ENSLIN v. THE COCA-COLA COMPANY et al

Filing 209

MEMORANDUM/OPINION THAT PLAINTIFF'S MOTION FOR RECONSIDERATION OF SUMMARY JUDGMENT, ECF NO. 194, IS DENIED. SIGNED BY HONORABLE JOSEPH F. LEESON, JR ON 8/29/17. 8/30/17 ENTERED AND COPIES MAILED TO UNREP AND E-MAILED.(ky, )

Download PDF
UNITED STATES DISTRICT COURT EASTERN DISTRICT OF PENNSYLVANIA __________________________________________ SHANE K. ENSLIN, on behalf of himself and all others similarly situated, : : : Plaintiff, : v. : : THE COCA-COLA COMPANY; : COCA-COLA REFRESHMENTS USA, INC.; : KEYSTONE COCA-COLA AND BOTTLING : AND DISTRIBUTION CORPORATION; : KEYSTONE COCA-COLA BOTTLING CO.; : KEYSTONE COCA-COLA BOTTLING : COMPANY, INC.; : KEYSTONE COCA-COLA BOTTLING : CORPORATION; : THOMAS WILLIAM ROGERS, III; : DOE DEFENDANTS 1-50; : ABC CORPORATIONS 1-50; and : XYZ PARTNERSHIPS AND ASSOCIATIONS, : : Defendants. : __________________________________________ No. 2:14-cv-06476 OPINION Plaintiff’s Motion for Reconsideration of Summary Judgment, ECF No. 194 – Denied Joseph F. Leeson, Jr. United States District Judge I. August 29, 2017 Introduction Shane Enslin claims that he was the victim of identity theft, and he blames it on a theft of laptop computers from his former employer, Coca-Cola, 1 which were later found to have contained the personal information of him and other Coca-Cola employees. Enslin claims that the company promised him—either expressly or implicitly—that it would secure the personal information he provided about himself during the hiring process and that the company breached that promise. He brought this suit on behalf of himself and approximately 74,000 current and former Coca-Cola employees whose information was stored on those laptops. 1 For convenience of reference, the various Coca-Cola defendants will be referred to simply as “Coca-Cola,” except when distinctions between them are relevant. 1 In a previous opinion, the Court granted summary judgment in Coca-Cola’s favor after concluding that Coca-Cola owed him no general contractual duty to safeguard his personal information. 2017 WL 1190979 (E.D. Pa. Mar. 31, 2017). Enslin now moves for reconsideration of that decision, citing to a number of errors he believes the Court made. He also asks the Court to consider two new pieces of evidence he did not submit at summary judgment, which he claims did not come to light until after the Court had ruled against him. His motion is denied in both respects. II. Background The full background of this case can be found in the opinion granting summary judgment to Coca-Cola. 2017 WL 1190979. What follows is a brief overview of the case to provide context for Enslin’s motion for reconsideration. Enslin was employed by the Coca-Cola organization from 1996 to 2007. He was originally hired by an independent Coca-Cola bottler, which, in 2001, was acquired by an affiliate of the parent Coca-Cola Company called Coca-Cola Enterprises. As part of that acquisition, Enslin had to complete new employment paperwork, which required him to provide various pieces of personal information. He also received a company handbook, which Coca-Cola Enterprises called its “Code of Business Conduct.” During discovery, neither side was able to locate a copy of the handbook in effect at the time Enslin joined Coca-Cola Enterprises in 2001, but Coca-Cola did produce one from the 1990s, which Enslin believes to be substantially similar to the one he received in 2001. Enslin left the company in 2007. Five years later, Coca-Cola discovered that one of its information technology employees had been taking home old laptop computers that the company was no longer using. Once it learned of the theft, Coca-Cola attempted to recover all of the missing laptops, and “while it has ‘a very good feeling’ that it has been able to recover [them] all, it cannot say for sure.” 2017 WL 1190979, at *2. When it examined the laptops it was able to recover, the company discovered that some of them had been used by its human resources department and still contained bits and pieces of personal information from some of its current and former employees, including Enslin. Enslin claims that around that same time, he and his spouse were the victims of identity theft. He believes that the theft of the laptops was to blame. On behalf of himself and a putative class of current and former Coca-Cola employees, he brought this suit against Coca-Cola. His theory is that Coca-Cola contractually obligated itself to safeguard their personal information and did not hold up its end of the bargain. 2 At summary judgment, the Court concluded that CocaCola had made no such promise and therefore entered judgment in Coca-Cola’s favor. 2 His complaint also included numerous other claims under various theories of relief, but all but his contractual claims—and a derivative claim in restitution under the opportunistic breach theory—were dismissed at the pleadings. 2017 WL 1190979, at *2 n.3. 2 The Court first considered whether Coca-Cola had formed an express contract with him to safeguard his personal information. As a threshold matter, the Court agreed with Enslin that certain promises the company made in the “Code of Conduct”—the Coca-Cola Enterprises handbook—had the force of a legally binding contract. 