United States District Court, N.D. Alabama, Western Division
SHARON STANDIFER, individually and d/b/a SUPERIOR OFFICE SOLUTIONS, Plaintiff,
v.
BEST BUY STORES, L.P., Defendant.
MEMORANDUM OF OPINION
L.
Scott Coogler, United States District Judge
Before
the Court is Plaintiff Sharon Standifer's
(“Standifer”) motion for partial summary judgment
(doc. 37) and Defendant Best Buy Stores, L.P.'s
(“Best Buy”) motion for summary judgment (doc.
39). The motions have been fully briefed and are ripe for
review. For the reasons stated below, Standifer's motion
for partial summary judgment (doc. 37) is due to be GRANTED
in PART and DENIED in PART and Best Buy's motion for
summary judgment (doc. 39) is also due to be GRANTED in PART
and DENIED in PART.
I.
Background[1]
Standifer
is the sole owner and proprietor of Superior Office Solutions
(“SOS”), an accounting and business consulting
company. To conduct business, Standifer would sometimes use
her husband's computer. On August 14, 2015,
Standifer's husband was using his computer when he opened
a file and a blue screen appeared. The next day, Standifer
took the computer to a Best Buy location in Tuscaloosa,
Alabama to be repaired. Although Standifer had previously
purchased accessories, such as cables, videos, and TVs, from
Best Buy, she had never before used its Geek Squad's
computer services. Her knowledge of Best Buy's computer
sales and services came exclusively from general
advertisements.
While
at Best Buy, Standifer decided to replace her husband's
computer with a new Lenovo computer instead of having the
original computer repaired. She purchased the computer for
$557.24 and requested that Best Buy transfer all of the data
from the original computer to the Lenovo. This data included
information about several of her clients. As part of the
transaction, Standifer entered into a Data Services Agreement
with Best Buy, which provided that Best Buy would set up
Standifer's new computer, install software on the
computer, and complete the requested data transfer. The Data
Services Agreement included several waivers and disclaimers,
which stated that Geek Squad would not be liable for any
indirect, incidental, or consequential damages. Best Buy then
retained possession of Standifer's original computer from
August 15, 2015 to August 24, 2015. At no point did Standifer
ask or Best Buy explain how the data from the original
computer would be securely transferred to the Lenovo
computer.
On
August 20, 2015, Best Buy sent Standifer an email stating
that her computer had reached the “Ultimate Fix-It
Stage” and that a Geek Squad Agent was actively
repairing her device. (See Doc. 49-4.) After being
informed by Best Buy employees that the data transfer between
her original computer and the Lenovo had not yet occurred,
Standifer cancelled the data transfer, picked up her old
computer, and received a full refund. Standifer then
purchased a new computer from Tuscom, the business where
Standifer had purchased her original computer, and Tuscom
transferred the data from the original computer to the new
one.
On
November 24, 2015, Phil Simpson (“Simpson”), a
captain with the Tuscaloosa Police Department, notified
Standifer that data stored on her original computer had been
found on his father's iMac. Both Simpson and his father
had viewed certain files belonging to Standifer.
Simpson's father had purchased the iMac from Best
Buy's Tuscaloosa location in October 2015. According to a
Forensic Investigation Report, the data from Standifer's
computer was copied to the Simpson computer on August 23,
2015, while both computers were in Best Buy's possession.
Many of the files were then moved to another folder, labeled
“geekSQUAD BACKUP, ” on October 21, 2015, which
is the day that Simpson's father picked up the computer
from Best Buy. However, it remains unclear how
Standifer's information ended up on the Simpson computer.
Although Standifer's expert was able to determine when
the data transfer occurred, his report does not include
evidence as to who transferred the data. Moreover, Best Buy
has no records that Standifer's computer was ever hooked
up for data services.[2]
The
data found on the Simpson computer included files containing
sensitive information about Standifer and her clients. Among
these files were Standifer's personal tax returns, the
tax returns of some of her clients, and documents regarding
Standifer's sister's medical history. Standifer
admits that aside from a log-in password she had not
independently password protected most of these documents. The
day after Simpson contacted Standifer, he went with her to
Best Buy to inform the store about Standifer's data
appearing on his father's computer. Best Buy responded by
creating an Incident Management Report, which discussed the
allegedly unauthorized transfer. The Incident Management
Report refers to the unauthorized transfer as a “data
transfer error, ” and contains a statement from a Best
Buy executive that “[i]t would certainly appear we had
a hand in this issue.” (See Doc. 49-5 at
¶ 33.) On December 3, 2015, Standifer sent a letter to
her clients notifying them that their information may have
been transferred to the Simpson computer.
The
parties largely dispute how the data transfer has affected
Standifer both professionally and personally. Standifer has
not lost clients, received bad reviews, or seen a reduction
in her business's revenue due to the data breach.
