Baker et al v. G4S Secure Solutions (USA) Inc., No. 4:2018cv00267 - Document 16 (S.D. Ga. 2020)
Court Description: ORDER granting 11 Motion to Dismiss for Lack of Jurisdiction. The Clerk is directed to enter an appropriate judgment of dismissal and close this case. Signed by District Judge R. Stan Baker on 8/28/2020. (pts)
Download PDF
<![CDATA[
Baker et al v. G4S Secure Solutions (USA) Inc. Doc. 16 IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF GEORGIA SAVANNAH DIVISION HAKEEM BAKER, et al., Plaintiffs, CIVIL ACTION NO.: 4:18-cv-267 v. G4S SECURE SOLUTIONS (USA) INC., Defendant. ORDER In this lawsuit, thirty-nine current and former employees of Defendant G4S Secure Solutions (USA), Inc. (“G4S”) allege that the company mishandled their personal information by improperly sharing their social security numbers with other employees and also by misplacing documents containing the information. (Doc. 10.) Plaintiffs claim this conduct constitutes negligence and invasion of privacy, entitling them to damages. (Id.) The case is presently before the Court on Defendant G4S’s Motion to Dismiss, (doc. 11), to which Plaintiffs have filed a Response, (doc. 14), and Defendant, in turn, has filed a Reply, (doc. 15). For the reasons explained more fully below, the Court GRANTS Defendant’s Motion to Dismiss, (doc. 11). BACKGROUND According to the Amended Complaint, all thirty-nine named Plaintiffs are employees of Defendant G4S, which is a security services provider. (Doc. 10, p. 4.) At some undisclosed time, G4S entered into a contract to provide security services on a college campus in Savannah, Georgia. (Id.) “[M]any of the Plaintiffs” had worked for the college’s previous security services provider and were hired by G4S to continue working on the campus as G4S employees. (Id.) As part of Dockets.Justia.com the hiring process for these Plaintiffs (who are not specified by name), G4S requested that each individual provide, among other items, a copy of his or her social security card. (Id.) Plaintiffs assert that G4S had “no policies in place to prevent the release or misappropriation of employee [s]ocial [s]ecurity numbers,” and that G4S requested this information multiple times because it had lost the information. (Id. at pp. 4–5.) Plaintiffs specifically allege that G4S’s employee Billy Knight gave another employee, Bradley Harris, a copy of a 55-page schedule that listed the hours that employees were set to work the week of October 1, 2018. (Id. at p. 5.) For some reason, this schedule also listed each of those employees’ social security numbers. (Id.) Harris—who Plaintiffs allege did not have the right or authority to have the social security information—then took this document home with him, scanned it to his computer, and sent it to eight G4S supervisors using his unsecured private internet connection. (Id.) He also “cause[d] several copies” of the document to be printed and left in patrol cars. (Id.) According to Plaintiffs, these hard copies have disappeared and are believed to have been thrown away. (Id.) Plaintiffs finally claim that, on October 5, 2018, unnamed G4S representatives, including supervisors assigned to the campus and an “account manager” met “to discuss the release for [sic] employee [s]ocial [s]ecurity numbers,” and during the meeting the account manager told the supervisors to “not bring up what happened to everyone’s [s]ocial [s]ecurity numbers,” that “[i]t only went out to supervisors,” and that “[i]t never happened.” (Id. at p. 6.) The Amended Complaint also notes that identity theft is increasing in the United States. (Id.) Plaintiffs filed suit against G4S in Chatham County Superior Court seeking damages for invasion of privacy and for the handling of their social security numbers. (Doc. 1-1, pp. 5–10; 2 doc. 10, pp. 6–7.) G4S removed the case to this Court, (doc.1), and filed its Motion to Dismiss, (doc. 11). 1 Plaintiffs then filed a Response, (doc. 14), and G4S filed a Reply, (doc. 15). STANDARD OF REVIEW Federal Rule of Civil Procedure 8(a)(2) requires a complaint to contain “a short and plain statement of the claim showing that the pleader is entitled to relief.” Fed. R. Civ. P. 8(a)(2). This pleading standard “does not require ‘detailed factual allegations,’ but it demands more than an unadorned, the-defendant-unlawfully-harmed-me accusation.