2017 WL 1190979, at *8-11. But those promises that the company made stopped far short of assuming a general contractual duty to safeguard his personal data. The relevant provisions of the handbook were quite clear on this point. The company agreed to “safeguard the confidentiality of employee records” in three, specifically enumerated ways: it would “advis[e] employees of all personnel files maintained on them,” it would “collect[] only data related to the purpose for which the files were established,” and finally, it would “allow[] those authorized to use a file to do so only for legitimate Company purposes.” Id. at *8 (quoting from the handbook). Nothing more. Enslin relied heavily on the fact that other parts of the handbook (and various Coca-Cola information security policies) imposed many obligations on Coca-Cola employees with respect to the handling of sensitive information, and he argued that if the company had made sure that its employees had been following those policies to the letter, it would not have been possible for old laptops with sensitive information to be pilfered from the company. But the obligation to ensure that those policies were followed was an obligation the employees owed to the company, not the other way around. By promulgating detailed information security policies and requiring its employees to follow them, the company was not assuming a contractual obligation to ensure that those policies were followed by its employees for their benefit. Enslin then suggested that if an express promise to safeguard his information could not be found somewhere in the handbook or in the company’s other policies, a contract term to that effect could be implied. But having concluded that Coca-Cola’s obligations to its employees were clearly spelled out in those three specific promises it made in the handbook, there was no room to imply some other, additional duty. As the Court explained at the time, “[t]he law will not imply a different contract than that which the parties have expressly adopted,” so “[t]o imply covenants on matters specifically addressed in the contract itself would violate this doctrine.” Id. at *13 (quoting Hutchison v. Sunbeam Coal Corp., 519 A.2d 385, 388 (Pa. 1986)). Finally, Enslin contended that Coca-Cola should be viewed as having formed an implied contract with him to safeguard his personal information at the moment he handed over his employment paperwork. But that argument failed for essentially the same reason as his argument that the Court should imply a promise of that nature into the express terms of the handbook: once it was clear that the company’s duties in this area were clearly spelled out in a section of the handbook, there could be no implied contract to a different effect. Id. (“There cannot be an implied-in-fact contract if there is an express contract that covers the same subject matter.” (quoting Baer v. Chase, 392 F.3d 609, 616-17 (3d Cir. 2004))). Enslin’s implied contract argument also failed for a second, more fundamental reason. Contractual promises are not implied whenever one party thinks that it would be proper. The law implies a contract only when an interaction between two parties “can be explained only by the 3 understanding that they are acting contractually.” Id. So while contract law has no trouble implying a contract when the existence of a contract is “necessary to account for . . . relations found to have existed between the parties,” id. (quoting Hertzog v. Hertzog, 29 Pa. 465, 465 (1857)), a contract will not be implied simply because one party believes that it would have been prudent, or proper, or fair for a contract to exist. The question is whether, drawing from the experience of “the ordinary course of dealing and the common understanding of men,” the two sides “show[ed] a mutual intention to contract.” Id. (quoting Hertzog, 29 Pa. at 465)). Enslin may have believed that it was fair and proper for Coca-Cola to be contractually bound to safeguard the personal information that he turned over on his employment paperwork, but there is no “common understanding” that when a prospective employee fills out an employment application, the intent of both sides is that the employer has undertaken a general contractual duty to safeguard that information against unauthorized access and can be sued for breach if the employee believes that the employer did not do enough to protect it. See Longenecker-Wells v. Benecard Servs. Inc., 658 F. App’x 659, 662 (3d Cir. 2016) (“[The employees] have failed to plead any facts supporting their contention that an implied contract arose . . . other than that [their employer] required [their] personal information as a prerequisite to employment. This requirement alone did not create a contractual promise to safeguard that information . . . .”). 3 For those reasons, the Court concluded that there was no contract, express or implied, between Coca-Cola and Enslin that imposed a general contractual duty on Coca-Cola to safeguard his personal information. III. Standard of Review – Motion for Reconsideration “The purpose of a motion for reconsideration is to correct manifest errors of law or fact or to present newly discovered evidence.” Harsco Corp. v. Zlotnicki, 779 F.2d 906, 909 (3d Cir. 1985). It is not, however, to “be used to relitigate old matters, or to raise arguments or present evidence that could have been raised prior to the entry of judgment.” Exxon Shipping Co. v. Baker, 554 U.S. 471, 485 n.5 (2008) (quoting 11 Charles Alan Wright & Arthur R. Miller, Federal Practice and Procedure § 2801.1, at 127-28 (2d ed. 1995)). IV. The Court did not make any manifest errors of law. Enslin believes that the Court made two errors of law in its previous opinion. First, he contends that the Court neglected to determine, as a threshold matter, whether the language in the handbook, which laid out the scope of Coca-Cola’s duties to its employees with respect to their records, was ambiguous. He believes it is and that the Court should have therefore allowed 3 As the Court pointed out at the time, this is not to say that an employer has no obligations at all in that scenario. It may be quite possible to conclude that when an employer accepts information from a prospective employee, the employer is promising in return that will not actively “disclose that information to other people or use that information for non-business purposes.” 