However, Standifer has testified that she has worked many
unbilled hours to protect her client's information by
setting up new logins and changing passwords. She also claims
to have taken on new clients for fear that her old clients
would leave her. Standifer's client, Mark English, has
expressed concerns that some suspicious activity on his
credit report may have been related to the data transfer.
Standifer wrote to three different credit agencies on
English's behalf. Standifer also testified that due to
her tax returns appearing on the Simpson computer she filled
out an affidavit with the IRS and the State of Alabama.
Standifer has indicated that this incident has caused her to
suffer from anxiety.
II.
Standard
Summary
judgment is appropriate “if the movant shows that there
is no genuine dispute as to any material fact[3] and the movant is
entitled to judgment as a matter of law.” Fed.R.Civ.P.
56(a). A dispute is genuine if “the record taken as a
whole could lead a rational trier of fact to find for the
nonmoving party.” Id. A genuine dispute as to
a material fact exists “if the nonmoving party has
produced evidence such that a reasonable factfinder could
return a verdict in its favor.” Greenberg v.
BellSouth Telecomms., Inc., 498 F.3d 1258, 1263 (11th
Cir. 2007) (quoting Waddell v. Valley Forge Dental
Assocs., 276 F.3d 1275, 1279 (11th Cir. 2001)). The
trial judge should not weigh the evidence, but determine
whether there are any genuine issues of fact that should be
resolved at trial. Anderson v. Liberty Lobby, Inc.,
477 U.S. 242, 249 (1986).
In
considering a motion for summary judgment, trial courts must
give deference to the non-moving party by “view[ing]
the materials presented and all factual inferences in the
light most favorable to the nonmoving party.”
Animal Legal Def. Fund v. U.S. Dep't of Agric.,
789 F.3d 1206, 1213-14 (11th Cir. 2015) (citing Adickes
v. S.H. Kress & Co., 398 U.S. 144, 157 (1970)).
However, “unsubstantiated assertions alone are not
enough to withstand a motion for summary judgment.”
Rollins v. TechSouth, Inc., 833 F.2d 1525, 1529
(11th Cir. 1987). Conclusory allegations and “mere
scintilla of evidence in support of the nonmoving party will
not suffice to overcome a motion for summary judgment.”
Melton v. Abston, 841 F.3d 1207, 1220 (11th Cir.
2016) (per curiam) (quoting Young v. City of Palm Bay,
Fla., 358 F.3d 859, 860 (11th Cir. 2004)). In making a
motion for summary judgment, “the moving party has the
burden of either negating an essential element of the
nonmoving party's case or showing that there is no
evidence to prove a fact necessary to the nonmoving
party's case.” McGee v. Sentinel Offender
Servs., LLC, 719 F.3d 1236, 1242 (11th Cir. 2013).
Although the trial courts must use caution when granting
motions for summary judgment, “[s]ummary judgment
procedure is properly regarded not as a disfavored procedural
shortcut, but rather as an integral part of the Federal Rules
as a whole.” Celotex Corp. v. Catrett, 477
U.S. 317, 327 (1986).
III.
Discussion
Standifer
brings claims for breach of contract, breach of fiduciary
duty, conversion, fraud, fraudulent suppression, wantonness,
and negligence against Best Buy. Best Buy asserts that
summary judgment is due to be granted on each of
Standifer's claims both for substantive reasons and
because Standifer has failed to prove her damages. Standifer
argues that she is entitled to summary judgment on Best
Buy's contributory negligence defense. Each of these
arguments will be addressed in turn.
A.
Breach of Contract
In
order to be successful on her breach of contract claim,
Standifer must demonstrate (1) a valid contract binding the
parties; (2) her own performance under the contract; (3) Best
Buy's nonperformance under the contract; and (4)
resulting damages. See Barrett v. Radjabi-Mougadem,
39 So.3d 95, 98 (Ala. 2009). A valid contract requires
“an offer and an acceptance, consideration, and mutual
assent to terms essential to the formation of a
contract.” Ex parte Grant, 711 So.2d 464, 465
(Ala. 1997) (quoting Strength v. Ala. Dep't of Fin.,
Div. of Risk Mgmt., 622 So.2d 1283, 1289 (Ala. 1993)).
Standifer
bases her breach of contract claim on the Data Services
Agreement she entered into with Best Buy.[4] Specifically,
Standifer points to the agreement's “Work to Be
Completed” provision, which provided that Best Buy
would transfer the data from her original computer to the
Lenovo computer. Standifer argues that Best Buy's duty
under the Data Services Agreement was to safely transfer her
data from the original computer to the Lenovo computer. She
asserts that Best Buy breached this duty by transferring her
data to the Simpson computer. The Court agrees with Standifer
that an implied term of the Data Services Agreement was that
the data transfer from Standifer's old computer to the
new computer would be done securely. Without the expectation
that Best Buy would safely conduct the data transfer,
Standifer likely would have never allowed Best Buy to perform
the agreed upon data services.
