Breach of Contract Claim Plead Without Specificity
In considering the defendant’s Rule 12(b)(6) motion to dismiss, the court cited Supreme Court precedent for the principle that a plaintiff must plead sufficient facts in their complaint to show that a claim to relief is “plausible on its face.” Such “facial plausibility” in a pleading allows the court to make inferences in the plaintiffs’ favor, thereby vaulting a defendant’s motion to dismiss, said the court. If a plaintiff’s complaint fails to state a claim upon which relief can be granted, then dismissal of such a claim is appropriate. Further, the court reasoned, when a plaintiff brings a claim on behalf of themselves and a putative class, a court cannot exercise jurisdiction over the matter if the plaintiff’s complaint fails to state a claim in the first instance.
The procedural framework established, the court then held that New York law applied to the implied contract claims because the elements of an implied contract claim are the same in the plaintiffs’ and defendant’s home states. An implied contract requires the elements of a contract, including a valid agreement and facts and circumstances evidencing breach of a contractual duty. The court then rejected the plaintiffs’ argument that the defendant breached industry standards when it used hashed and salted passwords—modes of authenticating a person’s password identity—to store its members’ private data. According to the court, “absent allegations identifying the security measures [the] ABA purportedly failed to implement, plaintiffs cannot sustain their breach of implied contract claims.”
Data Breach Guidance
Litigation Section leaders agree that specificity must be plead to withstand a motion to dismiss under Rule 12(b)(6). Section leaders also recommend that companies immediately find qualified counsel and take steps to mitigate the effects of a data breach. “Companies and their outside counsel should retain the services of a qualified data protection professional when a breach occurs,” says Brian Esler, Seattle, WA, Co-Chair of the Section’s Business Torts & Unfair Competition Committee.
Given the potentially global impact of data breach, counsel handling data breach cases must ensure “their response [to such breach] complies with all applicable state, federal and perhaps even foreign law governing data breach reporting and remediation,” adds Brian A. Hill, Washington, D.C., another Co-Chair of the Section’s Business Torts & Unfair Competition Committee. Hill also urges companies that have experienced a data breach to “carefully review the language of their own policies and notices to ensure that they are acting consistently with what they have previously told their customers.”