2017 WL 1190979, at *14. That more reasonable understanding of the relationship that exists between the two sides neatly tracks two of the three express promises that Coca-Cola made to its employees in the handbook—to “collect[] only data related to the purpose for which the files were established” and “allow[] those authorized to use a file to do so only for legitimate Company purposes.” 4 a jury to determine the meaning of that language as a question of fact (with the aid of extrinsic evidence) instead of construing the language itself as a question of law. Second, Enslin contends that the Court neglected to consider “the extent of [Coca-Cola’s] obligations under the covenant of good faith and fair dealing.” Mem. Supp. Mot. 11, ECF No. 194-1. Neither of these contentions has merit. A. The relevant language in the handbook was not ambiguous, and the Court made that clear in its previous opinion. Whether contractual language is ambiguous can have a significant impact on the outcome of a case because it has the effect of shifting the job of determining its meaning from the court, as a question of law, to a jury, as a question of fact. Kripp v. Kripp, 849 A.2d 1159, 1163 (Pa. 2004). It also opens the door to the admission of evidence extrinsic to the contract, which the parties can use to attempt “to explain or clarify or resolve the ambiguity.” Id. The task of declaring a contract to be either ambiguous or not ambiguous belongs to the court. Hutchinson, 519 A.2d at 390. “A contract is ambiguous if it is reasonably susceptible of different constructions and capable of being understood in more than one sense.” Kripp, 849 A.2d at 1163. The key is that the language will be declared ambiguous only if it is “reasonably susceptible” to multiple meanings—”reviewing courts will not ‘distort the meaning of the language or resort to a strained contrivance in order to find an ambiguity.’” Trizechahn Gateway LLC v. Titus, 976 A.2d 474, 483 (Pa. 2009) (quoting Madison Constr. Co. v. Harleysville Mut. Ins. Co., 735 A.2d 100, 106 (Pa. 1999)). In this case, there was no ambiguity in the relevant language from the handbook. The operative passage—a section in the handbook titled “Employee Records”—reads in full: The Company will safeguard the confidentiality of employee records by advising employees of all personnel files maintained on them, collecting only data related to the purpose for which the files were established and allowing those authorized to use a file to do so only for legitimate Company purposes. Employees will be allowed to inspect (and challenge for correction as necessary) information in their personnel files, other than confidential letters of recommendation, material relating to other employees, investigatory materials and audit material, unless otherwise provided under applicable law. The Company will comply with all applicable laws relating to employee records and personnel files. 2017 WL 1190979, at *8. This provision clearly confined the scope of Coca-Cola’s contractual obligations to three specific promises: to “advis[e] employees of all personnel files maintained on them,” “collect[] only data related to the purpose for which the files were established,” and “allow[] those authorized to use a file to do so only for legitimate Company purposes.” There is no ambiguity in this language, and, contrary to Enslin’s contention, the Court did not neglect to make that determination in its previous opinion. The Court pointed out numerous times that this language was clear and unambiguous, which is why the Court proceeded to construe it as a matter of law. See 2017 WL 1190979, at *12 (observing that this provision “carefully limits the 5 scope of the company’s responsibilities to these specific duties”); id. at *13 (characterizing this passage as “clear language”); id. (explaining that this passage “clearly laid out (and clearly limited)” Coca-Cola’s duties). The same is true of the other passage in the handbook that Enslin relied upon—the passage that imposed duties on the employees to protect the company’s information and follow its information security policies. It was equally clear that this passage imposed duties that flowed from the employees to the company, not duties that flowed from the company to the employees. See id. at *12 (“It is clear that this provision . . . pertains to duties that the employees owed to the company, not duties that the company owed to them.”). It is worth pointing out that Enslin’s current position—that the language of the handbook and other documents is ambiguous, and the Court erred by construing it as a matter of law— flatly contradicts the position he took at summary judgment. There he said in no uncertain terms that “the Court must construe and apply the plain meaning of the terms used [in those documents]” because Coca-Cola “d[id] not argue that there is any ambiguity in the language used in any of the operative documents.” Enslin’s Opp’n