Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.

McClain v. RBS Citizen's Bank, N.A.

United States District Court, E.D. Pennsylvania

September 30, 2014

LISA McCLAIN, Plaintiff
RBS CITIZEN'S BANK, N.A., et al.,[1] Defendants



Page 439



Pending before the court is a motion to dismiss filed by defendants RBS Citizens

Page 440

Bank, N.A. and Citizens Bank of Pennsylvania. (Doc. No. 19.) After a thorough review of the motion and the parties' respective briefs, the court will GRANT the motion IN PART and DENY IN PART. Count I (Negligent Infliction of Emotion Distress), Count II (Public Disclosure), Count III (Intrusion Upon Seclusion), and Count VIII (Punitive Damages) will be DISMISSED WITH PREJUDICE. Defendants' motion to dismiss will be DENIED in all other respects.


The pertinent facts, viewed in the light most favorable to plaintiff, are as follows. Since 2002, plaintiff, Lisa McClain, a New Jersey resident, maintained personal banking accounts with defendants, Citizens Bank of Pennsylvania and RBS Citizens.[2] (Sec. Am. Compl. at ¶ ¶ 1, 6.) Defendant Citizens Bank is a Pennsylvania Financial Institution with its registered office in Philadelphia, Pennsylvania. Id. at ¶ 3. Defendant RBS Citizens N.A. is a Rhode Island Corporation engaged in banking with offices throughout Philadelphia. Id. at ¶ 2.

Until August 5, 2011, plaintiff worked for and conducted her banking at defendant Citizens Bank in Philadelphia, Pennsylvania. Id. at ¶ ¶ 3-4. During that time, plaintiff's immediate supervisor was Kim O'Donnell, a Vice-President with defendant Citizens Bank. Id. at ¶ 5. After her termination on August 5, 2011, plaintiff continued to maintain her personal bank accounts. Id. at ¶ ¶ 6-7. Plaintiff alleges that, unbeknownst to her, Ms. O'Donnell used defendants' IMI system to access plaintiff's bank accounts during work hours. Id. at ¶ ¶ 7, 28, 48. O'Donnell then shared plaintiff's personal financial information with her coworkers, specifically that plaintiff was seeing a psychiatrist, was receiving unemployment benefits, and was being treated by various doctors for personal health conditions. Id. at ¶ ¶ 7-8, 10-11. Plaintiff further alleges that O'Donnell disclosed plaintiff's salary information to O'Donnell's coworkers and allegedly questioned how plaintiff and her husband paid their mortgage. Id. at ¶ ¶ 7-9, 10-11. Plaintiff alleges that O'Donnell had no legitimate banking reason for accessing accounts or disclosing her financial information to other RBS Citizens and Citizens Bank employees. Id. at ¶ ¶ 13, 63.

Plaintiff avers that, prior to the data breaches, defendants were aware that O'Donnell had engaged in similar inappropriate conduct in the past. Id. at ¶ 16. Further, after O'Donnell began accessing plaintiff's accounts, management-level employees of Citizens and RBS Citizens became aware of the intrusions and failed to report them. Id. at ¶ 14. Despite this knowledge, defendants continued to allow O'Donnell access to plaintiff's personal financial information--allegedly with the intent of holding plaintiff out to ridicule amongst her former co-workers. Id. at ¶ ¶ 17, 27. On July 24, 2012, plaintiff learned of O'Donnell's conduct while attending a funeral when former co-workers asked her about her health and well-being. ( Id. at ¶ 21.) Plaintiff claims she was humiliated and embarrassed. ( Id. at ¶ 29.)

On February 15, 2013, plaintiff filed a complaint in the Court of Common Pleas, Philadelphia County. Defendants removed the complaint to federal court on March 25, 2013. (Doc. No. 1.) They filed their first motion to dismiss, (Doc. No. 7), and plaintiff filed an amended complaint before the court reached the merits of the motion, (Doc. No. 10). Defendants filed a

Page 441

second motion to dismiss, (Doc. No. 13), and the court granted plaintiff leave to amend her complaint to clarify the theory of liability under which she was seeking to hold defendants liable,[3] (Doc. No. 18). On November 25, 2013, plaintiff filed a second amended complaint, which stated respondeat superior claims for intentional infliction of emotional distress (Count I), public disclosure (Count II), and intrusion upon seclusion (Count III); direct liability claims for negligent supervision (Count V), negligent training (Count VI), and negligent hiring/retention (Count VII); claims under the Right to Financial Privacy Act of 1978 and the Gramm-Leach-Bliley Act (Count IV); and a claim for punitive damages (Count VIII). (Doc. No. 19.) Defendants filed a third motion to dismiss, (Doc. No. 20), which is the subject of the present discussion. Because the parties have fully briefed the motion, it is ripe for disposition.