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007)). Where, as here, a defendant brings a motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6), a court must “accept[] the allegations in the complaint as true and constru[e] them in the light most favorable to the plaintiff.” Belanger v. Salvation Army, 556 F.3d 1153, 1155 (11th Cir. 2009) (citing Jackson v. BellSouth Telecomm., 372 F.3d 1250, 1262 (11th Cir. 2004)). “A complaint must state a facially plausible claim for relief, and ‘[a] claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.’” Wooten v. Quicken Loans, Inc., 626 F.3d 1187, 1196 (11th Cir. 2010) (quoting Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009)). “A pleading that offers ‘labels and conclusions’ or a ‘formulaic recitation of the elements of a cause of action’” does not suffice. Iqbal, 556 U.S. at 678 (quoting Twombly, 550 U.S. at 555). “The plausibility standard is not akin to a probability requirement, but it asks for more than a sheer possibility that a defendant has acted unlawfully. Where a complaint pleads facts that are merely consistent with a defendant’s liability, it stops short of the line between possibility and 1 Plaintiffs also filed their Amended Complaint while in Chatham County Superior Court. (Doc. 10.) However, the Amended Complaint was not initially included in the record when Defendant removed the action to this Court. (Doc. 1.) After being ordered by the Court, (doc. 9), Plaintiffs filed a copy of their Amended Complaint on October 2, 2019, (doc. 10). 3 plausibility of entitlement to relief.” Id. (internal punctuation and citation omitted). While a court must accept all factual allegations in a complaint as true, this tenet “is inapplicable to legal conclusions. Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements,” are insufficient. Id. (internal citation omitted). In addition, when a dispositive issue of law allows for no construction of the complaint’s allegation to support the cause of action, dismissal is appropriate. Neitzke v. Williams, 490 U.S. 319, 326 (1989). DISCUSSION G4S argues that Plaintiffs’ Amended Complaint should be dismissed for several reasons. (See generally doc. 11.) First, G4S asserts that the Court does not have subject matter jurisdiction to hear this case because Plaintiffs lack Article III standing. (Id. at pp. 6–9.) Additionally, G4S argues that even if Plaintiffs have Article III standing, dismissal is still appropriate because Plaintiffs have not alleged sufficient facts to adequately plead either their negligence or their invasion of privacy claim. (Id. at pp. 9–15.) For the following reasons, the Court agrees with both arguments and GRANTS Defendant’s Motion to Dismiss. (Doc. 11.) I. Article III Standing G4S asserts that Plaintiffs have failed to allege a concrete and particularized injury, and because of this, they lack Article III standing. (Doc. 11, p. 6.) “[S]tanding is a threshold question that must be explored at the outset of any case.” Corbett v. Transp. Sec. Admin., 930 F.3d 1225, 1232 (11th Cir. 2019). “To satisfy the standing requirement, a plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision.” Debernardis v. IQ Formulations, LLC, 942 F.3d 1076, 1083 (11th Cir. 2019) (internal quotation and citation omitted). In addition, an injury in fact must be both “(a) concrete and particularized and (b) actual or imminent, not conjectural or hypothetical.” Women’s Emergency Network v. Bush, 323 F.3d 937, 943 (11th Cir. 4 2003). “[O]ne cannot merely allege that an injury will be suffered at ‘some time’ in the future.” 