Summ. J. 9-10, ECF No. 180. In sum, the Court did not err by finding the contractual language in this case to be clear and construing that language as a matter of law. B. The Court did not neglect to consider the implied covenant of good faith and fair dealing. Enslin’s next contention is that the Court failed to consider “the extent of Coke’s obligations under the covenant of good faith and fair dealing.” Mem. Supp. Mot. 11 (emphasis added). The implied covenant of good faith and fair dealing, however, is not a sort of “secret repository” of unenumerated contract terms; 4 it simply stands for the proposition that contracts should be “analyzed . . . through a good faith lens.” Hanaway v. Parkesburg Grp., LP, ___ A.3d ___, 2017 WL 3600580, at *8 (Pa. Aug. 22, 2017); cf. 13 Pa. Cons. Stat. Ann. § 1304 (explaining, under the UCC, that “the doctrine of good faith merely directs a court towards interpreting contracts within the commercial context in which they are created, performed, and enforced”). Put another way, the covenant is the embodiment of the presumption that when two parties enter into a contract, they intend that each side will “act in good faith in the performance of contractual duties” Somers v. Somers, 613 A.2d 1211, 1213 (Pa. Super. Ct. 1992), and will not try to shirk those duties by performing them in a way that undercuts “the spirit of the bargain,” id. (quoting Restatement (Second) of Contracts § 205 cmt. d (Am. Law Inst. 1981)), or by engaging in other “[s]ubterfuges and evasions,” Restatement (Second) of Contracts § 205 cmt. d. So while the covenant imposes what is in effect an unwritten obligation to carry out contractual duties in good faith, “this obligation . . . is tied specifically to and is not separate from the duties [the] contract imposes on the parties.” Murphy v. Duquesne Univ. of the Holy Ghost, 777 A.2d 418, 434 n.11 (Pa. 2001). 4 TXO Prod. Corp. v. All. Res. Corp., 509 U.S. 443, 470 (1993) (Scalia, J., dissenting). 6 Enslin argues that by promising him in the handbook that it would “allow those authorized to use a [personnel] file to do so only for legitimate Company purposes,” the company must have also been promising, consistent with the implied covenant of good faith, that it would take measures to secure his personal information in a way that would have protected against the sort of theft that occurred here. That is not an attempt to read the handbook “through a good faith lens”—it is an attempt to impose a separate and distinct contractual obligation on Coca-Cola that is not in its text. As the Court explained in its previous opinion, when the company promised that “those authorized to use a [personnel] file [would] do so only for legitimate Company purposes,” it was promising that it would not “use that information for non-business purposes.” 2017 WL 1190979, at *14. As the Court pointed out at the time, it may be fair to say—even in the absence of an express promise—that when an employee hands over personal information, the employer has “an implied contractual duty not to directly, or affirmatively, turn over [that] confidential information to third parties” or otherwise make use of it a way that does not relate to the company’s legitimate business needs. Id. (quoting Longenecker-Wells v. BeneCard Servs., Inc., 2015 WL 5576753, at *7 (M.D. Pa. Sept. 22, 2015), aff’d, 658 F. App’x 659 (3d Cir. 2016)). That is the obligation that Coca-Cola assumed in the handbook. It relates to how Coca-Cola would use the information it collected—not how it would protect that information from theft or other unauthorized access—and invoking the implied covenant of good faith cannot rewrite this promise from one to the other. 5 It is true that the Court did not mention the implied covenant of good faith by name in its previous opinion. But that was because it was clear that Enslin’s theory was not that the company had tried to evade one of the three express obligations it assumed in the handbook; he was seeking to imply an obligation on Coca-Cola’s part that was not “tied specifically to . . . the duties [the] contract impose[d] on the parties.” Murphy, 777 A.2d at 434 n.11; see 2017 WL 1190979, at *12. 5 Perhaps, consistent with the covenant of good faith, Coca-Cola had an obligation to in some way define which of its employees would be authorized to use employee records and which were not; otherwise, the company could potentially avoid this obligation by not informing its employees who the authorized users were and then claim later, after an employee misused a record, that it was not at fault because that employee had never been “authorized” to use it—a sort of willful blindness. But, as was discussed in the Court’s previous opinion (and as will be discussed again later in this one), Enslin is not suggesting that the company made no attempt at all to define who was authorized to use its personnel records. Nor is he even suggesting that the company did not take reasonable measures to limit access to them. He made that clear at summary judgment when Coca-Cola confronted him with expert evidence that the company had in place industry-standard measures to protect its confidential information. See Enslin’s Opp’n Summ. J. 27 (“Whether Coke’s security practices were reasonable or not has no bearing on the issue of [whether it] breach[ed] [its contractual obligations].”). Rather, Enslin’s contention is that the company was contractually obligated to ensure that each of its employees followed each of the numerous information security policies the company promulgated. 