Financial Institutions State Negligence Claim Against Restaurant For Data Breach

HK
Holland & Knight

Contributor

Holland & Knight is a global law firm with nearly 2,000 lawyers in offices throughout the world. Our attorneys provide representation in litigation, business, real estate, healthcare and governmental law. Interdisciplinary practice groups and industry-based teams provide clients with access to attorneys throughout the firm, regardless of location.
In In Re Arby's Restaurant Gp. Inc. Litigation, No. 1:17-cv-0514-AT, 2018 WL 2128441 (N.D. Ga. March 5, 2018), the district court refused to dismiss several counts filed by financial institutions ...
United States Privacy

Nathan A Adams IV is a Partner in Holland & Knight's Tallahassee office

In In Re Arby's Restaurant Gp. Inc. Litigation, No. 1:17-cv-0514-AT, 2018 WL 2128441 (N.D. Ga. March 5, 2018), the district court refused to dismiss several counts filed by financial institutions and a group of consumers after the defendant disclosed that third-party hackers had breached its credit card point of sale machines and retrieved the personal information of hundreds of thousands of consumers. The defendant argued that it owed no common law duty to the plaintiffs to protect their personal credit card data, but the court ruled that a company's knowledge of a foreseeable risk to its data security system is sufficient to establish the existence of a plausible legal duty as a basis for negligence. For negligence per se, the court agreed with the plaintiffs that it could be premised upon an alleged violation of Section 5 of the Federal Trade Commission Act. The court concluded that plaintiffs also pled the remaining elements of negligence and negligence per se and that the economic loss doctrine did not prohibit them because they are not based on the breach of a duty owed under any express contract between plaintiffs and defendant. The court also ruled that the consumer plaintiffs adequately alleged breach of an implied-in-fact contract or, in the alternative, unjust enrichment. For the former, they argued that the implied contract was that the defendant agreed to safeguard and protect their financial information in exchange for their purchases. The court did dismiss the consumer plaintiffs' Georgia Fair Business Practices Act and violation of other state consumer laws count.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More