ENSLIN v. THE COCA-COLA COMPANY et al
Filing
209
MEMORANDUM/OPINION THAT PLAINTIFF'S MOTION FOR RECONSIDERATION OF SUMMARY JUDGMENT, ECF NO. 194, IS DENIED. SIGNED BY HONORABLE JOSEPH F. LEESON, JR ON 8/29/17. 8/30/17 ENTERED AND COPIES MAILED TO UNREP AND E-MAILED.(ky, )
<![CDATA[
UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF PENNSYLVANIA
__________________________________________
SHANE K. ENSLIN, on behalf of himself
and all others similarly situated,
:
:
:
Plaintiff,
:
v.
:
:
THE COCA-COLA COMPANY;
:
COCA-COLA REFRESHMENTS USA, INC.;
:
KEYSTONE COCA-COLA AND BOTTLING
:
AND DISTRIBUTION CORPORATION;
:
KEYSTONE COCA-COLA BOTTLING CO.;
:
KEYSTONE COCA-COLA BOTTLING
:
COMPANY, INC.;
:
KEYSTONE COCA-COLA BOTTLING
:
CORPORATION;
:
THOMAS WILLIAM ROGERS, III;
:
DOE DEFENDANTS 1-50;
:
ABC CORPORATIONS 1-50; and
:
XYZ PARTNERSHIPS AND ASSOCIATIONS,
:
:
Defendants.
:
__________________________________________
No. 2:14-cv-06476
OPINION
Plaintiff’s Motion for Reconsideration of Summary Judgment, ECF No. 194 – Denied
Joseph F. Leeson, Jr.
United States District Judge
I.
August 29, 2017
Introduction
Shane Enslin claims that he was the victim of identity theft, and he blames it on a theft of
laptop computers from his former employer, Coca-Cola, 1 which were later found to have
contained the personal information of him and other Coca-Cola employees. Enslin claims that
the company promised him—either expressly or implicitly—that it would secure the personal
information he provided about himself during the hiring process and that the company breached
that promise. He brought this suit on behalf of himself and approximately 74,000 current and
former Coca-Cola employees whose information was stored on those laptops.
1
For convenience of reference, the various Coca-Cola defendants will be referred to simply as “Coca-Cola,”
except when distinctions between them are relevant.
1
In a previous opinion, the Court granted summary judgment in Coca-Cola’s favor after
concluding that Coca-Cola owed him no general contractual duty to safeguard his personal
information. 2017 WL 1190979 (E.D. Pa. Mar. 31, 2017). Enslin now moves for reconsideration
of that decision, citing to a number of errors he believes the Court made. He also asks the Court
to consider two new pieces of evidence he did not submit at summary judgment, which he claims
did not come to light until after the Court had ruled against him. His motion is denied in both
respects.
II.
Background
The full background of this case can be found in the opinion granting summary judgment
to Coca-Cola. 2017 WL 1190979. What follows is a brief overview of the case to provide
context for Enslin’s motion for reconsideration.
Enslin was employed by the Coca-Cola organization from 1996 to 2007. He was
originally hired by an independent Coca-Cola bottler, which, in 2001, was acquired by an
affiliate of the parent Coca-Cola Company called Coca-Cola Enterprises. As part of that
acquisition, Enslin had to complete new employment paperwork, which required him to provide
various pieces of personal information. He also received a company handbook, which Coca-Cola
Enterprises called its “Code of Business Conduct.” During discovery, neither side was able to
locate a copy of the handbook in effect at the time Enslin joined Coca-Cola Enterprises in 2001,
but Coca-Cola did produce one from the 1990s, which Enslin believes to be substantially similar
to the one he received in 2001.
Enslin left the company in 2007. Five years later, Coca-Cola discovered that one of its
information technology employees had been taking home old laptop computers that the company
was no longer using. Once it learned of the theft, Coca-Cola attempted to recover all of the
missing laptops, and “while it has ‘a very good feeling’ that it has been able to recover [them]
all, it cannot say for sure.” 2017 WL 1190979, at *2. When it examined the laptops it was able to
recover, the company discovered that some of them had been used by its human resources
department and still contained bits and pieces of personal information from some of its current
and former employees, including Enslin.
Enslin claims that around that same time, he and his spouse were the victims of identity
theft. He believes that the theft of the laptops was to blame. On behalf of himself and a putative
class of current and former Coca-Cola employees, he brought this suit against Coca-Cola. His
theory is that Coca-Cola contractually obligated itself to safeguard their personal information and
did not hold up its end of the bargain. 2 At summary judgment, the Court concluded that CocaCola had made no such promise and therefore entered judgment in Coca-Cola’s favor.
2
His complaint also included numerous other claims under various theories of relief, but all but his
contractual claims—and a derivative claim in restitution under the opportunistic breach theory—were dismissed at
the pleadings. 2017 WL 1190979, at *2 n.3.