2017 WL 1190979, at *12 (quoting Enslin’s brief, which contended that the company “did not hold up its end of the bargain by effectively implementing its information security policies”). 7 V. The “New” Evidence that Enslin has Presented As mentioned at the start of this opinion, during discovery, neither side was able to locate a copy of the Coca-Cola Enterprises handbook from 2001 to 2007, the years of Enslin’s employment. Instead, Enslin based his contract claims on the text of a handbook from the 1990s that Coca-Cola was able to locate (Coca-Cola also was able to locate a copy of the handbook from 2008, but Enslin did not use that version to support his claims). Because Enslin believed that the version from the 1990s was “substantially similar” to the one he was given in 2001—and because Coca-Cola had produced no evidence to the contrary—the Court was willing to assume, for the purposes of summary judgment, that this older handbook accurately captured the terms of their agreement. 2017 WL 1190979, at *8. But the Court cautioned that Enslin’s failure to produce a copy of the handbook in effect during his term of employment “could call into question [his] ability to prove [at trial] the terms of the contract he claims he had,” which, as the plaintiff, is his burden. Id. at *8 n.11. Ultimately, this issue was rendered moot because the Court concluded that even under the text of the 1990s handbook that Enslin was relying upon, CocaCola did not owe him the contractual duties he believed it did. Enslin claims that as he was “prepar[ing] . . . his appeal from this Court’s [summary judgment] ruling,” he happened to be looking over the 2008 version of the handbook that CocaCola produced when he noticed that the handbook had a web address printed on it, which employees could visit to see the most up-to-date version of the handbook. Mem. Supp. Mot. 5. It dawned on Enslin that he could try typing that web address into the “Wayback Machine”—a public database hosted by the Internet Archive, a nonprofit organization, that has the goal of “archiving the web.” 6 The Internet Archive employs software to “crawl” publicly available web pages and take snapshots of them in order to preserve webpages as they looked at different points in time. When Enslin entered the web address from the 2008 handbook into the Wayback Machine, he discovered that it had archived versions of the handbook as it had appeared in 2004 and 2005. Enslin believes that these versions of the handbook are more favorable to him than the 1990s version that he submitted at summary judgment, and he asks the Court to consider them now as “newly discovered evidence.” “[N]ewly discovered evidence,” it is true, is a valid ground for reconsideration of a previous decision. Harsco Corp. v. Zlotnicki, 779 F.2d 906, 909 (3d Cir. 1985). But “‘new evidence,’ for reconsideration purposes, does not refer to evidence that a party obtains or submits to the court after an adverse ruling.” Howard Hess Dental Labs. Inc. v. Dentsply Int’l, Inc., 602 F.3d 237, 252 (3d Cir. 2010). To qualify as “new,” it must be “evidence that a party could not earlier submit to the court because that evidence was not previously available.” Id. Enslin’s evidence does not qualify. He does not suggest that this evidence was not available to him until after the Court issued its decision, because that couldn’t be the case. The 6 Internet Archive, Frequently Asked Questions – The Wayback Machine, https://archive.org/about/ faqs.php#The_Wayback_Machine (last visited Aug. 26, 2017). 8 documents he wishes to submit were captured and preserved by the Internet Archive in 2004 and 2005 and publicly available on the Wayback Machine, and he had in his hands a copy of the 2008 handbook, with the website address listed on it, since at least the close of discovery in June 2016—nine months before the Court issued its decision on the parties’ summary judgment motions. The fact that it did not strike Enslin to try using that website address to retrieve older copies of the policies from the Wayback Machine until after the Court ruled against him does not make this evidence “new.” See, e.g., Boldrini v. Wilson, 609 F. App’x 721, 724 (3d Cir. 2015) (per curiam) (concluding that a document a plaintiff located after his claims were dismissed was not new because “[h]e obtained the document merely by requesting it from the Pennsylvania State Police, as was his right under Pennsylvania law”). In any event, the versions of the handbook from 2004 and 2005 would not change the result. In his motion, Enslin highlights various differences between the language of these later versions of the handbook and the version from the 1990s, but none of these differences show that Coca-Cola undertook the sort of broad contractual duty to protect his personal information that Enslin believes it did. First, he claims that the 2004 version of the handbook “makes clear that the document applies to every [Coca-Cola] employee from the company’s directors, to its officers, and to its employees.” Mem. Supp. Mot. 14. But so did the 1990s handbook. See Defs.’ Mot. Summ. J. Ex. 10, at 0017674, ECF No. 170-13 (“The values and responsibilities outlined in this handbook are important to the Company and must be taken seriously by all of us.”). Regardless, which of the company’s employees had obligations to the company under the handbook has nothing to do with the nature of the obligations that the company may have had to him. Next, Enslin cites to various obligations that the 2004 and 2005 handbooks imposed on Coca-Cola’s employees. Enslin points out that the 2004 handbook provides that its senior officers must “[a]ct in good faith, responsibly, [and] with due care, competence and diligence” and “[r]espect the confidentiality of information acquired in the course of one’s work.” Mem. Supp. Mot. Ex. D, at 8, ECF No. 194-6. The 2005 handbook states that every employee and director is “required to adhere to the principles and examples contained in the Code” and must “report what you believe, in good faith, to be violations of the Code committed by others.” Mem. Supp. Mot. Ex. E, at 1, ECF No. 194-7. It also made clear that the company required “honest and ethical conduct” from each of its employees, not “a narrow compliance with the minimum standards imposed by law.” Id. at 5. He also points out that it made clear to each employee that “[c]omputer hardware, software and data must be safeguarded from damage, alteration, theft, fraudulent manipulation and unauthorized access” and that each employee “must adhere to specific security measures and internal controls for each computer system to which you are authorized access,” id. at 14, though those two provisions were also present verbatim in the 1990s handbook, and the Court discussed them in its previous opinion. See 2017 WL 1190979, at *9. He also highlights the fact that the 2005 handbook directs employees to “refer to the Company’s policies on the use of computers, e-mail, and other information systems,” id. at 14, 9 which he thinks is significant because it “expressly incorporates [the company’s] information security policies into its [handbook],” but the Court had already assumed in its previous opinion that the company’s employees were required to follow the company’s information security policies. 7 See id. at *12. Finally, he points out that the 2005 handbook included “personal information about employees” among the information that the company considered to be confidential, but so did the 1990s handbook. See 2017 WL 1190979, at *9 (quoting from the 1990s handbook, which made reference to the “confidentiality of employee records” in connection with the three express duties the company agreed to assume with respect to employee records). Enslin suggests that in light of all of these obligations the company imposed on its employees in the 2004 and 2005 handbooks, these handbooks also “create[d] a duty for [the company] to follow its information security policies.” Mem. Supp. Mot. 16. That simply repeats the same error Enslin made at summary judgment: he is conflating duties that the company imposed on its employees with obligations that the company owed to him. As the Court explained at the time, the various rules and information security policies the company required its employees to follow “are rules that employees were required to follow for the company’s good—they were not put in place for the benefit of the employees.” 2017 WL 1190979, at *12. Enslin’s argument to the contrary is not faithful to the text of the handbooks and company policies or to contract law. As the Court explored at some length in its previous opinion—and as Enslin repeats in his current briefing—his belief is that the “the company assumed a duty to him to ensure that its employees complied with their obligations under the [handbook and] . . . the detailed information technology policies that the company promulgated” and that if they had been followed, the theft of the laptops could not have occurred. Id. In effect, his theory is that he was the third-party beneficiary of every other employee’s promise to the company to follow the company’s rules and policies, with the company agreeing to act as the guarantor of those promises so that it could be sued for breach if its employees failed to follow them. Or, to put it another way, Enslin’s understanding would mean that each information security policy the company promulgated constituted the terms of a contract the company had with him to protect his personal information—with any lapse by any of the company’s employees creating grounds for breach of contract. See Enslin’s Opp’n Summ. J. 28, 41 (arguing that the laptops that were stolen should have been encrypted pursuant to the company’s “IPP and Asset Management policies” and that the failure to do so in accordance with those policies meant that Coca-Cola had breached its contract with him). This sort of “sweeping contractual duty” cannot be found in the handbooks—whether the 1990s version or the 2004-05 versions—and cannot be implied. 2017 WL 1190979, at *12-14. 7 Not to mention that the reference in the 1990s handbook to all employees needing to “adhere to specific security measures and internal controls for each computer system to which they are authorized access” effectively incorporated the company’s information security policies into the handbook. 