31 Foster Children v. Bush, 329 F.3d 1255, 1267 (11th Cir. 2003). Finally, “[t]he plaintiff bears the burden of establishing each element” for Article III standing. Cordoba v. DIRECTV, LLC, 942 F.3d 1259, 1268 (11th Cir. 2019) (citing Lujan v. Defs. of Wildlife, 504 U.S. 555, 561 (1992)). Here, Plaintiffs allege that a scanned document containing their social security numbers 2 was sent over an unsecure internet server to multiple individuals who worked as supervisors for G4S. (Doc. 10, p. 5.) In addition, they assert that a G4S employee printed copies of the document containing their social security numbers and placed them in patrol cars, and that these copies were eventually lost or thrown away. (Id.) Plaintiffs say that they are experiencing “anguish and suffering” because they fear that unknown individuals could obtain and use their social security information to negatively impact their credit ratings and steal their identities. (Id. at pp. 6–7.) G4S argues that these allegations constitute nothing more than a speculative fear that people could find this information and steal their identities, and that this is not a sufficient injury to provide Plaintiffs with standing. (Doc. 11, pp. 6–8.) “[F]uture injury that depends on either the random or unauthorized acts of a third party is too speculative to satisfy standing requirements.” 31 Foster Children, 329 F.3d at 1266. This is exactly the type of injury that Plaintiffs allege here. The Amended Complaint makes no allegation 2 The Amended Complaint, which is far from a paragon of clarity, never actually alleges that each and every one of the thirty-nine named Plaintiffs (and their social security numbers) were included in the document, which is described as disclosing information regarding only those employees who were scheduled to work the week of October 1, 2018. (See generally doc. 11.) The Amended Complaint also does not clearly allege that all of the thirty-nine named Plaintiffs had been employed by the previous security provider and thus were in the group of individuals who were repeatedly asked, during the re-hire process, for their social security information because it had been lost. (Id.) Nonetheless, in an abundance of caution and because their claims fail even if they all fall into either or both of these categories, the Court assumes for purposes of the Motion to Dismiss that all thirty-nine Plaintiffs were rehires whose social security information was “lost” during the on-boarding process and also that all thirty-nine Plaintiffs’ social security numbers were listed on the at-issue scheduling document. 5 that anyone other than G4 employees actually acquired the social security numbers, or that any identity theft occurred that could be linked to the at-issue document. Thus, because Plaintiffs’ only injury is the fear that their social security numbers could be used for identity theft in the future, they are unable to meet the standing requirement. See Irwin v. RBS Worldpay, Inc., No. 1:09-CV-0033-CAP, 2010 WL 11570892, at *3 (N.D. Ga. Feb. 5, 2010) (no standing where plaintiff could only allege the risk of future identity theft and could not allege that some identity theft had already occurred). Plaintiffs cite no cases from the Eleventh Circuit to support their claim that they have standing, and the two cases they cite from other circuits are distinguishable. In Dieffenbach v. Barnes & Noble, Inc., hackers stole customer credit card information from retailer Barnes & Noble. Dieffenbach v. Barnes & Noble, Inc., 887 F.3d 826, 827 (7th Cir. 2018). Several of the customers whose information had been stolen sued Barnes & Noble. Id. The store sought to dismiss the action, asserting that the customers had not suffered an injury, but the United States Court of Appeals for the Seventh Circuit confirmed its position (from prior cases) that “consumers who experience a theft of their data indeed have standing . . . .” Id. at 828. Similarly, in In re Zappos.com, Inc., after their personal information was stolen from online retailer Zappos.com, a group of customers sued Zappos.com for failing to adequately protect their information. In re Zappos.com, Inc., 888 F.3d 1020, 1023 (9th Cir. 2018). The United States Court of Appeals for the Ninth Circuit had to decide whether an alleged “‘imminent’ risk of identity theft or fraud” was a sufficient injury for standing purposes. Id. The Ninth Circuit determined that the customers had standing; however, like in Dieffenbach, this conclusion was based heavily upon the fact that the customer information had actually been stolen and was, thus, in the hands of third parties. Id. at 1027. Unlike the plaintiffs in Dieffenbach and In