As an initial matter, it is worth clarifying that, although Count I is titled " negligent infliction of emotional distress," the court will construe it as a claim for intentional infliction of emotion distress. In its brief in opposition, plaintiff represented to the court that it intended to raise an IIED claim and that the incorrect heading in Count I is the result of a clerical error. (Pl's Br. at 3.) In response, defendants filed a reply brief addressing the merits of Count I as an IIED claim. (Def's Reply Br. at 2-6.) Therefore, because defendants have had an opportunity to be heard, there is no danger of prejudice.

Defendants first move to dismiss Counts I, II, and III on respondeat superior grounds. (Def's Br. at 4-10.) To state a respondeat superior claim under Pennsylvania law, a party must allege facts showing that an employee's conduct " is of a kind and nature that the employee is employed to perform; . . . occurs substantially within the authorized time and space limits; . . . is actuated, at least in part, by a purpose to serve the employer; and . . . if force is intentionally used by the employee against another, the use of force is not unexpected by the employer." Costa v. Roxborough Memorial Hosp., 708 A.2d 490, 493 (Pa. S.Ct. 1998). Here, plaintiff alleged in her complaint that Ms. O'Donnell accessed defendants' IMI system " for the purpose of accessing [p]laintiff's ba[n]king account for the sole purpose of disseminating information to [p]laintiff's former co-workers relating to her spending activities, personal financial activities and personal health information." (Sec. Am. Compl. at ¶ 7.) She further alleges that O'Donnell " had no legitimate banking reason for doing so," and that her actions " were intended to cause [p]laintiff to suffer ridicule and embarrassment amidst her former coworkers." (Sec. Am. Compl. at ¶ ¶ 13 & 27.) These allegations contradict plaintiff's respondeat superior claims because accessing defendants' financial database for the purposes plaintiff alleges -- essentially gossip -- cannot be described as " actuated, at least in part, by a purpose to serve the employer." Even without plaintiff's allegations concerning Ms. O'Donnell's purpose, the court is at a loss to postulate any business purpose for her conduct. While it may be true that Ms. O'Donnell's job responsibilities required her to have access to plaintiff's financial information for business purposes,

Page 442

her conduct in this instance simply cannot be said to impose vicarious liability on defendants. As such, Counts I, II, and III will be DISMISSED.


In Counts V, VI, and VII of her second amended complaint, plaintiff sets forth claims of negligent supervision (Count V), negligent training (Count VI), and negligent hiring/retention of employees. (Sec. Am. Compl. at ¶ ¶ 60-76.) Defendants move to dismiss these counts on the grounds that plaintiff has inadequately alleged knowledge on the part of Ms. O'Donnell's employer concerning the disclosures at issue and that plaintiff failed to sufficiently allege how her employer received information regarding Ms. O'Donnell's alleged indiscretions. (Def's Br. at 13.) Defendants also move for dismissal on the grounds that Ms. O'Donnell's actions occurred off the employer's premises. (Def's Br. at 13.)

Pennsylvania law imposes direct liability on " [a] person conducting an activity through servants or other agents . . . if he is negligent or reckless . . . (b) in the employment of improper persons or instrumentalities in work involving risk of harm to others; or (c) in the supervision of the activity; or (d) in permitting, or failing to prevent, negligent or other tortious conduct by persons, whether or not his servants or agents, upon premises or with instrumentalities under his control." Heller v. Patwil Homes, Inc., 713 A.2d 105, 107 (Pa. S.Ct. 1998) (quoting Restatement (Second) of Agency § 213 (1958)). To establish liability, the employer must have known or, in the exercise of appropriate care, should have known that an employee had a propensity to engage in conduct for which the employee could be held liable. Keffer v. Bob Nolan's Auto Service, Inc., 59 A.3d 621, 638, 2012 PA Super 255 (Pa. S.Ct. 2012).