However,
when she signed the Data Services Agreement, Standifer agreed
to the damages waivers contained within the agreement.
Alabama law recognizes the freedom to contract and upholds
“clearly manifested limitations” in a contract,
such as those found within the Data Services Agreement.
See Campbell v. S. Roof Deck Applicators, Inc., 406
So.2d 910, 913 (Ala. 1981). Paragraph 9 of the
agreement's terms and conditions provided that Standifer
agreed to “[w]aive any consequential or incidental
damages against Geek Squad as a result of this
service.” (See Doc. 40-2 at 77.) The Data
Services Agreement also includes a limitation of liability
clause, which provided that “[in] no event will Geek
Squad be liable for any indirect damages whatsoever. To the
extent permitted by law, the total liability of Geek Squad to
Client under this Agreement [sh]all in no event exceed the
total sums paid by Client to Geek Squad.” (See
Id. at 76.)
Standifer
does not dispute that these clauses are enforceable or that
“[i]f, in the process of transferring her data to the
[Lenovo], Best Buy had lost some or all of [her data]”
that she would have waived any damages. (See Doc. 48
at 16.) Instead, she argues that because there is no evidence
that the unauthorized transfer occurred as a result of the
services contemplated in the Data Services Agreement that the
consequential and incidental damages waiver does not apply to
her claims. While Standifer's interpretation of the
consequential and incidental damages waiver may be correct,
this argument ignores the Data Services Agreement's
limitation of liability clause. That clause provides that
“the total liability of Geek Squad to client under this
Agreement [sh]all in no event exceed the total sums paid by
Client to Geek Squad.” (Id. at 76.) The Court
finds this provision to be unambiguous. See Nunnelley v.
GE Capital Info. Tech. Solutions-North America, 730
So.2d 238, 241 (Ala. Civ. App. 1999) (“Whether a
contract is ambiguous is a question of law for the trial
judge.”). It limits Standifer's ability to recover
damages for breach of the Data Services Agreement to the
$557.24 that she paid for Best Buy's services. Because
Standifer concedes that she received a full refund, she is
not entitled to recover any additional damages under the Data
Services Agreement. Therefore, Best Buy is entitled to
summary judgment on Standifer's breach of contract
claim.[5]
Best
Buy argues that the waivers contained within the Data
Services Agreement, particularly the limitation of liability
clause, bar Standifer from recovering damages on any of her
claims. In support of this, it cites to Alabama case law
enforcing contractual provisions that limit liability.
See Campbell, 406 So.2d at 913 (“Contracting
parties have a right to express the limitations under which
they will be bound, and such clearly manifested limitations
will be recognized by the courts.”); Stewart v.
Bradley, 15 So.3d 533, 543 (Ala. Civ. App. 2008)
(enforcing warranty that disclaimed home builders liability
for negligence, mental anguish, and implied warranties of
habitability and workmanship). However, the limitation of
liability clause in the Data Services Agreement is not as
unambiguous as the clauses at issue in the cases Best Buy
cites. The clause states: “[i]n no event will Geek
Squad be liable for any indirect damages whatsoever.”
(Doc. 40-2 at 76.) It does not state whether the clause
applies only to indirect damages arising out of a breach of
the provisions of the Data Services Agreement or if it also
applies to all aspects of Geek Squad's relationship with
its customers. This ambiguity presents a question of material
fact as to whether the clause bars Standifer from recovering
any damages for the unauthorized data transfer. See
Whitetail Dev. Corp. v. Nickelson, 689 So.2d 865, 867
(Ala. Civ. App. 1996) (“When the terms of a contract
are ambiguous in any way, however, the determination of the
true meaning of that contract is a question of fact for the
finder of fact.”).
B.
Breach of Fiduciary Duty
The
elements of a breach of fiduciary duty claim are “the
existence of a fiduciary duty, a breach of that duty, and
damage suffered as a result of that breach.” Aliant
Bank v. Four Star Invs., Inc., 244 So.3d 896, 907 (Ala.
2017). The Alabama Supreme Court has held that fiduciary
relationships are “not restricted to such confined
relations as trustee and beneficiary, partners, principal and
agent, guardian and ward, managing directors and corporation,
etc.” Line v. Ventura, 38 So.3d 1, 12 (Ala.
2009) (internal citations omitted). Rather, the
responsibilities of a fiduciary flow to “all persons
who occupy a position out of which the duty of good faith
ought in equity and good conscience to arise. It is the
nature of the relation which is to be regarded, and not the
designation of the one filling the relation.”
