United States District Court, N.D. Illinois, Eastern Division
MEMORANDUM OPINION & ORDER
Castillo, Chief Judge.
Dolmage ("Plaintiff) filed this action against Combined
Insurance Company of America ("Defendant") alleging
breach of contract for failing to keep her personal
information private. (R. 36, Am. Compl.) Presently before the
Court is Defendant's motion for summary judgment. (R.
141, Mot.) For the reasons stated below, the motion is
following facts are undisputed unless otherwise stated.
Plaintiff is a citizen of Missouri, (R. 149, Pl.'s Resp.
to Facts ¶ 1.) In early 2011, she applied for and was
issued supplemental insurance coverage by Defendant, an
insurance company headquartered in Illinois. (Id.
¶¶ 1-2.) At that time, Plaintiff was employed by
the department store Dillard's and lived and worked in
Iowa. (Id. ¶ 1.) From 2009 to 2011, Defendant
offered a variety of insurance products to Dillard's
employees, including group or individual supplemental
insurance policies underwritten by Defendant, group insurance
products underwritten by ACE American Insurance Company
("ACE"), and various medical, vision and dental
insurance products underwritten by third parties.
(Id. ¶ 8.) During this period, Defendant
administered the open enrollment period for Dillard's
each year, during which time Dillard's employees could
enroll in the various products offered by Defendant.
(Id. ¶ 9.) Defendant used a third-party vendor,
Enrolltek, to provide enrollment services for Dillard's
employees who enrolled in an ACE-underwritten product offered
by Defendant. (Id. ¶ 22.)
about April 18, 2011, Plaintiff placed a telephone call to
Defendant's representatives to apply for certain
insurance benefits. (Id. ¶ 10.) Specifically,
Plaintiff applied for and obtained a supplemental life
insurance policy underwritten by Defendant. (Id.
¶ 11.) Shortly thereafter, Defendant mailed Plaintiff a
package containing the policy and various other
"fulfillment materials." (Id. ¶ 12.)
The fulfillment materials consisted of 15 different
documents, including a cover letter, a brochure with
instructions for using Defendant's website to manage
account information, an accelerated payment rider, Plaintiffs
completed application for life insurance coverage, several
blank forms, and-at issue here-a document entitled, "Our
Privacy Pledge To You" ("Privacy Pledge").
(Id., ¶ 13.) The Privacy Pledge makes certain
statements about the handling of insureds' personal data,
including as follows:
We want you to know that we maintain physical, electronic,
and procedural safeguards that comply with federal
regulations to guard your personal information. And, we
restrict access to your personal information to those
employees who need to know such information.
Sometimes, we may share your information with other
companies affiliated with [Defendant], particularly if they
support our efforts to provide you with service and product
[I]f we do provide your information to any party outside of
[Defendant] we require them to abide by the same privacy
standards as indicated here.
(R. 150, Def.'s Resp. to Add'l Facts ¶ 1
(emphasis in original.) Defendant sends the Privacy Pledge to
all new enrollees, although the parties dispute whether it is
technically part of the insurance policy. (R. 149,
Pl.'s Resp. to Facts ¶ 20.)
policy mailed to Plaintiff includes the following definition:
"Policy means this policy with any attached
application(s), and any riders and endorsements[.]"
(Id. ¶ 14.) The policy further provides:
"The policy is a legal contract. It is the entire
contract between you and us. Any change to it must be in
writing and approved by us. Only our President or one of our
Vice-Presidents can give our approval." (Id.;
R. 150, Def.'s Resp. to Add'l Facts ¶ 2.) The
policy also includes a table of contents, which states at the
bottom, "A copy of the application and any riders and
endorsements follow page 17." (R. 149, Pl.'s Resp.
to Facts ¶ 15.) Following page 17 are various documents,
including the Privacy Pledge. (Id. ¶ 13.) Some
of the fulfillment materials Plaintiff received contain the
following disclaimer: "THIS IS A PROPOSAL AND IS NOT
PART OF THE INSURANCE CONTRACT." (R. 150, Def.'s
Resp. to Add'l Facts ¶ 5.) The Privacy Pledge does
not contain such a statement. (Id.)