2
The Court first considered whether Coca-Cola had formed an express contract with him
to safeguard his personal information. As a threshold matter, the Court agreed with Enslin that
certain promises the company made in the “Code of Conduct”—the Coca-Cola Enterprises
handbook—had the force of a legally binding contract. 2017 WL 1190979, at *8-11. But those
promises that the company made stopped far short of assuming a general contractual duty to
safeguard his personal data. The relevant provisions of the handbook were quite clear on this
point. The company agreed to “safeguard the confidentiality of employee records” in three,
specifically enumerated ways: it would “advis[e] employees of all personnel files maintained on
them,” it would “collect[] only data related to the purpose for which the files were established,”
and finally, it would “allow[] those authorized to use a file to do so only for legitimate Company
purposes.” Id. at *8 (quoting from the handbook). Nothing more. Enslin relied heavily on the fact
that other parts of the handbook (and various Coca-Cola information security policies) imposed
many obligations on Coca-Cola employees with respect to the handling of sensitive information,
and he argued that if the company had made sure that its employees had been following those
policies to the letter, it would not have been possible for old laptops with sensitive information to
be pilfered from the company. But the obligation to ensure that those policies were followed was
an obligation the employees owed to the company, not the other way around. By promulgating
detailed information security policies and requiring its employees to follow them, the company
was not assuming a contractual obligation to ensure that those policies were followed by its
employees for their benefit.
Enslin then suggested that if an express promise to safeguard his information could not be
found somewhere in the handbook or in the company’s other policies, a contract term to that
effect could be implied. But having concluded that Coca-Cola’s obligations to its employees
were clearly spelled out in those three specific promises it made in the handbook, there was no
room to imply some other, additional duty. As the Court explained at the time, “[t]he law will not
imply a different contract than that which the parties have expressly adopted,” so “[t]o imply
covenants on matters specifically addressed in the contract itself would violate this doctrine.” Id.
at *13 (quoting Hutchison v. Sunbeam Coal Corp., 519 A.2d 385, 388 (Pa. 1986)).
Finally, Enslin contended that Coca-Cola should be viewed as having formed an implied
contract with him to safeguard his personal information at the moment he handed over his
employment paperwork. But that argument failed for essentially the same reason as his argument
that the Court should imply a promise of that nature into the express terms of the handbook: once
it was clear that the company’s duties in this area were clearly spelled out in a section of the
handbook, there could be no implied contract to a different effect. Id. (“There cannot be an
implied-in-fact contract if there is an express contract that covers the same subject matter.”
(quoting Baer v. Chase, 392 F.3d 609, 616-17 (3d Cir. 2004))).
Enslin’s implied contract argument also failed for a second, more fundamental reason.
Contractual promises are not implied whenever one party thinks that it would be proper. The law
implies a contract only when an interaction between two parties “can be explained only by the
3
understanding that they are acting contractually.” Id. So while contract law has no trouble
implying a contract when the existence of a contract is “necessary to account for . . . relations
found to have existed between the parties,” id. (quoting Hertzog v. Hertzog, 29 Pa. 465, 465
(1857)), a contract will not be implied simply because one party believes that it would have been
prudent, or proper, or fair for a contract to exist. The question is whether, drawing from the
experience of “the ordinary course of dealing and the common understanding of men,” the two
sides “show[ed] a mutual intention to contract.” Id. (quoting Hertzog, 29 Pa. at 465)). Enslin may
have believed that it was fair and proper for Coca-Cola to be contractually bound to safeguard
the personal information that he turned over on his employment paperwork, but there is no
“common understanding” that when a prospective employee fills out an employment application,
the intent of both sides is that the employer has undertaken a general contractual duty to
safeguard that information against unauthorized access and can be sued for breach if the
employee believes that the employer did not do enough to protect it. See Longenecker-Wells v.
Benecard Servs. Inc., 658 F. App’x 659, 662 (3d Cir. 2016) (“[The employees] have failed to
plead any facts supporting their contention that an implied contract arose . . . other than that
[their employer] required [their] personal information as a prerequisite to employment. This
requirement alone did not create a contractual promise to safeguard that information . . . .”). 3
For those reasons, the Court concluded that there was no contract, express or implied,
between Coca-Cola and Enslin that imposed a general contractual duty on Coca-Cola to
safeguard his personal information.
III.
Standard of Review – Motion for Reconsideration
“The purpose of a motion for reconsideration is to correct manifest errors of law or fact
or to present newly discovered evidence.” Harsco Corp. v. Zlotnicki, 779 F.2d 906, 909 (3d Cir.
1985). It is not, however, to “be used to relitigate old matters, or to raise arguments or present
evidence that could have been raised prior to the entry of judgment.” Exxon Shipping Co. v.
Baker, 554 U.S. 471, 485 n.5 (2008) (quoting 11 Charles Alan Wright & Arthur R. Miller,
Federal Practice and Procedure § 2801.1, at 127-28 (2d ed. 1995)).
IV.
The Court did not make any manifest errors of law.