Id. at 12-13. Fiduciary relationships typically
arise in one of four scenarios:
(1) when one person places trust in the faithful integrity of
another, who as a result gains superiority or influence over
the first, (2) when one person assumes control and
responsibility over another, (3) when one person has a duty
to act for or give advice to another on matters falling
within the scope of the relationship, or (4) when there is a
specific relationship that has traditionally been recognized
as involving fiduciary duties, as with a lawyer and a client
or a stockbroker and a customer.
Aliant Bank, 244 So.3d at 916 (quoting Swann v.
Regions Bank, 17 So.3d 1180, 1193 (Ala. Civ. App.
2008)).
Standifer
argues that her relationship with Best Buy falls within the
first of these four scenarios. As evidence of this
relationship, she points to her deposition testimony that she
left her computer with Best Buy “in good faith that it
was going to be fixed.” (See Doc. 38-1 at 45.)
She also points out that it is undisputed that she had no
knowledge regarding how Best Buy secures and transfers data
from one computer to another. According to Standifer, these
facts demonstrate that Best Buy had such superior knowledge
and influence over her that a fiduciary relationship existed.
Here,
it was reasonable for Standifer to trust Best Buy to act as
her fiduciary. Although she had limited prior interactions
with Best Buy, Standifer had left her computer containing
private information with it. While Standifer had not informed
Best Buy of exactly what was on her computer, she could
reasonably expect Best Buy to use care to prevent her data
from being exposed to an unauthorized third party. Contrary
to Best Buy's assertion, its relationship with Standifer
was not merely that of a salesperson and customer. Instead,
it retained control over Standifer's information while
she waited for the agreed upon data transfer to take place.
By doing so, Best Buy assumed responsibility for the data on
Standifer's computer. Standifer had no reason to believe
that the level of trust she placed in Best Buy was misplaced
and justifiably relied on Best Buy to protect her information
from being exposed. Moreover, Standifer has produced evidence
that Best Buy breached this duty when her files were
transferred to the Simpson computer. Therefore, summary
judgment on the breach of fiduciary duty claims is due to be
denied.
C.
Conversion
“To
sustain a claim of conversion, there must be (1) a wrongful
taking; (2) an illegal assertion of ownership; (3) an illegal
use or misuse of another's property; or (4) a wrongful
detention or interference with another's property.”
Drennen Land & Timber Co. v. Privett, 643 So.2d
1347, 1349 (Ala. 1994). Conversion can be established by one
of two ways. First, a plaintiff could show “that the
defendant converted specific personal property to the
defendant's own use and beneficial enjoyment.”
Huntsville v. Golf Dev., Inc. v. Ratcliff, Inc., 646
So.2d 1334, 1336 (Ala. 1994). A plaintiff “could also
show that the defendant destroyed or exercised dominion over
property to which, at the time of the destruction or exercise
of dominion, the plaintiff had a general or specific title
and of which the plaintiff was in actual possession or to
which the plaintiff was entitled to immediate
possession.” Id. Although conversion is an
intentional tort, “[t]he intent required is not
necessarily a matter of conscious wrongdoing. It is rather an
intent to exercise a dominion or control over the goods which
is in fact inconsistent with the plaintiff's
rights.” Johnson v. Northpointe Apartments,
744 So.2d 899, 904 (Ala. 1999) (internal citations and
quotations omitted). Thus, “[t]he bare possession of
property without some wrongful act in the acquisition of
possession, or its detention, and without illegal assumption
of ownership or illegal user or misuser, is not
conversion.” Clardy v. Capital City Asphalt
Co., 477 So.2d 350, 352 (Ala. 1985).
Here,
Standifer asserts that Best Buy wrongfully converted the
private information and computer files stored on her
computer. Best Buy does not dispute that Standifer's
private information and computer files are personal property
that can be subject to a conversion claim. However, there is
no evidence that Best Buy converted Standifer's private
information for its own benefit or destroyed Standifer's
computer files and data. Thus, Standifer can only succeed on
her conversion claim if Best Buy improperly exercised
dominion over Standifer's private information or computer
files to the exclusion of her rights.
Viewing
the evidence in the light most favorable to Standifer, the
Court cannot say, as a matter of law, that Standifer has
failed to show that someone at Best Buy misused her data. The
undisputed evidence is that someone transferred
Standifer's computer files to the Simpson computer while
Best Buy had possession of both computers. Although Standifer
has presented no direct evidence that this was done at the
direction of Best Buy, a reasonable jury could infer that it
was. Best Buy has presented no evidence that anyone other
than it or its employees had access to these computers at the
time of the data transfer. Additionally, the Forensic
Investigation Report reveals that on October 21, 2015
Standifer's data was copied from one folder on the
Simpson computer to another folder ...