Commercial Litigation Newsletter July 2016 – Issue 63
Our July recap highlights cases concerning limitations on access to electronic data stored overseas, standing for claims based on data breaches, the assignment of noncompete agreements, the public disclosure bar to private actions under the False Claims Act, and other news that will have an impact on business and litigation.
The Second Circuit Court of Appeals holds that warrants cannot be used to compel the turnover of electronic mail stored by Microsoft at a location outside of the United States.
In 2013, prosecutors sought production of electronic mail from an unknown Microsoft user and obtained a warrant issued under the Stored Communications Act to compel production. Microsoft moved to quash the warrant on the basis that data sought by the government was located in Dublin, Ireland. Among other things, Microsoft argued that such warrants only have application within the United States. At the trial court level, Microsoft’s arguments were rejected, resulting in the denial of its motion to quash. In a closely watched appeal, the Second Circuit reversed and vacated the trial court’s decision, holding that warrants issued under the SCA cannot be used to seize customer e-mail content that is stored exclusively on foreign servers. Citing to users’ privacy interests and a presumption against extra-territorial application of United States law, Circuit Judge Susan Carney stated that congress did not intend the warrant provisions to apply outside of the United States. Circuit Judge Gerard Lynch concurred with the result, but underscored the need for lawmakers to update “badly outdated” legal standards addressed to the protection and production of electronic data.
Scottrade escapes liability for data breach for now because plaintiffs cannot show they suffered any concrete injury as a result of the breach.
Between September 2013 and February 2014, hackers gained access to Scottrade’s customer databases and stole the confidential personal identifying information (“PII”) of approximately 4.6 million customers. The hackers used the PII to build their own customer database for marketing and brokering stock transactions, and then used it to operate a stock price manipulation scheme that amassed millions of dollars. Shortly after the data breach was announced, several Scottrade customers brought putative class action lawsuits based on the breach. On July 12, a Missouri federal district court dismissed the pending complaints, finding that the plaintiffs had not sufficiently demonstrated they suffered an injury that was “concrete and particularized,” as opposed to merely “conjectural or hypothetical.” The plaintiffs had claimed several categories of injury, including increased risk of identity theft, the burden of monitoring their credit and financial accounts, invasion of privacy, and deprivation of the value of their personal information. The court found that these damages were too speculative to be considered concrete and particularized. However, the plaintiffs may amend their complaint to make new damages allegations.
The Eighth Circuit Court of Appeals holds that noncompete agreements can be assigned to an acquiring company without the consent of the employees subject to the agreements.
In 2012, Mobilex USA acquired Ozark Mobile Imaging in Columbia, Missouri. Ozark employees Kimberly Greenbaum and Josephine Tabang were offered part-time positions at Mobilex with no benefits, and both refused. In 2013, although Greenbaum and Tabang were subject to noncompete and confidentiality agreements with Ozark, both joined a competing Missouri-based imaging company, and Mobilex brought suit to enforce the noncompete and confidentiality agreements. The former employees argued that their noncompetes should be treated as if they were personal services contracts, which cannot be assigned without consent under Missouri law, and the trial court agreed, holding that Mobilex could not enforce the agreements. The Eighth Circuit disagreed, however, and overturned the lower court’s ruling. The court treated the agreements as restrictive covenants, which can be assigned without consent, and therefore held that Mobilex could enforce the agreements against the employees.
The First Circuit Court of Appeals provides guidance on False Claims Act in affirming dismissal of qui tam action based on the public disclosure bar.
In the underlying case, private parties sued CVS Caremark Corp. on behalf of the federal government under the FCA for allegedly fraudulent overbilling of Medicaid and Medicare Part D for prescription drugs. CVS sought to dismiss the individuals’ qui tam lawsuit under the “public disclosure bar.” CVS argued that a Connecticut attorney general investigation into CVS’s prescription drug billing of the state’s Medicaid program, and subsequent media coverage, was in fact a public disclosure that had already brought the alleged scheme to the federal government’s attention, ultimately rending the private suit under the FCA unnecessary. In response, the plaintiffs relied in part on the “original source” exception to the public disclosure bar, which allows private suits even after a prior public disclosure where the private individuals have knowledge that, among other things, “materially adds” to the prior public disclosure. In a matter of first impression in the First Circuit, the court rejected in turn the plaintiffs’ arguments that they materially added to the Connecticut public disclosure by alleging a broader geographical scheme in other states; a scheme of longer duration; personal knowledge of specific examples of fraudulent conduct; and additional information that confirmed the mental state of the company. The court also left open the issue of whether the public disclosure bar was still jurisdictional after 2010 amendments to the FCA, but strongly hinted that it was not.