Enslin believes that the Court made two errors of law in its previous opinion. First, he
contends that the Court neglected to determine, as a threshold matter, whether the language in
the handbook, which laid out the scope of Coca-Cola’s duties to its employees with respect to
their records, was ambiguous. He believes it is and that the Court should have therefore allowed
3
As the Court pointed out at the time, this is not to say that an employer has no obligations at all in that
scenario. It may be quite possible to conclude that when an employer accepts information from a prospective
employee, the employer is promising in return that will not actively “disclose that information to other people or use
that information for non-business purposes.” 2017 WL 1190979, at *14. That more reasonable understanding of the
relationship that exists between the two sides neatly tracks two of the three express promises that Coca-Cola made to
its employees in the handbook—to “collect[] only data related to the purpose for which the files were established”
and “allow[] those authorized to use a file to do so only for legitimate Company purposes.”
4
a jury to determine the meaning of that language as a question of fact (with the aid of extrinsic
evidence) instead of construing the language itself as a question of law. Second, Enslin contends
that the Court neglected to consider “the extent of [Coca-Cola’s] obligations under the covenant
of good faith and fair dealing.” Mem. Supp. Mot. 11, ECF No. 194-1. Neither of these
contentions has merit.
A.
The relevant language in the handbook was not ambiguous, and the Court made
that clear in its previous opinion.
Whether contractual language is ambiguous can have a significant impact on the outcome
of a case because it has the effect of shifting the job of determining its meaning from the court,
as a question of law, to a jury, as a question of fact. Kripp v. Kripp, 849 A.2d 1159, 1163 (Pa.
2004). It also opens the door to the admission of evidence extrinsic to the contract, which the
parties can use to attempt “to explain or clarify or resolve the ambiguity.” Id.
The task of declaring a contract to be either ambiguous or not ambiguous belongs to the
court. Hutchinson, 519 A.2d at 390. “A contract is ambiguous if it is reasonably susceptible of
different constructions and capable of being understood in more than one sense.” Kripp, 849
A.2d at 1163. The key is that the language will be declared ambiguous only if it is “reasonably
susceptible” to multiple meanings—”reviewing courts will not ‘distort the meaning of the
language or resort to a strained contrivance in order to find an ambiguity.’” Trizechahn Gateway
LLC v. Titus, 976 A.2d 474, 483 (Pa. 2009) (quoting Madison Constr. Co. v. Harleysville Mut.
Ins. Co., 735 A.2d 100, 106 (Pa. 1999)).
In this case, there was no ambiguity in the relevant language from the handbook. The
operative passage—a section in the handbook titled “Employee Records”—reads in full:
The Company will safeguard the confidentiality of employee records by advising
employees of all personnel files maintained on them, collecting only data related
to the purpose for which the files were established and allowing those authorized
to use a file to do so only for legitimate Company purposes. Employees will be
allowed to inspect (and challenge for correction as necessary) information in their
personnel files, other than confidential letters of recommendation, material
relating to other employees, investigatory materials and audit material, unless
otherwise provided under applicable law. The Company will comply with all
applicable laws relating to employee records and personnel files.
2017 WL 1190979, at *8. This provision clearly confined the scope of Coca-Cola’s contractual
obligations to three specific promises: to “advis[e] employees of all personnel files maintained
on them,” “collect[] only data related to the purpose for which the files were established,” and
“allow[] those authorized to use a file to do so only for legitimate Company purposes.” There is
no ambiguity in this language, and, contrary to Enslin’s contention, the Court did not neglect to
make that determination in its previous opinion. The Court pointed out numerous times that this
language was clear and unambiguous, which is why the Court proceeded to construe it as a
matter of law. See 2017 WL 1190979, at *12 (observing that this provision “carefully limits the
5
scope of the company’s responsibilities to these specific duties”); id. at *13 (characterizing this
passage as “clear language”); id. (explaining that this passage “clearly laid out (and clearly
limited)” Coca-Cola’s duties). The same is true of the other passage in the handbook that Enslin
relied upon—the passage that imposed duties on the employees to protect the company’s
information and follow its information security policies. It was equally clear that this passage
imposed duties that flowed from the employees to the company, not duties that flowed from the
company to the employees. See id. at *12 (“It is clear that this provision . . . pertains to duties
that the employees owed to the company, not duties that the company owed to them.”).
It is worth pointing out that Enslin’s current position—that the language of the handbook
and other documents is ambiguous, and the Court erred by construing it as a matter of law—
flatly contradicts the position he took at summary judgment. There he said in no uncertain terms
that “the Court must construe and apply the plain meaning of the terms used [in those
documents]” because Coca-Cola “d[id] not argue that there is any ambiguity in the language
used in any of the operative documents.” Enslin’s Opp’n Summ. J. 9-10, ECF No. 180.
In sum, the Court did not err by finding the contractual language in this case to be clear
and construing that language as a matter of law.
B.