re Zappos.com, Plaintiffs here have not alleged 6 that anyone has actually stolen or even ended up having possession of their social security numbers. Thus, these cases do not support Plaintiffs’ argument that they have standing. In their Response, Plaintiffs assert—for the first time—that “[g]roups of Plaintiffs, usually four or five of [sic] individuals, have had their [s]ocial [s]ecurity number[s] utilized in attempts to gain . . . cable service through Comcast.” (Doc. 14, p. 1.) Additionally, “several” Plaintiffs allege that their social security numbers were “used in an attempt to purchase an automobile . . . .” (Id.) Plaintiffs do not specify who amongst them has allegedly experienced these attempted uses of their social security numbers. Regardless, “[i]t is a basic principle that the complaint may not be amended by the briefs in opposition to a motion to dismiss . . . .” Thomason v. Nachtrieb, 888 F.2d 1202, 1205 (7th Cir. 1989); see also Wilchombe v. TeeVee Toons, Inc., 555 F.3d 949, 959 (11th Cir. 2009) (“A court's review on a motion to dismiss is ‘limited to the four corners of the complaint.’”) (quoting St. George v. Pinellas Cty., 285 F.3d 1334, 1337 (11th Cir. 2002)). Thus, Plaintiffs’ new allegations cannot help them establish standing. 3 Accordingly, for the reasons given above, the Court GRANTS Defendant’s Motion to Dismiss for lack of Article III standing. II. Plaintiffs’ Negligence Claim Although not explicitly set forth in their Amended Complaint, Plaintiffs seem to assert a negligence claim against G4S. (Doc. 10, pp. 6–7.) They allege that G4S had “no policies in place 3 Plaintiffs never filed a motion to further amend their Amended Complaint with the allegations from their Response brief. As such, the Court is under no obligation to grant them leave to amend. See Burger King Corp. v. Weaver, 169 F.3d 1310, 1318 (11th Cir. 1999) (“Although leave to amend should be liberally granted, a trial court is not required sua sponte to grant leave to amend prior to making its decision.”). However, granting leave to amend is also inappropriate here because even if these new allegations established standing, Plaintiffs’ assertions would still be insufficient to establish a claim for relief, as explained in Discussion Sections II and III, infra. See Dragash v. Fed. Nat’l Mortg. Ass’n, 700 F. App’x 939, 946 (11th Cir. 2017) (per curiam) (“While leave to amend ordinarily should be freely given, a district court need not grant even a pro se plaintiff leave to amend where amendment would be futile.”) (citing Cockrell v. Sparks, 510 F.3d 1307, 1310 (11th Cir. 2007)). 7 to prevent the release or misappropriation” of their social security numbers. (Id. at p. 6.) Furthermore, they assert that G4S sent their private information over the internet in a way that was not secure and also that it did not properly dispose of hard copies of material containing that information. (Id. at pp. 5–6.) In tort actions like this, “Georgia continues to apply the traditional choice of law principles of lex loci delicti.” nVision Global Tech. Sols., Inc. v. Cardinal Health 5, LLC., 887 F. Supp. 2d 1240, 1271 (N.D. Ga. 2012) (internal quotations and citation omitted). “[T]he rule of lex loci delicti [] requires application of the substantive law of the place where the tort or wrong occurred.” Carroll Fulmer Logistics Corp. v. Hines, 710 S.E.2d 888, 890 (Ga. Ct. App. 2011). The parties do not dispute that the events giving rise to this action took place in the state of Georgia. Thus, Plaintiffs’ claim for negligence—to the extent they intended to assert one—is governed by Georgia law. In Georgia, “[t]he essential elements of a negligence claim are the existence of a legal duty; breach of that duty; a causal connection between the defendant’s conduct and the plaintiff’s injury; and damages.” Seymour Elec. and Air Conditioning Serv., Inc. v. Statom, 710 S.E.2d 874, 877 (Ga. Ct. App. 2011). Thus, the threshold issue is whether G4S owed a duty to Plaintiffs to protect their information. “The existence of a legal duty is a question of law for the court.” Rasnick v. Krishna Hosp., Inc., 713 S.E.2d 835, 837 (Ga. 2011). The Supreme Court of Georgia recently grappled