10 VI. The Status of Enslin’s Claims against Defendant Rogers There is one issue that remained after the Court granted summary judgment in CocaCola’s favor, and the Court takes this opportunity to address it. When Enslin filed this suit, he named not only the various Coca-Cola entities as defendants but also Thomas William Rogers, III, the rogue Coca-Cola employee who stole the laptops from the company. Rogers never responded in any way to this suit, so early on in this case, Enslin sought the entry of a default against him under Federal Rule of Civil Procedure 55(a). Coca-Cola had some reservations about that, because in Enslin’s complaint, he had included a count titled “Conspiracy/Concert of Action,” which contained vague allegations about a purported conspiracy that seemed to implicate all of the defendants to this suit: [T]he Coke Defendants and their co-conspirators entered into an agreement and/or otherwise engaged in a continuing conspiracy to misrepresent and/or omit the truth, and defraud [Enslin] and the Class by causing [personally-identifiable information] of [Enslin] and the Class to be unlawfully accessed, downloaded and sold, and then hiding the true facts and delaying timely notification. . . . As a direct and proximate result of the Coke Defendants’ conspiracy as alleged herein, [Enslin] and the Class have been injured and damaged, and the Defendants are jointly and severally liable for such injuries and damages. Compl. ¶¶ 135, 138, ECF No. 1. The fact that Enslin claimed that “the Defendants [were] jointly and severally liable”—after making clear in his complaint that when he used the term “Defendants,” he meant it to refer to all of the defendants to the suit, see id. ¶ 28—caused CocaCola some concern that this Conspiracy/Concert of Action claim was seeking to hold it jointly and severally liable for Rogers’ “alleged criminal conduct.” Letter from Coca-Cola, at 2, ECF No. 22. While the entry of a default under Rule 55(a) is just a clerical task with no substantive effect, Coca-Cola was concerned that Enslin would quickly proceed to seek a default judgment against Rogers, which might put it at risk for liability under the Conspiracy/Concert of Action claim. 8 As it turned out, the Conspiracy/Concert of Action claim ended up being dismissed with prejudice at the pleadings stage, see Enslin, 136 F. Supp. 3d 654, 679-80 (E.D. Pa. 2015), but even with the cloud of joint liability lifted from Coca-Cola, the “prudent course,” in the Court’s view, was to hold off on further default proceedings against Rogers for the time being to avoid the possibility of inconsistent judgments. See Mfrs. & Traders Tr. Co. v. Chalpin Dental Assocs., No. 10-7342, 2012 WL 1033862, at *10 (E.D. Pa. Mar. 28, 2012) (Pollak, J.). In a case like this one, where a plaintiff’s claims against both defaulting and non-defaulting defendants all arise out of the same series of events, there is the possibility that “at trial facts [could be] proved that exonerate certain defendants and that as a matter of logic preclude the liability of another 8 According to Coca-Cola’s counsel, discussions they had with Enslin’s counsel also left them concerned that Enslin might try to use the initial entry of default in some way to prejudice the company. See Letter from Coca-Cola, at 2-3. 11 defendant, . . . even though it failed to participate in the proceeding.” Farzetta v. Turner & Newall, Ltd., 797 F.2d 151, 154 (3d Cir. 1986). Accordingly, the Court entered a default against Rogers under Rule 55(a), but signaled to the parties that it would refrain from entertaining a motion for a default judgment while the case proceeded against Coca-Cola. See Order 1 n.4, ECF No. 37. The case proceeded in that posture all the way to summary judgment, with Rogers in default and with Coca-Cola defending against Enslin’s claims. When the Court granted summary judgment in Coca-Cola’s favor, it asked Enslin to provide the Court with a status report addressing how he wished to proceed with his claims against Rogers now that his claims against Coca-Cola had been resolved. Enslin confirmed that he still intended to seek a default judgment against him, but then his status report took a different turn. Despite the fact that summary judgment has been granted in Coca-Cola’s favor on all of Enslin’s claims—and that the Conspiracy/Concert of Action claim had been dismissed with prejudice—Enslin states that he intends to seek joint and several liability against Coca-Cola for Rogers’s conduct and that he wants to certify a class to proceed against Coca-Cola under this vicarious liability theory. 9 There are two problems with this plan. The first is that the time to certify a class in this case has long since passed. See Order ¶ 2(a), ECF No. 122. Enslin did timely file a motion for class certification, but it was based solely on his claims that Coca-Cola was directly liable to him for its own wrongdoing under theories of breach of contract and unjust enrichment—the only claims left in the case at that time against Coca-Cola. See Mem. Supp. Class Certification 1, 2930, 38-39, ECF No. 125-1 (“This is a nationwide class action against the Coca-Cola Defendants (or ‘Coke’) for breach of contract, unjust enrichment and, should this Court allow the requested amendments to the Complaint, for statutory claims, 10 brought on behalf of current and former employees of Coke in the United States who had their personal information compromised by Coke’s loss of laptop computers, in breach of its promise of information security.”). That motion was denied as moot once summary judgment was granted in Coca-Cola’s favor on those claims, 2017 WL 1190979, at *14, and Enslin’s request now to certify a class against Coca-Cola on a theory of vicarious liability is an untimely attempt to seek a second bite at the class certification apple. The second and more fundamental problem with Enslin’s plan is that he never pleaded a claim against Coca-Cola for vicarious liability. As mentioned, the only claim Enslin raised against Coca-Cola that may have been seeking to hold it jointly liable for Rogers’s conduct was the Conspiracy/Concert of Action claim that was dismissed at the pleadings stage. Nowhere in his complaint does Enslin mention “vicarious liability” or “respondeat superior,” nor does he make any allegations that would suggest to Coca-Cola that he was seeking to hold it vicariously 9 A copy of Enslin’s status report and Coca-Cola’s response to it are attached to the order that accompanies this opinion. 