The Court did not neglect to consider the implied covenant of good faith and fair
dealing.
Enslin’s next contention is that the Court failed to consider “the extent of Coke’s
obligations under the covenant of good faith and fair dealing.” Mem. Supp. Mot. 11 (emphasis
added). The implied covenant of good faith and fair dealing, however, is not a sort of “secret
repository” of unenumerated contract terms; 4 it simply stands for the proposition that contracts
should be “analyzed . . . through a good faith lens.” Hanaway v. Parkesburg Grp., LP, ___ A.3d
___, 2017 WL 3600580, at *8 (Pa. Aug. 22, 2017); cf. 13 Pa. Cons. Stat. Ann. § 1304
(explaining, under the UCC, that “the doctrine of good faith merely directs a court towards
interpreting contracts within the commercial context in which they are created, performed, and
enforced”). Put another way, the covenant is the embodiment of the presumption that when two
parties enter into a contract, they intend that each side will “act in good faith in the performance
of contractual duties” Somers v. Somers, 613 A.2d 1211, 1213 (Pa. Super. Ct. 1992), and will not
try to shirk those duties by performing them in a way that undercuts “the spirit of the bargain,”
id. (quoting Restatement (Second) of Contracts § 205 cmt. d (Am. Law Inst. 1981)), or by
engaging in other “[s]ubterfuges and evasions,” Restatement (Second) of Contracts § 205 cmt. d.
So while the covenant imposes what is in effect an unwritten obligation to carry out contractual
duties in good faith, “this obligation . . . is tied specifically to and is not separate from the duties
[the] contract imposes on the parties.” Murphy v. Duquesne Univ. of the Holy Ghost, 777 A.2d
418, 434 n.11 (Pa. 2001).
4
TXO Prod. Corp. v. All. Res. Corp., 509 U.S. 443, 470 (1993) (Scalia, J., dissenting).
6
Enslin argues that by promising him in the handbook that it would “allow those
authorized to use a [personnel] file to do so only for legitimate Company purposes,” the
company must have also been promising, consistent with the implied covenant of good faith, that
it would take measures to secure his personal information in a way that would have protected
against the sort of theft that occurred here. That is not an attempt to read the handbook “through
a good faith lens”—it is an attempt to impose a separate and distinct contractual obligation on
Coca-Cola that is not in its text.
As the Court explained in its previous opinion, when the company promised that “those
authorized to use a [personnel] file [would] do so only for legitimate Company purposes,” it was
promising that it would not “use that information for non-business purposes.” 2017 WL
1190979, at *14. As the Court pointed out at the time, it may be fair to say—even in the absence
of an express promise—that when an employee hands over personal information, the employer
has “an implied contractual duty not to directly, or affirmatively, turn over [that] confidential
information to third parties” or otherwise make use of it a way that does not relate to the
company’s legitimate business needs. Id. (quoting Longenecker-Wells v. BeneCard Servs., Inc.,
2015 WL 5576753, at *7 (M.D. Pa. Sept. 22, 2015), aff’d, 658 F. App’x 659 (3d Cir. 2016)).
That is the obligation that Coca-Cola assumed in the handbook. It relates to how Coca-Cola
would use the information it collected—not how it would protect that information from theft or
other unauthorized access—and invoking the implied covenant of good faith cannot rewrite this
promise from one to the other. 5
It is true that the Court did not mention the implied covenant of good faith by name in its
previous opinion. But that was because it was clear that Enslin’s theory was not that the
company had tried to evade one of the three express obligations it assumed in the handbook; he
was seeking to imply an obligation on Coca-Cola’s part that was not “tied specifically to . . . the
duties [the] contract impose[d] on the parties.” Murphy, 777 A.2d at 434 n.11; see 2017 WL
1190979, at *12.
5
Perhaps, consistent with the covenant of good faith, Coca-Cola had an obligation to in some way define
which of its employees would be authorized to use employee records and which were not; otherwise, the company
could potentially avoid this obligation by not informing its employees who the authorized users were and then claim
later, after an employee misused a record, that it was not at fault because that employee had never been “authorized”
to use it—a sort of willful blindness. But, as was discussed in the Court’s previous opinion (and as will be discussed
again later in this one), Enslin is not suggesting that the company made no attempt at all to define who was
authorized to use its personnel records. Nor is he even suggesting that the company did not take reasonable
measures to limit access to them. He made that clear at summary judgment when Coca-Cola confronted him with
expert evidence that the company had in place industry-standard measures to protect its confidential information.
See Enslin’s Opp’n Summ. J. 27 (“Whether Coke’s security practices were reasonable or not has no bearing on the
issue of [whether it] breach[ed] [its contractual obligations].”). Rather, Enslin’s contention is that the company was
contractually obligated to ensure that each of its employees followed each of the numerous information security
policies the company promulgated. 2017 WL 1190979, at *12 (quoting Enslin’s brief, which contended that the
company “did not hold up its end of the bargain by effectively implementing its information security policies”).