Plaintiff's second amended complaint states, in relevant part:

14. After Defendants' employee O'Donnell commenced the intrusion into Plaintiff's accounts, her access became known to other management level employees of Defendants RBS [Citizens] Bank, N.A. and [Citizens] Bank of Pennsylvania, who failed to stop O'Donnell or to further report her activities despite their understanding of the campaign she was waging to disseminate confidential information about the Plaintiff.
15. Specifically, a security specialist within Defendants' employ became aware that O'Donnell was making intrusions into Plaintiff's bank accounts with Defendants.
16. Additionally, prior to intrusions into Plaintiff's accounts, Defendants' employee O'Donnell made electronic intrusions without permission into the account of a former employee, Christine Harrington.
17. Despite the knowledge of management level employees, Defendants' employee O'Donnell continued to access the Plaintiff's personal financial information and continued to disseminate information obtained using the Defendants' IMI system in order to hold Plaintiff up to ridicule amidst the population of her former co-workers.

(Sec. Am. Compl. at 3.)

The court believes that plaintiff has adequately alleged that Ms. O'Donnell's employer knew that she was accessing the company's database, collecting information regarding employees, and misusing that information for her own purposes. The federal pleading rules do not require plaintiff to allege with specificity how defendants found out about Ms. O'Donnell's

Page 443

unlawful activity, nor do they require a party to plead such knowledge with specificity. See Fed.R.Civ.P. 8 (requiring only short and plain statement of claims); Fed.R.Civ.P. 9 (allowing parties to plead conditions of mind generally). Moreover, plaintiff's allegations are sufficient to inform defendants of the bases of her claims. She explains that a security specialist became aware of Ms. O'Donnell's intrusions, that management level employees were informed about the intrusion, and that Ms. O'Donnell had engaged in similar conduct with regard to a former employee, Christine Harrington, which defendants allegedly also knew about. These allegations are sufficient to state a plausible claim to relief.

Moving to defendants' second objection, a cursory review of the complaint demonstrates that plaintiff never alleges that Ms. O'Donnell's intrusions occurred while she was off company premises. To the contrary, the complaint contains factual allegations from which the court can infer that it was plausible that she accessed plaintiff's confidential information and disclosed it to other employees while she was on company premises. Plaintiff states, " O'Donnell accessed the [p]laintiff's personal financial information during work hours and with the use of Defendants' IMI system." (Sec. Am. Compl. at ¶ 28.) Nothing in the complaint indicates that Ms. O'Donnell routinely worked from home or accessed defendants' network remotely. In the alternative, even if Ms. O'Donnell did access plaintiff's financial records off premises, Pennsylvania law alternatively imposes direct liability on an employer when an employee uses an instrumentality of the employer to commit a tort or other wrongdoing. Heller, 713 A.2d at 107. Here, Ms. O'Donnell used her employer's IMI system to access plaintiff's information. Therefore, defendants could be liable for Ms. O'Donnell's use of its instrumentality to access plaintiff's personal information even if the alleged breach did not occur on the company's tangible property. In sum, defendants' motion to dismiss Counts V, VI, and VII will be DENIED.


In Count IV of her complaint, plaintiff alleges that defendants violated the Right to Financial Privacy Act of 1978 (RFPA), 12 U.S.C. § 3401, et seq., and the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. § 6801, et seq. (Sec. Am. Compl. at ¶ 58.). Defendants move to dismiss these claims on two grounds: (1) RFPA is inapplicable to O'Donnell's financial data disclosures because the Act only applies to invasions of privacy by government actors, and (2) the GLBA does not allow private causes of action. (Def's Br. at 10-11.) Plaintiff takes the position that defendants are precluded from asserting these defenses because they failed to raise them in their motions to dismiss the original and first amended complaint. (Pl's Br. at 22.) Without addressing the merits of these claims, the court notes that plaintiff raised identical claims in its initial complaint and its first amended complaint, but defendant failed to move for dismissal of these claims in its prior motions. Therefore, they are prevented from moving for their dismissal now. Fed.R.Civ.P. 12(h); CGL, LLC v. Schwab, No. 11-CV-4593, 2012 WL 4321972, *3 (E.D. Pa. 2012).