10 The Court denied Enslin leave to amend to add those statutory claims against Coca-Cola on the twin grounds of undue delay and futility. 2017 WL 1190979, at *15-16 & n.20. 12 liable for Rogers’s conduct. Much of the complaint in fact suggests the opposite. The complaint defines two separate categories of defendants—the various Coca-Cola entities, on one hand, which Enslin refers to as the “Coke Defendants,” and Rogers and other unnamed coconspirators on the other, who Enslin refers to as the “Criminal Defendants”—and none of Enslin’s allegations suggest that he believed that the “Coke Defendants” could be held vicariously liable for the conduct of the “Criminal Defendants,” which, as Enslin points out in his complaint, resulted in Rogers being arrested and charged with theft. Compl. ¶ 24. Enslin’s failure to plead a claim of vicarious liability—or even plead any allegations that would support it—is fatal to his attempt to raise it now. See, e.g., McLane, Graf, Raulerson & Middleton, P.A. v. Rechberger, 280 F.3d 26, 38 (1st Cir. 2002) (affirming a district court’s refusal to consider an “improvised respondeat superior claim” that was not included in the complaint); Ferraro v. Humphrey, 2017 WL 1035896, at *5 (N.D. Ind. Mar. 17, 2017) (“The Plaintiff’s Complaint does not plead a claim of vicarious liability . . . . The Plaintiff cannot now assert a claim for vicarious liability . . . on summary judgment.”); Milo & Gabby, LLC v. Amazon.com, Inc., No. 13-1932, 2015 WL 4394673, at *5 (W.D. Wash. July 16, 2015) (“Plaintiffs have never raised this theory of vicarious liability in their Complaint, nor have they alleged any facts in their Complaint providing notice to Defendant that they intended to advance such a theory. . . . Accordingly, the Court will not consider Plaintiffs’ vicarious liability arguments.”), aff’d, No. 16-1290, 2017 WL 2258605 (Fed. Cir. May 23, 2017). Leave to amend would be required, and Enslin’s request to, in effect, reboot this case after summary judgment has already been granted in Coca-Cola’s favor—after nearly three years of litigation—on a theory of liability that he could have raised from the start is long past the point of undue delay. See, e.g., Geiger v. McClurg Court Assocs., No. 86-4419, 1988 WL 26853, at *1 (N.D. Ill. Mar. 14, 1988) (“The present case had been on file for 16 months before the Court ruled on [the defendant’s] motion for summary judgment. [The plaintiff] had that entire time in which to clean up, fill out or otherwise amend her complaint to include a claim for respondeat superior. . . . Now that [her] theory of liability has been rejected and judgment against her entered by the Court, [she] seeks to amend her complaint . . . . [Her] post-judgment motions for reconsideration and for leave to file an amended complaint are denied.”). Nor can Enslin try to evade his failure to plead a claim of vicarious liability by obtaining a default judgment against Rogers and executing it against Coca-Cola. In his status report, Enslin stated that “it is [now] appropriate for a Default Judgment to be entered” and that he “intends to execute the Judgment against [Coca-Cola],” but vicarious liability must be proven—it does not automatically attach to an employer simply by virtue of the employment relationship. See Lunn v. Boyd, 169 A.2d 103, 104 (Pa. 1961) (explaining that vicarious liability attaches only to acts “done in the course of his employment, and within the general scope of [the employee’s] authority”). So that would leave Enslin in the same place he is now: needing to plead and prove a claim of vicarious liability against Coca-Cola that he never timely raised. See Padilla v. Easley, No. 91-4525, 1993 WL 181458, at *2 (N.D. Ill. May 27, 1993) (rejecting a plaintiff’s attempt to 13 execute an employee’s default judgment against an employer through a post-judgment execution proceeding because the default judgment did not suffice to establish the facts necessary to impute liability to the employer); see also Boyd v. N.J. Dep’t of Corr., 583 F. App’x 30, 32 (3d Cir. 2014) (pointing out that a plaintiff had “cite[d] no authority for the . . . proposition that an employer is liable for a default judgment against an employee”). 11 For these reasons, Enslin’s request for an opportunity to submit further briefing on the certification of a class to proceed against Coca-Cola on a theory of vicarious liability is denied. If he wishes, he may proceed with a motion for default judgment on his own behalf against Rogers, the only remaining defendant, in accordance with the accompanying order. 11 Not only would a default judgment against Rogers not suffice to establish vicarious liability—as a matter of estoppel, it likely would not even conclusively establish, as against Coca-Cola, Rogers’s underlying liability for any of Enslin’s claims given that Enslin never put Coca-Cola on notice that he intended to hold it vicariously liable for those claims. See Faughnan v. Big Apple Car Serv., 828 F. Supp. 155, 161 (E.D.N.Y. 1993) (rejecting the notion that a plaintiff could “invoke a default judgment against an employee as preclusive proof of liability for negligence against the employer”). 14

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?