March 2012, after Plaintiff applied for and obtained her
insurance policy, Defendant's third-party vendor,
Enrolltek, placed two files containing the personal
information of Plaintiff and other Dillard's employees
and their dependents on an unsecured location on
Enrolltek's website. (R. 149, Pl.'s Resp. to Facts
¶ 23.) These files were readily available online through
a routine internet search from March 2012 until early July
2013. (R. 150, Def.'s Resp. to Add'l Facts ¶ 3.)
The data was later taken down from Enrolltek's website,
although the parties dispute whether Defendant acted quickly
enough when it learned that the data was unsecured. (R. 149,
Pl.'s Resp. to Facts ¶ 24.) In July 2013, Defendant
notified affected individuals, including Plaintiff, that
their data may have been compromised and offered them free
credit monitoring services and other protections.
(Id.) A fraudulent tax return was filed with the
Internal Revenue Service in Plaintiffs name for tax year 2013
by unknown identity thieves. (R. 150, Def.'s Resp. to
Add'l Facts ¶ 4.)
2014, Plaintiff filed this action on behalf of herself and a
putative class of similarly situated individuals alleging a
host of federal and state law claims. (R. 1, Compl.) After
two rounds of motions to dismiss, various amendments to the
pleadings, and two substantive opinions from this Court, what
is left of the case is one claim for breach of contract
premised on Defendant's alleged breach of the Privacy
Policy. See Dolmage v. Combined Ins. Co. of Am., No.
14 C 3809, 2016 WL 754731, at *4-6 (N.D. Ill. Feb. 23, 2016).
November 2016, Plaintiff moved for class certification. (R.
111, Pl.'s Mot. for Class Cert.) The Court denied the
motion, finding that the requirements of Federal Rule of
Civil Procedure 23 were not satisfied. Dolmage v.
Combined Ins. Co. of Am., No. 14 C 3809, 2017 WL
1754772, at *3-10 (N.D. Ill. May 3, 2017). Plaintiff filed a
petition with the U.S. Court of Appeals for the Seventh
Circuit seeking leave to appeal under Rule 23(f), but the
petition was denied. (R. 137, 7th Cir. Order.)
August 2017, Defendant filed the present motion seeking
summary judgment on Plaintiffs remaining claim. (R. 141,
Mot.) Defendant argues that Plaintiffs breach of contract
claim fails as a matter of law because it is premised on
violations of the Privacy Pledge and, in Defendant's
view, that document is not pail of the insurance policy.
(See R. 142, Def.'s Mem.; R. 143, Def.'s
Facts; R. 150, Def.'s Reply.) Plaintiff opposes the entry
of summary judgment, arguing that the Privacy Pledge is part
of the insurance policy for all intents and purposes and that
it supports a valid breach of contract claim. (R. 148,
Pl.'s Opp'n; R. 149, Pl.'s Resp. to Facts.) In
Plaintiffs view, the Privacy Pledge is a "rider or
endorsement" that was specifically incorporated by
reference into the policy. (R. 148, Pl.'s Opp'n at
Rule of Civil Procedure 56 provides that "[f]he court
shall grant summary judgment if the movant shows that there
is no genuine dispute as to any material fact and the movant
is entitled to judgment as a matter of law." Fed. R.
Crv. P. 56(a). Summary judgment is proper "if the
pleadings, depositions, answers to interrogatories, and
admissions on file, together with the affidavits, if any,
show that there is no genuine issue as to any material fact
and that the moving party is entitled to a judgment as a
matter of law." Celotex Corp. v. Catrett, 477
U.S. 317, 322 (1986) (citation omitted). "A genuine
dispute as to any material fact exists if the evidence is
such that a reasonable jury could return a verdict for the
nonmoving party." Kvapil v. Chippewa Cty., 752
F.3d 708, 712 (7th Cir. 2014) (citation and internal
quotation marks omitted). In deciding whether a dispute
exists, the Court must ...