As an initial matter, there is some dispute over whether plaintiff's separate count for punitive damages is permissible under federal pleading standards. " Punitive damages are a form of relief and not

Page 444

the basis for a separate cause of action." Mansmann v. Tuman, 970 F.Supp. 389, 404 (E.D. Pa. 1997). Therefore, because Count VIII appears to be a claim solely for punitive damages, it will be DISMISSED.

Defendants next argue that plaintiff failed to allege sufficient facts regarding defendants' liability for punitive damages. (Def's Br. at 14-15.) In particular, defendants claim that plaintiff did not adequately plead that defendants acted with the required state of mind. ( Id.) Punitive damages are available under Pennsylvania law " when an individual's actions are of such an outrageous nature as to demonstrate intentional, willful, wanton, or reckless conduct." Interact Accessories, Inc. v. Video Trade Int'l, Ltd., No. 98-CV-2430, 1999 WL 159883, *3 (E.D. Pa. Mar. 22, 1999). " [P]unitive damages cannot be based upon ordinary negligence." Boring v. Google Inc., 362 F.App'x 273, 282 (3d Cir. 2010). Whether a party is entitled to punitive damages is ordinarily a question of fact for the jury. Pichler v. UNITE, 542 F.3d 380, 388 (3d Cir. 2008). Because only Counts IV, V, VI, and VII survive this motion to dismiss, the court need only address the issue as it pertains to those claims.

Here, plaintiff averred that defendants knew of O'Donnell's conduct through individuals working in their security and fraud department. (Sec. Am. Compl. at ¶ ¶ 14, 15, 64, 71.) Given the nature of the alleged intrusions into plaintiff's private financial data, it is at least reasonable to infer that defendants appreciated the risk of harm that would accompany its failure to act on unauthorized intrusions. Pryor v. Mercy Catholic Med. Ctr., No. 99-CV-988, 1999 WL 956376, at *5 (E.D. Pa. Oct. 19, 1999) (" Given that throughout [p]laintiff's complaint she alleges that defendants knew or should have known of the conduct in question, and yet failed to act, it cannot be said with certainty that the standard for punitive damages has not been met concerning [p]laintiff's remaining count of negligent supervision. It is simply too early in the proceedings to adequately make such a determination. As such, defendants' request to strike the respective punitive damage demands cannot be granted." ) At this stage, the court is not prepared to hold that defendants did not have the requisite mental state to support an award of punitive damages. Plaintiff has sufficiently pled reckless indifference at this stage. Therefore, defendants' motion to dismiss plaintiff's claim for punitive damages will be DENIED.


Finally, defendant claims that RBS Citizens should be dismissed because it was not plaintiff's employer. At this stage, the court is limited to drawing facts from the face of the complaint. Plaintiff alleges that both banks were her employer, that Ms. O'Donnell was an employer at both banks, and that she maintained personal bank accounts at both banks. At this point, the court is unable to state as a matter of law that RBS Citizens was not plaintiff's employer, nor can the court make a determination that RBS Citizens is not liable for the acts or omissions set forth in the complaint. As such, defendants motion to dismiss RBS Citizens as a defendant is DENIED.


After thoroughly reviewing defendants' motion and the parties' respective briefs, the motion to dismiss, (Doc. No. 20), will be GRANTED IN PART and DENIED IN PART. Count I (Negligent Infliction of Emotion Distress), Count II (Public Disclosure), Count III (Intrusion Upon Seclusion), and Count VIII (Punitive Damages) will be DISMISSED WITH PREJUDICE.

Page 445

Defendants' motion to dismiss will be DENIED in all other respects.


AND NOW, this 30th day of September, 2014, it is hereby ORDERED that defendants' motion to dismiss, (Doc. No. 20), will be GRANTED IN PART and DENIED IN PART. It will be GRANTED insofar as it seeks dismissal of Count I (Negligent Infliction of Emotion Distress), Count II (Public Disclosure), Count III (Intrusion Upon Seclusion), and Count VIII (Punitive Damages). Those claims are DISMISSED WITH PREJUDICE. Defendants' motion to dismiss will be DENIED in all other respects.

Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.