyalty, breach of fiduciary duty, tortious interference, and violation of the Georgia Computer Systems Protection Act (“GCSPA”) as preempted by the 12 Bell Atlantic v. Twombly, 550 U.S. 544, 556 (2007). 13 See Quality Foods de Centro America, S.A. v. Latin American Agribusiness Dev. Corp., S.A., 711 F.2d 989, 994-95 (11th Cir. 1983); see also Sanjuan v. American Bd. of Psychiatry & Neurology, Inc., 40 F.3d 247, 251 (7th Cir. 1994) (noting that at the pleading stage, the plaintiff “receives the benefit of imagination”). 14 See Lombard’s, Inc. v. Prince Mfg., Inc., 753 F.2d 974, 975 (11th Cir. 1985), cert. denied, 474 U.S. 1082 (1986). 15 See Erickson v. Pardus, 551 U.S. 89, 93 (2007) (citing Twombly, 550 U.S. at 555). T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd -4- Georgia Trade Secrets Act (“GTSA”). The GTSA preempts all conflicting state laws providing civil remedies or restitution for the misappropriation of trade secrets.16 The Georgia Supreme Court has held that “[f]or the GTSA to maintain its exclusiveness, a plaintiff cannot be allowed to plead a lesser and alternate theory of restitution simply because the information does not qualify as a trade secret under the act.”17 It is immaterial whether the information at issue qualifies as a trade secret under the GTSA, “[r]ather the key inquiry is whether the same factual allegations of misappropriation are being used to obtain relief outside the GTSA.”18 This Court therefore must address whether the Plaintiff’s state law claims rely upon factual allegations of misappropriation of trade secrets. First, as to the Plaintiff’s claim for conversion, the Complaint clearly alleges that the claim is based on the Defendant’s alleged misappropriation of “Proprietary Information and Consumer Claim Files.”19 The claim for conversion is therefore preempted and should be dismissed. Similarly, the claim for breach of the duty of 16 O.C.G.A. § 10-1-767(a); Robbins v. Supermarket Equip. Sales, 290 Ga. 462, 465 (2012). 17 Robbins, 290 Ga. at 465. 18 Id. at 466-67. 19 Compl. ¶ 66. T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd -5- loyalty is based on misappropriation of the same information,20 and should be dismissed. The claim for breach of fiduciary duty is also based on the misappropriation of confidential information,21 and is therefore preempted and should be dismissed. Finally, the GCSPA claim relies on misappropriation of the confidential information as well,22 and it should be dismissed as preempted. B. Breach of Contract Claim The Defendant moves to dismiss the Plaintiff’s claim for breach of contract, arguing that no contract existed here. As a threshold matter, the Court notes that the claim for breach of contract is not preempted by the GTSA, unlike the Plaintiff’s other state law claims.23 A claim for breach of contract requires a valid contract, material breach of the terms of that contract, and damages arising from the breach.24 The Georgia Court of Appeals has held that violations of employee manuals are generally 20 Id. ¶¶ 75-76. 21 Id. ¶¶ 82-83. 22 Id. ¶ 95. 23 O.C.G.A. § 10-1-767(b)(1) (“This article shall not affect: (1) Contractual duties or remedies, whether or not based upon misappropriation of a trade secret.”). 24 TDS Healthcare Sys. Corp. v. Humana Hosp. Ill., Inc., 880 F. Supp. 1572, 1583 (N.D. Ga. 1995). T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd -6- not actionable as a breach of contract.25 Where the statements in employee manuals are merely expressions of “certain policies and information concerning employment” as opposed to language clearly creating a contract, there can be no action for breach of contract.26 Here, the Plaintiff alleges breaches of the Employee Code of Conduct and the Information Protection Policy – both employee policy manuals.27 These manuals simply contain policies and information concerning employment and therefore do not constitute contracts. The claim for breach of contract should therefore be dismissed. C. CFAA Claim The Defendant moves to dismiss the Plaintiff’s claim for violation of the CFAA on the grounds that the Defendant was authorized to access the information obtained and that the Plaintiff has no damages. The CFAA requires proof that the defendant “intentionally accesses a computer without authorization or exceeds authorized access” and obtains information from any protected computer.28 Additionally, the 25 Ellison v. DeKalb Cnty., 236 Ga. App. 185, 186 (1999). 26 Id. 27 Compl. ¶¶ 58-59. 28 18 U.S.C. § 1030(a)(2)(C). T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd -7- plaintiff must show a loss of at least $5,000 in a one-year period.29 The Plaintiff has alleged facts that, if true, would show that the Defendant accessed a computer without authorization when she accessed her email after her computer privileges were revoked and exceeded her authorization when she uploaded files to Jottacloud.30 The Plaintiff has also pleaded damages exceeding $5,000.31 The Defendant’s motion to dismiss the CFAA claim should therefore be denied. IV. Conclusion For the reasons stated above, the Defendant Elisabeth Banks’ Motion to Dismiss [Doc. 22] is GRANTED in part and DENIED in part. SO ORDERED, this 27 day of January, 2015. /s/Thomas W. Thrash THOMAS W. THRASH, JR. United States District Judge 29 Id. § 1030(c)(4)(A)(i)(I). 30 Compl. ¶¶ 38-39, 41-43. 31 Id. ¶ 103. T:\ORDERS\14\RLI Insurance Company\mtdtwt.wpd -8-

Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.