7
V.
The “New” Evidence that Enslin has Presented
As mentioned at the start of this opinion, during discovery, neither side was able to locate
a copy of the Coca-Cola Enterprises handbook from 2001 to 2007, the years of Enslin’s
employment. Instead, Enslin based his contract claims on the text of a handbook from the 1990s
that Coca-Cola was able to locate (Coca-Cola also was able to locate a copy of the handbook
from 2008, but Enslin did not use that version to support his claims). Because Enslin believed
that the version from the 1990s was “substantially similar” to the one he was given in 2001—and
because Coca-Cola had produced no evidence to the contrary—the Court was willing to assume,
for the purposes of summary judgment, that this older handbook accurately captured the terms of
their agreement. 2017 WL 1190979, at *8. But the Court cautioned that Enslin’s failure to
produce a copy of the handbook in effect during his term of employment “could call into
question [his] ability to prove [at trial] the terms of the contract he claims he had,” which, as the
plaintiff, is his burden. Id. at *8 n.11. Ultimately, this issue was rendered moot because the Court
concluded that even under the text of the 1990s handbook that Enslin was relying upon, CocaCola did not owe him the contractual duties he believed it did.
Enslin claims that as he was “prepar[ing] . . . his appeal from this Court’s [summary
judgment] ruling,” he happened to be looking over the 2008 version of the handbook that CocaCola produced when he noticed that the handbook had a web address printed on it, which
employees could visit to see the most up-to-date version of the handbook. Mem. Supp. Mot. 5. It
dawned on Enslin that he could try typing that web address into the “Wayback Machine”—a
public database hosted by the Internet Archive, a nonprofit organization, that has the goal of
“archiving the web.” 6 The Internet Archive employs software to “crawl” publicly available web
pages and take snapshots of them in order to preserve webpages as they looked at different points
in time. When Enslin entered the web address from the 2008 handbook into the Wayback
Machine, he discovered that it had archived versions of the handbook as it had appeared in 2004
and 2005. Enslin believes that these versions of the handbook are more favorable to him than the
1990s version that he submitted at summary judgment, and he asks the Court to consider them
now as “newly discovered evidence.”
“[N]ewly discovered evidence,” it is true, is a valid ground for reconsideration of a
previous decision. Harsco Corp. v. Zlotnicki, 779 F.2d 906, 909 (3d Cir. 1985). But “‘new
evidence,’ for reconsideration purposes, does not refer to evidence that a party obtains or submits
to the court after an adverse ruling.” Howard Hess Dental Labs. Inc. v. Dentsply Int’l, Inc., 602
F.3d 237, 252 (3d Cir. 2010). To qualify as “new,” it must be “evidence that a party could not
earlier submit to the court because that evidence was not previously available.” Id.
Enslin’s evidence does not qualify. He does not suggest that this evidence was not
available to him until after the Court issued its decision, because that couldn’t be the case. The
6
Internet Archive, Frequently Asked Questions – The Wayback Machine, https://archive.org/about/
faqs.php#The_Wayback_Machine (last visited Aug. 26, 2017).
8
documents he wishes to submit were captured and preserved by the Internet Archive in 2004 and
2005 and publicly available on the Wayback Machine, and he had in his hands a copy of the
2008 handbook, with the website address listed on it, since at least the close of discovery in June
2016—nine months before the Court issued its decision on the parties’ summary judgment
motions. The fact that it did not strike Enslin to try using that website address to retrieve older
copies of the policies from the Wayback Machine until after the Court ruled against him does not
make this evidence “new.” See, e.g., Boldrini v. Wilson, 609 F. App’x 721, 724 (3d Cir. 2015)
(per curiam) (concluding that a document a plaintiff located after his claims were dismissed was
not new because “[h]e obtained the document merely by requesting it from the Pennsylvania
State Police, as was his right under Pennsylvania law”).
In any event, the versions of the handbook from 2004 and 2005 would not change the
result. In his motion, Enslin highlights various differences between the language of these later
versions of the handbook and the version from the 1990s, but none of these differences show that
Coca-Cola undertook the sort of broad contractual duty to protect his personal information that
Enslin believes it did.
First, he claims that the 2004 version of the handbook “makes clear that the document
applies to every [Coca-Cola] employee from the company’s directors, to its officers, and to its
employees.” Mem. Supp. Mot. 14. But so did the 1990s handbook. See Defs.’ Mot. Summ. J. Ex.
10, at 0017674, ECF No. 170-13 (“The values and responsibilities outlined in this handbook are
important to the Company and must be taken seriously by all of us.”). Regardless, which of the
company’s employees had obligations to the company under the handbook has nothing to do
with the nature of the obligations that the company may have had to him.
Next, Enslin cites to various obligations that the 2004 and 2005 handbooks imposed on
Coca-Cola’s employees. Enslin points out that the 2004 handbook provides that its senior
officers must “[a]ct in good faith, responsibly, [and] with due care, competence and diligence”
and “[r]espect the confidentiality of information acquired in the course of one’s work.” Mem.
