Standifer v. Best Buy Stores, L.P.

          MEMORANDUM OF OPINION

          L. Scott Coogler, United States District Judge

         Before the Court is Plaintiff Sharon Standifer's (“Standifer”) motion for partial summary judgment (doc. 37) and Defendant Best Buy Stores, L.P.'s (“Best Buy”) motion for summary judgment (doc. 39). The motions have been fully briefed and are ripe for review. For the reasons stated below, Standifer's motion for partial summary judgment (doc. 37) is due to be GRANTED in PART and DENIED in PART and Best Buy's motion for summary judgment (doc. 39) is also due to be GRANTED in PART and DENIED in PART.

         I. Background^[1]

         Standifer is the sole owner and proprietor of Superior Office Solutions (“SOS”), an accounting and business consulting company. To conduct business, Standifer would sometimes use her husband's computer. On August 14, 2015, Standifer's husband was using his computer when he opened a file and a blue screen appeared. The next day, Standifer took the computer to a Best Buy location in Tuscaloosa, Alabama to be repaired. Although Standifer had previously purchased accessories, such as cables, videos, and TVs, from Best Buy, she had never before used its Geek Squad's computer services. Her knowledge of Best Buy's computer sales and services came exclusively from general advertisements.

         While at Best Buy, Standifer decided to replace her husband's computer with a new Lenovo computer instead of having the original computer repaired. She purchased the computer for $557.24 and requested that Best Buy transfer all of the data from the original computer to the Lenovo. This data included information about several of her clients. As part of the transaction, Standifer entered into a Data Services Agreement with Best Buy, which provided that Best Buy would set up Standifer's new computer, install software on the computer, and complete the requested data transfer. The Data Services Agreement included several waivers and disclaimers, which stated that Geek Squad would not be liable for any indirect, incidental, or consequential damages. Best Buy then retained possession of Standifer's original computer from August 15, 2015 to August 24, 2015. At no point did Standifer ask or Best Buy explain how the data from the original computer would be securely transferred to the Lenovo computer.

         On August 20, 2015, Best Buy sent Standifer an email stating that her computer had reached the “Ultimate Fix-It Stage” and that a Geek Squad Agent was actively repairing her device. (See Doc. 49-4.) After being informed by Best Buy employees that the data transfer between her original computer and the Lenovo had not yet occurred, Standifer cancelled the data transfer, picked up her old computer, and received a full refund. Standifer then purchased a new computer from Tuscom, the business where Standifer had purchased her original computer, and Tuscom transferred the data from the original computer to the new one.

         On November 24, 2015, Phil Simpson (“Simpson”), a captain with the Tuscaloosa Police Department, notified Standifer that data stored on her original computer had been found on his father's iMac. Both Simpson and his father had viewed certain files belonging to Standifer. Simpson's father had purchased the iMac from Best Buy's Tuscaloosa location in October 2015. According to a Forensic Investigation Report, the data from Standifer's computer was copied to the Simpson computer on August 23, 2015, while both computers were in Best Buy's possession. Many of the files were then moved to another folder, labeled “geekSQUAD BACKUP, ” on October 21, 2015, which is the day that Simpson's father picked up the computer from Best Buy. However, it remains unclear how Standifer's information ended up on the Simpson computer. Although Standifer's expert was able to determine when the data transfer occurred, his report does not include evidence as to who transferred the data. Moreover, Best Buy has no records that Standifer's computer was ever hooked up for data services.^[2]

         The data found on the Simpson computer included files containing sensitive information about Standifer and her clients. Among these files were Standifer's personal tax returns, the tax returns of some of her clients, and documents regarding Standifer's sister's medical history. Standifer admits that aside from a log-in password she had not independently password protected most of these documents. The day after Simpson contacted Standifer, he went with her to Best Buy to inform the store about Standifer's data appearing on his father's computer. Best Buy responded by creating an Incident Management Report, which discussed the allegedly unauthorized transfer. The Incident Management Report refers to the unauthorized transfer as a “data transfer error, ” and contains a statement from a Best Buy executive that “[i]t would certainly appear we had a hand in this issue.” (See Doc. 49-5 at ¶ 33.) On December 3, 2015, Standifer sent a letter to her clients notifying them that their information may have been transferred to the Simpson computer.

