United States District Court, S.D. Ohio, Eastern Division
MOHAMMAD S. GALARIA, Plaintiff,
NATIONWIDE MUTUAL INSURANCE COMPANY, Defendant. ANTHONY HANCOX, Plaintiff,
NATIONWIDE MUTUAL INSURANCE COMPANY, Defendant.
Michael H. Watson
REPORT AND RECOMMENDATION
CHELSEY M. VASCURA, UNITED STATES MAGISTRATE JUDGE
in the above-captioned actions learned in November 2012 that
their personally identifiable data, which they had provided
to Nationwide Mutual Insurance Company in applications for
insurance coverage, had been stolen in a major data breach.
Plaintiffs filed suit and asserted a number of claims against
Nationwide. On August 16, 2017, this Court issued an Opinion
and Order at the conclusion of which it noted that
Plaintiffs' only remaining cause of action in each of
these cases is a bailment claim. These actions are now before
the Court to consider Defendant's Motion to Dismiss the
bailment claim pursuant to Rule 12(b)(6) of the Federal Rules
of Civil Procedure. (Case No. 2:13-cv-118, ECF No. 92.) For
the reasons that follow, it is RECOMMENDED
that Defendant's Motion be granted.
The Rule 12(b)(6) Standard
stage, this Court must accept all of Plaintiffs'
well-pleaded factual allegations as true and construe their
complaint in the light most favorable to them. Haviland
v. Metro. Life Ins. Co., 730 F.3d 563, 566-67 (6th Cir.
2013). Although the complaint need not contain
“detailed factual allegations, ” it must include
more than “labels and conclusions” or “a
formulaic recitation of the elements of a cause of
action.” Bell Atl. Corp. v. Twombly, 550 U.S.
544, 555 (2007). Thus, the complaint will survive a motion to
dismiss if it “contain[s] sufficient factual matter,
accepted as true, to state a claim to relief that is
plausible on its face.” Ashcroft v. Iqbal, 556
U.S. 662, 678 (2009) (internal quotations omitted).
“[A] claim has facial plausibility when the plaintiff
pleads factual content that allows the court to draw the
reasonable inference that the defendant is liable for the
misconduct alleged.” Hensley Mfg. v. ProPride,
Inc., 579 F.3d 603, 609 (6th Cir. 2009) (quoting
Iqbal, 556 U.S. at 678).
have not stated a claim for bailment upon which this Court
may grant relief because they did not relinquish control of
their personally identifiable information when they applied
for insurance. Having retained control of the information,
they cannot establish liability on the basis of
Nationwide's alleged failure to return the information to
number of courts across the country have considered bailment
claims in the context of data security breaches and concluded
that the scenario in which a person provides personally
identifiable information to a business and the information is
stolen does not give rise to bailment liability. See,
e.g., In re Target Data Security Breach Litig., 66
F.Supp.3d 1154, 1177 (D. Minn. 2014); In re Sony Gaming
Networks and Customer Data Sec. Breach Litig., 903
F.Supp.2d 942, 974 (S.D. Cal. 2012). Applying the law of
various states, those courts have concluded that a person in
that scenario has not transferred possession of the data with
the expectation that the recipient will return the date and
does not base any claim for damages on the recipient's
unlawful retention of the data. Target Data Security
Breach, 66 F.Supp.3d at 1177 (applying Illinois law);
Sony Gaming Networks, 903 F.Supp.2d at 974 (applying
bailment law mirrors California and Illinois law in all
material respects. A bailment claim requires either a
contract of bailment or a bailment implied by law.
Agricultural Ins. Co. v. Constantine, 144 Ohio St.
275, 284 (1944). An implied bailment exists when a person
delivers personal property to another person or entity for a
specific purpose with an implied agreement that the property
“shall be returned or accounted for when this special
purpose is accomplished or retained until the bailor reclaims
the property.” Tomas v. Nationwide Mut. Ins.
Co., 79 Ohio App.3d 624, 628 (Oh. Ct. App. 1992).
Liability on a bailment theory rests on the bailee's
failure to return the bailed personal property as agreed or
to return it in an undamaged condition. Id. at 629.
The bailment theory, thus, requires a transfer of possession
and custody of the bailed property. See Vandeventer v.
Vandeventer, 132 Ohio App.3d 762, 767 (Oh. Ct. App.
this Court has not conducted a choice of law analysis, the
parties appear to agree that their state law claims are
governed either by the law of Ohio, where Defendant resides,
or by the law of Kansas and Minnesota, where Plaintiffs
reside. Both Kansas and Minnesota also view the act of
bailment as a transfer of custody or control of personal
property. See Prod. Credit Ass'n of St. Cloud v.
Fitzpatrick, 385 N.W.2d 410, 412 (Minn.Ct.App. 1986);
M. Bruenger & Co., Inc. v. Dodge City Truck Stop,
Inc., 675 P.2d 864, 868 (Kan. 1984).
property, including personally identifiable data, may or may
not constitute the sort of personal property that may be
bailed. See Target Data Security Breach, 66
F.Supp.3d at 1177; see also In re Sony Gaming Networks
Customer Data Sec. Breach Litig., Nos. 11CV2119,
11CV2120, 2012 WL 4849054, at *23 (S.D. Cal. Oct. 11, 2012)
(“the Court is hard pressed to conceive of how
Plaintiffs' Personal Information could be construed to be
personal property so that the Plaintiffs somehow
‘delivered' this property Sony and then expected it
to be returned”). The Court need not resolve that
question in this action because Plaintiffs have not alleged
that they transferred control or custody of their personal
identifiers to Defendant with the expectation that Defendant
would hold them for some purpose and then return them
undamaged to Plaintiffs.
provided the data, in the sense that they told Defendant what
the data were, but they did not relinquish custody or control
of the data to Defendant. They retained their personal
identifiers and continued to use them throughout the period
of the alleged bailment. They have not alleged, and could not
allege, that they expected Defendant to return the data
because they were never without their personal identifiers.
Plaintiffs' specific allegations are that they
“entrusted” the data to Defendant, which
“improperly handled” and “wrongfully
retained” the data. (Compl. ¶¶ 1, 3, 81, ECF
No. 1.) They do not allege that the parties had agreed that
Defendant would return the data, however, or that the data
could have been returned. Plaintiffs have not, therefore,
alleged a bailment between the parties with respect to the
reasons set forth above, it is RECOMMENDED
that the Court GRANT Defendant's Motion
to Dismiss (Case No. 2:13-cv-118, ECF No. 92),
DISMISS the bailment claim pursuant to Rule
12(b)(6) of the Federal Rules of Civil Procedure, and
DIRECT the ...