Supp. Mot. Ex. D, at 8, ECF No. 194-6. The 2005 handbook states that every employee and
director is “required to adhere to the principles and examples contained in the Code” and must
“report what you believe, in good faith, to be violations of the Code committed by others.” Mem.
Supp. Mot. Ex. E, at 1, ECF No. 194-7. It also made clear that the company required “honest and
ethical conduct” from each of its employees, not “a narrow compliance with the minimum
standards imposed by law.” Id. at 5. He also points out that it made clear to each employee that
“[c]omputer hardware, software and data must be safeguarded from damage, alteration, theft,
fraudulent manipulation and unauthorized access” and that each employee “must adhere to
specific security measures and internal controls for each computer system to which you are
authorized access,” id. at 14, though those two provisions were also present verbatim in the
1990s handbook, and the Court discussed them in its previous opinion. See 2017 WL 1190979,
at *9. He also highlights the fact that the 2005 handbook directs employees to “refer to the
Company’s policies on the use of computers, e-mail, and other information systems,” id. at 14,
9
which he thinks is significant because it “expressly incorporates [the company’s] information
security policies into its [handbook],” but the Court had already assumed in its previous opinion
that the company’s employees were required to follow the company’s information security
policies. 7 See id. at *12. Finally, he points out that the 2005 handbook included “personal
information about employees” among the information that the company considered to be
confidential, but so did the 1990s handbook. See 2017 WL 1190979, at *9 (quoting from the
1990s handbook, which made reference to the “confidentiality of employee records” in
connection with the three express duties the company agreed to assume with respect to employee
records).
Enslin suggests that in light of all of these obligations the company imposed on its
employees in the 2004 and 2005 handbooks, these handbooks also “create[d] a duty for [the
company] to follow its information security policies.” Mem. Supp. Mot. 16. That simply repeats
the same error Enslin made at summary judgment: he is conflating duties that the company
imposed on its employees with obligations that the company owed to him. As the Court
explained at the time, the various rules and information security policies the company required
its employees to follow “are rules that employees were required to follow for the company’s
good—they were not put in place for the benefit of the employees.” 2017 WL 1190979, at *12.
Enslin’s argument to the contrary is not faithful to the text of the handbooks and
company policies or to contract law. As the Court explored at some length in its previous
opinion—and as Enslin repeats in his current briefing—his belief is that the “the company
assumed a duty to him to ensure that its employees complied with their obligations under the
[handbook and] . . . the detailed information technology policies that the company promulgated”
and that if they had been followed, the theft of the laptops could not have occurred. Id. In effect,
his theory is that he was the third-party beneficiary of every other employee’s promise to the
company to follow the company’s rules and policies, with the company agreeing to act as the
guarantor of those promises so that it could be sued for breach if its employees failed to follow
them.
Or, to put it another way, Enslin’s understanding would mean that each information
security policy the company promulgated constituted the terms of a contract the company had
with him to protect his personal information—with any lapse by any of the company’s
employees creating grounds for breach of contract. See Enslin’s Opp’n Summ. J. 28, 41 (arguing
that the laptops that were stolen should have been encrypted pursuant to the company’s “IPP and
Asset Management policies” and that the failure to do so in accordance with those policies meant
that Coca-Cola had breached its contract with him).
This sort of “sweeping contractual duty” cannot be found in the handbooks—whether the
1990s version or the 2004-05 versions—and cannot be implied. 2017 WL 1190979, at *12-14.
7
Not to mention that the reference in the 1990s handbook to all employees needing to “adhere to specific
security measures and internal controls for each computer system to which they are authorized access” effectively
incorporated the company’s information security policies into the handbook.
10
VI.
The Status of Enslin’s Claims against Defendant Rogers
There is one issue that remained after the Court granted summary judgment in CocaCola’s favor, and the Court takes this opportunity to address it.
When Enslin filed this suit, he named not only the various Coca-Cola entities as
defendants but also Thomas William Rogers, III, the rogue Coca-Cola employee who stole the
laptops from the company. Rogers never responded in any way to this suit, so early on in this
case, Enslin sought the entry of a default against him under Federal Rule of Civil Procedure
55(a). Coca-Cola had some reservations about that, because in Enslin’s complaint, he had
included a count titled “Conspiracy/Concert of Action,” which contained vague allegations about
a purported conspiracy that seemed to implicate all of the defendants to this suit:
[T]he Coke Defendants and their co-conspirators entered into an agreement and/or
otherwise engaged in a continuing conspiracy to misrepresent and/or omit the
truth, and defraud [Enslin] and the Class by causing [personally-identifiable
information] of [Enslin] and the Class to be unlawfully accessed, downloaded and
sold, and then hiding the true facts and delaying timely notification. . . . As a
direct and proximate result of the Coke Defendants’ conspiracy as alleged herein,
[Enslin] and the Class have been injured and damaged, and the Defendants are
jointly and severally liable for such injuries and damages.