         The parties largely dispute how the data transfer has affected Standifer both professionally and personally. Standifer has not lost clients, received bad reviews, or seen a reduction in her business's revenue due to the data breach. However, Standifer has testified that she has worked many unbilled hours to protect her client's information by setting up new logins and changing passwords. She also claims to have taken on new clients for fear that her old clients would leave her. Standifer's client, Mark English, has expressed concerns that some suspicious activity on his credit report may have been related to the data transfer. Standifer wrote to three different credit agencies on English's behalf. Standifer also testified that due to her tax returns appearing on the Simpson computer she filled out an affidavit with the IRS and the State of Alabama. Standifer has indicated that this incident has caused her to suffer from anxiety.

         II. Standard

         Summary judgment is appropriate “if the movant shows that there is no genuine dispute as to any material fact^[3] and the movant is entitled to judgment as a matter of law.” Fed.R.Civ.P. 56(a). A dispute is genuine if “the record taken as a whole could lead a rational trier of fact to find for the nonmoving party.” Id. A genuine dispute as to a material fact exists “if the nonmoving party has produced evidence such that a reasonable factfinder could return a verdict in its favor.” Greenberg v. BellSouth Telecomms., Inc., 498 F.3d 1258, 1263 (11th Cir. 2007) (quoting Waddell v. Valley Forge Dental Assocs., 276 F.3d 1275, 1279 (11th Cir. 2001)). The trial judge should not weigh the evidence, but determine whether there are any genuine issues of fact that should be resolved at trial. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 249 (1986).

         In considering a motion for summary judgment, trial courts must give deference to the non-moving party by “view[ing] the materials presented and all factual inferences in the light most favorable to the nonmoving party.” Animal Legal Def. Fund v. U.S. Dep't of Agric., 789 F.3d 1206, 1213-14 (11th Cir. 2015) (citing Adickes v. S.H. Kress & Co., 398 U.S. 144, 157 (1970)). However, “unsubstantiated assertions alone are not enough to withstand a motion for summary judgment.” Rollins v. TechSouth, Inc., 833 F.2d 1525, 1529 (11th Cir. 1987). Conclusory allegations and “mere scintilla of evidence in support of the nonmoving party will not suffice to overcome a motion for summary judgment.” Melton v. Abston, 841 F.3d 1207, 1220 (11th Cir. 2016) (per curiam) (quoting Young v. City of Palm Bay, Fla., 358 F.3d 859, 860 (11th Cir. 2004)). In making a motion for summary judgment, “the moving party has the burden of either negating an essential element of the nonmoving party's case or showing that there is no evidence to prove a fact necessary to the nonmoving party's case.” McGee v. Sentinel Offender Servs., LLC, 719 F.3d 1236, 1242 (11th Cir. 2013). Although the trial courts must use caution when granting motions for summary judgment, “[s]ummary judgment procedure is properly regarded not as a disfavored procedural shortcut, but rather as an integral part of the Federal Rules as a whole.” Celotex Corp. v. Catrett, 477 U.S. 317, 327 (1986).

         III. Discussion

         Standifer brings claims for breach of contract, breach of fiduciary duty, conversion, fraud, fraudulent suppression, wantonness, and negligence against Best Buy. Best Buy asserts that summary judgment is due to be granted on each of Standifer's claims both for substantive reasons and because Standifer has failed to prove her damages. Standifer argues that she is entitled to summary judgment on Best Buy's contributory negligence defense. Each of these arguments will be addressed in turn.

         A. Breach of Contract

         In order to be successful on her breach of contract claim, Standifer must demonstrate (1) a valid contract binding the parties; (2) her own performance under the contract; (3) Best Buy's nonperformance under the contract; and (4) resulting damages. See Barrett v. Radjabi-Mougadem, 39 So.3d 95, 98 (Ala. 2009). A valid contract requires “an offer and an acceptance, consideration, and mutual assent to terms essential to the formation of a contract.” Ex parte Grant, 711 So.2d 464, 465 (Ala. 1997) (quoting Strength v. Ala. Dep't of Fin., Div. of Risk Mgmt., 622 So.2d 1283, 1289 (Ala. 1993)).

         Standifer bases her breach of contract claim on the Data Services Agreement she entered into with Best Buy.^[4] Specifically, Standifer points to the agreement's “Work to Be Completed” provision, which provided that Best Buy would transfer the data from her original computer to the Lenovo computer. Standifer argues that Best Buy's duty under the Data Services Agreement was to safely transfer her data from the original computer to the Lenovo computer. She asserts that Best Buy breached this duty by transferring her data to the Simpson computer. The Court agrees with Standifer that an implied term of the Data Services Agreement was that the data transfer from Standifer's old computer to the new computer would be done securely. Without the expectation that Best Buy would safely conduct the data transfer, Standifer likely would have never allowed Best Buy to perform the agreed upon data services.

