Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Brandon Worix, Individually and On Behalf of All Others Similarly v. Medassets

April 24, 2012

BRANDON WORIX, INDIVIDUALLY AND ON BEHALF OF ALL OTHERS SIMILARLY SITUATED, PLAINTIFF,
v.
MEDASSETS, INC. DEFENDANT.



The opinion of the court was delivered by: Matthew F. Kennelly, District Judge:

MEMORANDUM OPINION AND ORDER

Brandon Worix, on behalf of himself and a putative class of similarly situated individuals, has sued MedAssets, Inc. for its alleged failure to implement adequate safeguards to protect his personal information and to notify him properly when a computer hard drive containing that information was stolen. In an earlier decision, the Court dismissed Worix's complaint pursuant to Federal Rule of Civil Procedure 12(b)(6) and gave him the opportunity to submit an amended complaint. See Worix v. MedAssets, Inc., No. 11 C 8088, 2012 WL 787210 (N.D. Ill. Mar. 8, 2012). Worix has filed a combined motion asking the Court to reconsider its dismissal of count one and allow him to amend counts two and three (formerly counts two and four). For the reasons stated below, the Court denies the motion to reconsider and grants in part the motion to amend.

Background

Worix's claims concern the theft from a MedAssets employee's car of a hard drive containing information about him and thousands of other patients of the Cook County Health & Hospitals System. The Court assumes familiarity with the more detailed factual summary in its previous decision. See Worix, 2012 WL 787210, at *1. In that decision, the Court dismissed Worix's claim under the Stored Communications Act (SCA) after concluding that MedAssets' alleged failure to implement certain data-protecting safeguards could not constitute "knowingly divulging" information under the SCA. Id. at *2. The Court also dismissed Worix's claims for negligence and violation of the Illinois Consumer Fraud Act (ICFA), 815 ILCS 505/2, after concluding that his allegations that he is subject to an increased risk of identity theft and must pay for credit monitoring did not constitute compensable injury.

In his proposed amended complaint, Worix alleges that after MedAssets notified him of the theft, he "fell into a state of extreme emotional distress and depression as he worried that the exposure of his personal information would make him vulnerable to identity theft or credit-card theft." Am. Compl. ¶ 17. He alleges that he also "experienced distress over the serious and permanent invasion of his privacy" that "caused him to have problems concentrating during the day and problems sleeping at night." Id. ¶ 18. These problems eventually "prevented him from meeting performance expectations at work, and he was terminated in late 2011 as a result." Id. ¶ 19.

Discussion

A. Motion to reconsider

Worix has moved the Court to reconsider its dismissal of count one. "Motions for reconsideration serve a limited function: to correct manifest errors of law or fact or to present newly discovered evidence." Caisse Nationale de Credit Agricole v. CBI Indus., Inc., 90 F.3d 1264, 1269 (7th Cir. 1996) (internal quotation marks and citation omitted). "A 'manifest error' is not demonstrated by the disappointment of the losing party." Oto v. Metro. Life Ins. Co., 224 F.3d 601, 606 (7th Cir. 2000). Rather, "[i]t is the wholesale disregard, misapplication, or failure to recognize controlling precedent." Id. (internal quotation marks and citation omitted).

In count one, Worix seeks relief under the SCA, which provides that "a person or entity" providing either an "electronic communication service" or a "remote computing service to the public shall not knowingly divulge to any person or entity the contents of a communication" stored or carried on that service. 18 U.S.C. § 2702(a)(1)-(2). In its previous decision, the Court determined that the question of whether information had been "knowingly divulge[d]" should be analyzed according to "the common meaning of knowing conduct[, which] includes willful blindness, but not recklessness or negligence." Worix, 2012 WL 787210 at *3. The Court then concluded that "the failure to take reasonable steps to safeguard data," which was all Worix had alleged, "does not, without more, amount to divulging that data knowingly or with willful blindness." Id. at *4.

Worix argues that the Court erred in dismissing his claim at the pleading stage, because "evidence procured during the discovery phase of this case [may] provide the required proof that MedAssets took deliberate actions to turn a blind eye to the critical security threat created by its lax practices." Pl.'s Mem. at 3. As the Court explained in its previous decision, however, Worix nowhere alleges an actual act by MedAssets that constituted knowing disclosure, only that MedAssets' actions created or contributed to an unacceptable risk that data would be compromised. And the question is whether Worix's allegations are sufficient now, not whether evidence he might later obtain could give rise to a viable claim.

The cases referenced in the Court's decision, despite the fact that they addressed motions for summary judgment rather than dismissal, support this analysis. See Global-Tech Appliances, Inc. v. SEB S.A., 131 S.Ct. 2060, 2070-71 (2011) (comparing "a willfully blind defendant [who] almost can be said to have actually known the critical facts" with "a reckless defendant . . . who merely knows of a substantial and unjustified risk of such wrongdoing"); Freedman v. America Online, Inc., 329 F. Supp. 2d 745, 749 (E.D. Va. 2004) (noting that the SCA requires a plaintiff to show that "defendant was aware, or possessed a firm belief, that his act would result in" disclosure) (emphasis added); Muskovich v. Crowell, No. 3-95-CV-20007, 1996 WL 707008, at *5 (S.D. Iowa Aug. 30, 1996) (finding that employer whose failure to implement safeguards had resulted in data breach did not "knowingly divulge" because "[a]wareness of a 'possibility' does not rise to the level of a 'substantial certainty' required for liability under the [SCA]").

The Seventh Circuit's interpretation of "willful blindness" in other contexts also supports the proposition that conscious awareness of unauthorized disclosure is required, not simply an unjustifiable risk that a defendant's actions will lead to further wrongdoing. See, e.g., United States v. Pedroza, 176 Fed. Appx. 698, 700-01 (7th Cir. 2006) ("[A] court may instruct a jury as to willful blindness when the facts support an inference that the defendant participated in a drug deal but left the scene of the sale to insulate himself from guilty knowledge of the transaction."); Hard Rock Cafe Licensing Corp v. Concession Servs., Inc., 955 F.2d 1143 (7th Cir. 1992) ("To be willfully blind [for purposes of the Lanham Act], a person must suspect wrongdoing and deliberately fail to investigate.").

For these reasons, the Court denies Worix's motion to reconsider its ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.