Compl. ¶¶ 135, 138, ECF No. 1. The fact that Enslin claimed that “the Defendants [were] jointly
and severally liable”—after making clear in his complaint that when he used the term
“Defendants,” he meant it to refer to all of the defendants to the suit, see id. ¶ 28—caused CocaCola some concern that this Conspiracy/Concert of Action claim was seeking to hold it jointly
and severally liable for Rogers’ “alleged criminal conduct.” Letter from Coca-Cola, at 2, ECF
No. 22. While the entry of a default under Rule 55(a) is just a clerical task with no substantive
effect, Coca-Cola was concerned that Enslin would quickly proceed to seek a default judgment
against Rogers, which might put it at risk for liability under the Conspiracy/Concert of Action
claim. 8
As it turned out, the Conspiracy/Concert of Action claim ended up being dismissed with
prejudice at the pleadings stage, see Enslin, 136 F. Supp. 3d 654, 679-80 (E.D. Pa. 2015), but
even with the cloud of joint liability lifted from Coca-Cola, the “prudent course,” in the Court’s
view, was to hold off on further default proceedings against Rogers for the time being to avoid
the possibility of inconsistent judgments. See Mfrs. & Traders Tr. Co. v. Chalpin Dental Assocs.,
No. 10-7342, 2012 WL 1033862, at *10 (E.D. Pa. Mar. 28, 2012) (Pollak, J.). In a case like this
one, where a plaintiff’s claims against both defaulting and non-defaulting defendants all arise out
of the same series of events, there is the possibility that “at trial facts [could be] proved that
exonerate certain defendants and that as a matter of logic preclude the liability of another
8
According to Coca-Cola’s counsel, discussions they had with Enslin’s counsel also left them concerned that
Enslin might try to use the initial entry of default in some way to prejudice the company. See Letter from Coca-Cola,
at 2-3.
11
defendant, . . . even though it failed to participate in the proceeding.” Farzetta v. Turner &
Newall, Ltd., 797 F.2d 151, 154 (3d Cir. 1986). Accordingly, the Court entered a default against
Rogers under Rule 55(a), but signaled to the parties that it would refrain from entertaining a
motion for a default judgment while the case proceeded against Coca-Cola. See Order 1 n.4, ECF
No. 37.
The case proceeded in that posture all the way to summary judgment, with Rogers in
default and with Coca-Cola defending against Enslin’s claims. When the Court granted summary
judgment in Coca-Cola’s favor, it asked Enslin to provide the Court with a status report
addressing how he wished to proceed with his claims against Rogers now that his claims against
Coca-Cola had been resolved. Enslin confirmed that he still intended to seek a default judgment
against him, but then his status report took a different turn. Despite the fact that summary
judgment has been granted in Coca-Cola’s favor on all of Enslin’s claims—and that the
Conspiracy/Concert of Action claim had been dismissed with prejudice—Enslin states that he
intends to seek joint and several liability against Coca-Cola for Rogers’s conduct and that he
wants to certify a class to proceed against Coca-Cola under this vicarious liability theory. 9
There are two problems with this plan. The first is that the time to certify a class in this
case has long since passed. See Order ¶ 2(a), ECF No. 122. Enslin did timely file a motion for
class certification, but it was based solely on his claims that Coca-Cola was directly liable to him
for its own wrongdoing under theories of breach of contract and unjust enrichment—the only
claims left in the case at that time against Coca-Cola. See Mem. Supp. Class Certification 1, 2930, 38-39, ECF No. 125-1 (“This is a nationwide class action against the Coca-Cola Defendants
(or ‘Coke’) for breach of contract, unjust enrichment and, should this Court allow the requested
amendments to the Complaint, for statutory claims, 10 brought on behalf of current and former
employees of Coke in the United States who had their personal information compromised by
Coke’s loss of laptop computers, in breach of its promise of information security.”). That motion
was denied as moot once summary judgment was granted in Coca-Cola’s favor on those claims,
2017 WL 1190979, at *14, and Enslin’s request now to certify a class against Coca-Cola on a
theory of vicarious liability is an untimely attempt to seek a second bite at the class certification
apple.
The second and more fundamental problem with Enslin’s plan is that he never pleaded a
claim against Coca-Cola for vicarious liability. As mentioned, the only claim Enslin raised
against Coca-Cola that may have been seeking to hold it jointly liable for Rogers’s conduct was
the Conspiracy/Concert of Action claim that was dismissed at the pleadings stage. Nowhere in
his complaint does Enslin mention “vicarious liability” or “respondeat superior,” nor does he
make any allegations that would suggest to Coca-Cola that he was seeking to hold it vicariously
9
A copy of Enslin’s status report and Coca-Cola’s response to it are attached to the order that accompanies
this opinion.
10
The Court denied Enslin leave to amend to add those statutory claims against Coca-Cola on the twin
grounds of undue delay and futility. 2017 WL 1190979, at *15-16 & n.20.