         However, when she signed the Data Services Agreement, Standifer agreed to the damages waivers contained within the agreement. Alabama law recognizes the freedom to contract and upholds “clearly manifested limitations” in a contract, such as those found within the Data Services Agreement. See Campbell v. S. Roof Deck Applicators, Inc., 406 So.2d 910, 913 (Ala. 1981). Paragraph 9 of the agreement's terms and conditions provided that Standifer agreed to “[w]aive any consequential or incidental damages against Geek Squad as a result of this service.” (See Doc. 40-2 at 77.) The Data Services Agreement also includes a limitation of liability clause, which provided that “[in] no event will Geek Squad be liable for any indirect damages whatsoever. To the extent permitted by law, the total liability of Geek Squad to Client under this Agreement [sh]all in no event exceed the total sums paid by Client to Geek Squad.” (See Id. at 76.)

         Standifer does not dispute that these clauses are enforceable or that “[i]f, in the process of transferring her data to the [Lenovo], Best Buy had lost some or all of [her data]” that she would have waived any damages. (See Doc. 48 at 16.) Instead, she argues that because there is no evidence that the unauthorized transfer occurred as a result of the services contemplated in the Data Services Agreement that the consequential and incidental damages waiver does not apply to her claims. While Standifer's interpretation of the consequential and incidental damages waiver may be correct, this argument ignores the Data Services Agreement's limitation of liability clause. That clause provides that “the total liability of Geek Squad to client under this Agreement [sh]all in no event exceed the total sums paid by Client to Geek Squad.” (Id. at 76.) The Court finds this provision to be unambiguous. See Nunnelley v. GE Capital Info. Tech. Solutions-North America, 730 So.2d 238, 241 (Ala. Civ. App. 1999) (“Whether a contract is ambiguous is a question of law for the trial judge.”). It limits Standifer's ability to recover damages for breach of the Data Services Agreement to the $557.24 that she paid for Best Buy's services. Because Standifer concedes that she received a full refund, she is not entitled to recover any additional damages under the Data Services Agreement. Therefore, Best Buy is entitled to summary judgment on Standifer's breach of contract claim.^[5]

         Best Buy argues that the waivers contained within the Data Services Agreement, particularly the limitation of liability clause, bar Standifer from recovering damages on any of her claims. In support of this, it cites to Alabama case law enforcing contractual provisions that limit liability. See Campbell, 406 So.2d at 913 (“Contracting parties have a right to express the limitations under which they will be bound, and such clearly manifested limitations will be recognized by the courts.”); Stewart v. Bradley, 15 So.3d 533, 543 (Ala. Civ. App. 2008) (enforcing warranty that disclaimed home builders liability for negligence, mental anguish, and implied warranties of habitability and workmanship). However, the limitation of liability clause in the Data Services Agreement is not as unambiguous as the clauses at issue in the cases Best Buy cites. The clause states: “[i]n no event will Geek Squad be liable for any indirect damages whatsoever.” (Doc. 40-2 at 76.) It does not state whether the clause applies only to indirect damages arising out of a breach of the provisions of the Data Services Agreement or if it also applies to all aspects of Geek Squad's relationship with its customers. This ambiguity presents a question of material fact as to whether the clause bars Standifer from recovering any damages for the unauthorized data transfer. See Whitetail Dev. Corp. v. Nickelson, 689 So.2d 865, 867 (Ala. Civ. App. 1996) (“When the terms of a contract are ambiguous in any way, however, the determination of the true meaning of that contract is a question of fact for the finder of fact.”).

         B. Breach of Fiduciary Duty

         The elements of a breach of fiduciary duty claim are “the existence of a fiduciary duty, a breach of that duty, and damage suffered as a result of that breach.” Aliant Bank v. Four Star Invs., Inc., 244 So.3d 896, 907 (Ala. 2017). The Alabama Supreme Court has held that fiduciary relationships are “not restricted to such confined relations as trustee and beneficiary, partners, principal and agent, guardian and ward, managing directors and corporation, etc.” Line v. Ventura, 38 So.3d 1, 12 (Ala. 2009) (internal citations omitted). Rather, the responsibilities of a fiduciary flow to “all persons who occupy a position out of which the duty of good faith ought in equity and good conscience to arise. It is the nature of the relation which is to be regarded, and not the designation of the one filling the relation.” Id. at 12-13. Fiduciary relationships typically arise in one of four scenarios:

(1) when one person places trust in the faithful integrity of another, who as a result gains superiority or influence over the first, (2) when one person assumes control and responsibility over another, (3) when one person has a duty to act for or give advice to another on matters falling within the scope of the relationship, or (4) when there is a specific relationship that has traditionally been recognized as involving fiduciary duties, as with a lawyer and a client or a stockbroker and a customer.