with whether Georgia law imposes an independent duty to “safeguard and protect . . . personal information.” Dep’t of Labor v. McConnell, 828 S.E.2d 352, 358 (Ga. 2019). In that case, the Georgia Department of Labor created a spreadsheet that included the social security numbers of individuals who had applied for unemployment benefits. Id. at 356. Sometime after the spreadsheet was compiled, a Department employee accidently emailed it to approximately 1,000 recipients. Id. There was no indication, 8 however, that any identity theft or resulting unauthorized charges had occurred. Id. The plaintiff, whose information had been in the email, sued the Department for, among other things, negligence. Id. He “alleged that the Department owed a duty to [him] and [to] proposed class members to safeguard and protect their personal information,” a duty he claimed was “based on a purported common law duty ‘to all the world not to subject [others] to an unreasonable risk of harm.’” Id. at 358 (quoting Bradley Ctr., Inc. v. Wessner, 296 S.E.2d 693, 695 (Ga. 1982)). The Georgia Supreme Court, however, explained that the language the plaintiff was relying on from a prior case, Bradley Center, Inc., was “not a correct statement of the law” and the court clarified that no such duty exists under Georgia law. Id. In addition, the Court examined two Georgia statutes— O.C.G.A. §§ 10-1-910 and 10-1-393.8—and found that neither created “a duty to protect . . . information against negligent disclosure.” 4 Id. As a result, the Georgia Supreme Court held that the plaintiff’s complaint had been appropriately dismissed for failure to state a claim. Id. Plaintiffs’ allegations here fall squarely within the reasoning of McConnell. At best, the Amended Complaint asserts that G4S mishandled Plaintiffs’ social security numbers, creating the possibility that they could be stolen and misused. Thus, even if a jury could find that G4S’s conduct was negligent, it is irrelevant because, under McConnell, G4S did not have a duty to 4 Under O.C.G.A. § 10-1-393.8(a)(1), a “corporation shall not [p]ublicly post or publicly display in any manner an individual’s social security number.” O.C.G.A. § 10-1-393.8(a)(1). The Georgia Supreme Court held that this language did not create a duty to prevent negligent disclosures of social security numbers— the only conduct at issue in the case before it—but assumed without deciding that the statute “create[d] a duty enforceable in tort to refrain from intentionally disclosing social security numbers . . . .” McConnell, 828 S.E.2d at 816. Here, the Amended Complaint does say that one G4S employee, Billy Knight, provided the document containing the social security numbers to Bradley Harris (another G4S employee), and that Harris in turn distributed the information to eight G4S supervisors (and also may have printed copies and placed them in patrol cars). (Doc. 10, p. 5.) While this conduct indicates that G4S employees intentionally provided the social security numbers to others, the Amended Complaint also states that those provided with the information were also G4S employees. The plain language of the statute is clear that “‘publicly post’ or ‘public display’ means to intentionally communicate or otherwise make available to the general public.” O.C.G.A. § 10-1-393.8(a)(1). Thus, any potential claim Plaintiffs may have under this statute also fails as the Amended Complaint only alleges that G4S employees shared the social security numbers with other employees and not the general public. 9 protect Plaintiffs’ information against negligent disclosure. Accordingly, even if Plaintiffs have standing and intended to assert a negligence claim, the claim is subject to dismissal as a matter of law. III. Plaintiffs’ Invasion of Privacy Claim Plaintiffs also allege that G4S “is liable to [them] for the invasion of their privacy.” (Doc. 10, p. 6.) In addition, the Amended Complaint states that “[t]his invasion is highly offensive to any reasonable person.” (Id.) Under Georgia law, there are four disparate torts under the common name of invasion of privacy. These four torts may be described briefly as: (1) intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs; (2) public