12
liable for Rogers’s conduct. Much of the complaint in fact suggests the opposite. The complaint
defines two separate categories of defendants—the various Coca-Cola entities, on one hand,
which Enslin refers to as the “Coke Defendants,” and Rogers and other unnamed coconspirators
on the other, who Enslin refers to as the “Criminal Defendants”—and none of Enslin’s
allegations suggest that he believed that the “Coke Defendants” could be held vicariously liable
for the conduct of the “Criminal Defendants,” which, as Enslin points out in his complaint,
resulted in Rogers being arrested and charged with theft. Compl. ¶ 24.
Enslin’s failure to plead a claim of vicarious liability—or even plead any allegations that
would support it—is fatal to his attempt to raise it now. See, e.g., McLane, Graf, Raulerson &
Middleton, P.A. v. Rechberger, 280 F.3d 26, 38 (1st Cir. 2002) (affirming a district court’s
refusal to consider an “improvised respondeat superior claim” that was not included in the
complaint); Ferraro v. Humphrey, 2017 WL 1035896, at *5 (N.D. Ind. Mar. 17, 2017) (“The
Plaintiff’s Complaint does not plead a claim of vicarious liability . . . . The Plaintiff cannot now
assert a claim for vicarious liability . . . on summary judgment.”); Milo & Gabby, LLC v.
Amazon.com, Inc., No. 13-1932, 2015 WL 4394673, at *5 (W.D. Wash. July 16, 2015)
(“Plaintiffs have never raised this theory of vicarious liability in their Complaint, nor have they
alleged any facts in their Complaint providing notice to Defendant that they intended to advance
such a theory. . . . Accordingly, the Court will not consider Plaintiffs’ vicarious liability
arguments.”), aff’d, No. 16-1290, 2017 WL 2258605 (Fed. Cir. May 23, 2017). Leave to amend
would be required, and Enslin’s request to, in effect, reboot this case after summary judgment
has already been granted in Coca-Cola’s favor—after nearly three years of litigation—on a
theory of liability that he could have raised from the start is long past the point of undue delay.
See, e.g., Geiger v. McClurg Court Assocs., No. 86-4419, 1988 WL 26853, at *1 (N.D. Ill. Mar.
14, 1988) (“The present case had been on file for 16 months before the Court ruled on [the
defendant’s] motion for summary judgment. [The plaintiff] had that entire time in which to clean
up, fill out or otherwise amend her complaint to include a claim for respondeat superior. . . . Now
that [her] theory of liability has been rejected and judgment against her entered by the Court,
[she] seeks to amend her complaint . . . . [Her] post-judgment motions for reconsideration and for
leave to file an amended complaint are denied.”).
Nor can Enslin try to evade his failure to plead a claim of vicarious liability by obtaining
a default judgment against Rogers and executing it against Coca-Cola. In his status report, Enslin
stated that “it is [now] appropriate for a Default Judgment to be entered” and that he “intends to
execute the Judgment against [Coca-Cola],” but vicarious liability must be proven—it does not
automatically attach to an employer simply by virtue of the employment relationship. See Lunn
v. Boyd, 169 A.2d 103, 104 (Pa. 1961) (explaining that vicarious liability attaches only to acts
“done in the course of his employment, and within the general scope of [the employee’s]
authority”). So that would leave Enslin in the same place he is now: needing to plead and prove a
claim of vicarious liability against Coca-Cola that he never timely raised. See Padilla v. Easley,
No. 91-4525, 1993 WL 181458, at *2 (N.D. Ill. May 27, 1993) (rejecting a plaintiff’s attempt to
13
execute an employee’s default judgment against an employer through a post-judgment execution
proceeding because the default judgment did not suffice to establish the facts necessary to impute
liability to the employer); see also Boyd v. N.J. Dep’t of Corr., 583 F. App’x 30, 32 (3d Cir.
2014) (pointing out that a plaintiff had “cite[d] no authority for the . . . proposition that an
employer is liable for a default judgment against an employee”). 11
For these reasons, Enslin’s request for an opportunity to submit further briefing on the
certification of a class to proceed against Coca-Cola on a theory of vicarious liability is denied. If
he wishes, he may proceed with a motion for default judgment on his own behalf against Rogers,
the only remaining defendant, in accordance with the accompanying order.
11
Not only would a default judgment against Rogers not suffice to establish vicarious liability—as a matter of
estoppel, it likely would not even conclusively establish, as against Coca-Cola, Rogers’s underlying liability for any
of Enslin’s claims given that Enslin never put Coca-Cola on notice that he intended to hold it vicariously liable for
those claims. See Faughnan v. Big Apple Car Serv., 828 F. Supp. 155, 161 (E.D.N.Y. 1993) (rejecting the notion
that a plaintiff could “invoke a default judgment against an employee as preclusive proof of liability for negligence
against the employer”).
14
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