Aliant Bank, 244 So.3d at 916 (quoting Swann v. Regions Bank, 17 So.3d 1180, 1193 (Ala. Civ. App. 2008)).

         Standifer argues that her relationship with Best Buy falls within the first of these four scenarios. As evidence of this relationship, she points to her deposition testimony that she left her computer with Best Buy “in good faith that it was going to be fixed.” (See Doc. 38-1 at 45.) She also points out that it is undisputed that she had no knowledge regarding how Best Buy secures and transfers data from one computer to another. According to Standifer, these facts demonstrate that Best Buy had such superior knowledge and influence over her that a fiduciary relationship existed.

         Here, it was reasonable for Standifer to trust Best Buy to act as her fiduciary. Although she had limited prior interactions with Best Buy, Standifer had left her computer containing private information with it. While Standifer had not informed Best Buy of exactly what was on her computer, she could reasonably expect Best Buy to use care to prevent her data from being exposed to an unauthorized third party. Contrary to Best Buy's assertion, its relationship with Standifer was not merely that of a salesperson and customer. Instead, it retained control over Standifer's information while she waited for the agreed upon data transfer to take place. By doing so, Best Buy assumed responsibility for the data on Standifer's computer. Standifer had no reason to believe that the level of trust she placed in Best Buy was misplaced and justifiably relied on Best Buy to protect her information from being exposed. Moreover, Standifer has produced evidence that Best Buy breached this duty when her files were transferred to the Simpson computer. Therefore, summary judgment on the breach of fiduciary duty claims is due to be denied.

         C. Conversion

         “To sustain a claim of conversion, there must be (1) a wrongful taking; (2) an illegal assertion of ownership; (3) an illegal use or misuse of another's property; or (4) a wrongful detention or interference with another's property.” Drennen Land & Timber Co. v. Privett, 643 So.2d 1347, 1349 (Ala. 1994). Conversion can be established by one of two ways. First, a plaintiff could show “that the defendant converted specific personal property to the defendant's own use and beneficial enjoyment.” Huntsville v. Golf Dev., Inc. v. Ratcliff, Inc., 646 So.2d 1334, 1336 (Ala. 1994). A plaintiff “could also show that the defendant destroyed or exercised dominion over property to which, at the time of the destruction or exercise of dominion, the plaintiff had a general or specific title and of which the plaintiff was in actual possession or to which the plaintiff was entitled to immediate possession.” Id. Although conversion is an intentional tort, “[t]he intent required is not necessarily a matter of conscious wrongdoing. It is rather an intent to exercise a dominion or control over the goods which is in fact inconsistent with the plaintiff's rights.” Johnson v. Northpointe Apartments, 744 So.2d 899, 904 (Ala. 1999) (internal citations and quotations omitted). Thus, “[t]he bare possession of property without some wrongful act in the acquisition of possession, or its detention, and without illegal assumption of ownership or illegal user or misuser, is not conversion.” Clardy v. Capital City Asphalt Co., 477 So.2d 350, 352 (Ala. 1985).

         Here, Standifer asserts that Best Buy wrongfully converted the private information and computer files stored on her computer. Best Buy does not dispute that Standifer's private information and computer files are personal property that can be subject to a conversion claim. However, there is no evidence that Best Buy converted Standifer's private information for its own benefit or destroyed Standifer's computer files and data. Thus, Standifer can only succeed on her conversion claim if Best Buy improperly exercised dominion over Standifer's private information or computer files to the exclusion of her rights.

         Viewing the evidence in the light most favorable to Standifer, the Court cannot say, as a matter of law, that Standifer has failed to show that someone at Best Buy misused her data. The undisputed evidence is that someone transferred Standifer's computer files to the Simpson computer while Best Buy had possession of both computers. Although Standifer has presented no direct evidence that this was done at the direction of Best Buy, a reasonable jury could infer that it was. Best Buy has presented no evidence that anyone other than it or its employees had access to these computers at the time of the data transfer. Additionally, the Forensic Investigation Report reveals that on October 21, 2015 Standifer's data was copied from one folder on the Simpson computer to another folder ...