disclosure of embarrassing private facts about the plaintiff; (3) publicity which places the plaintiff in a false light in the public eye; and (4) appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness. Bullard v. MRA Holding, LLC, 740 S.E.2d 622, 626 (Ga. 2013) (citation omitted). The Amended Complaint does not specify which of these tort claims Plaintiffs intend to assert against G4S. However, Plaintiffs’ allegations could, at best, fit only into the second category. To adequately plead a claim for public disclosure of embarrassing private facts, a plaintiff must allege that “(a) the disclosure of private facts [was] a public disclosure; (b) the facts disclosed to the public [were] private, secluded or secret facts and not public ones; [and] (c) the matter made public [was] offensive and objectionable to a reasonable man of ordinary sensibilities under the circumstances.” Cottrell v. Smith, 788 S.E.2d 772, 786 (Ga. 2016) (quoting Cabaniss v. Hipsley, 151 S.E.2d 496, 501 (Ga. Ct. App. 1966)). Plaintiffs fail to meet this burden. First, Plaintiffs only allege that G4S handled their social security information in a way that increased the likelihood of someone stealing it; they do not allege that the company actually made the material public. Because the Amended Complaint asserts that only a small number of G4S employees received the social security numbers, it cannot satisfy the first element. See 280 10 Partners, LLC v. Bank of N. Ga., 835 S.E.2d 377, 383 (Ga. Ct. App. 2019) (reiterating prior holding that “‘to communicate a fact concerning the plaintiff’s private life to a single person or even to a small group of persons’ is not sufficient to constitute a public disclosure”) (quoting Mayor & City Council of Richmond Hill v. Maia, 784 S.E.2d 894, 904 (Ga. Ct. App. 2016) (quoting Restatement of Torts 2d, § 652D (comment a)), rev’d on other grounds by City of Richmond Hill v. Maia, 800 S.E.2d 573 (Ga. 2017)). In addition, Plaintiffs cannot satisfy the third element because social security numbers are not “offensive and objectionable” information. See Cumberland Contractors, Inc. v. State Bank & Tr. Co., 755 S.E.2d 511, 517–18 (Ga. Ct. App. 2014) (publishing social security numbers does not constitute “disclos[ure of] embarrassing private facts”); McConnell, 828 S.E.2d at 360 (allegations that social security numbers were published do “not state a claim here because the matters disclosed were not offensive and objectionable”). Because Plaintiffs cannot satisfy these elements of the tort, their claim must fail. Therefore, even if the Plaintiffs have standing to assert an invasion of privacy claim, the claim is subject to dismissal on the ground that Plaintiffs have not alleged that G4S communicated offensive and objectionable information to the public. 5 5 In their Amended Complaint, Plaintiffs also seek punitive damages. (Doc. 10, p. 7.) “Punitive damages may be awarded only in such tort actions in which it is proven by clear and convincing evidence that the defendant's actions showed willful misconduct, malice, fraud, wantonness, oppression, or that entire want of care which would raise the presumption of conscious indifference to consequences.” O.C.G.A. § 51-125.1(b). As the Court has dismissed both Plaintiffs’ negligence and invasion of privacy claims, their punitive damages claim should be dismissed as well. See Mann v. Taser Int’l, Inc., 588 F.3d 1291, 1304 (11th Cir. 2009) (“A punitive damages claim is derivative of a plaintiff’s tort claim, and where a court has dismissed a plaintiff’s underlying tort claim, dismissal of a plaintiff’s punitive damages claim is also required.”). Accordingly, the Court DISMISSES Plaintiffs’ punitive damages claim. 11 CONCLUSION In light of the foregoing, the Court GRANTS Defendant G4S Secure Solutions (USA) Inc.’s Motion to Dismiss. (Doc. 11.) The Court DIRECTS the Clerk of Court to enter an appropriate judgment of dismissal and to CLOSE this case. SO ORDERED, this 28th day of August, 2020. R. STAN BAKER UNITED STATES DISTRICT JUDGE SOUTHERN DISTRICT OF GEORGIA 12
]]>
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You
should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
