Opinion
No. 1:08-cv-881.
August 31, 2009
OPINION AND ORDER GRANTING DEFENDANTS' MOTION TO DISMISS
This matter comes before the Court on Defendant Certegy Check Services, Inc. and Defendant Fidelity National Information Services, Inc.'s motion (Dkt. No. 12) to dismiss. Plaintiff Vinton filed a response. (Dkt. No. 21.) Defendants filed a reply. (Dkt. No. 26.) This Court has read the motion, briefs, and relevant legal authority. Oral argument is not necessary to resolve the disputed issues. See W.D. MICH. L.CIV.R. 7.2(d).
I. FACTS
The plaintiff, Dawn Marie Vinton ("Vinton"), chose to exclude herself from a class action settlement arising from the theft of her, and other customers', personal information by an employee of Defendants, Certegy Check Services, Inc. and its parent company, Fidelity National Information Services, Inc. (collectively, "Certegy"). (Compl. ¶ 2.) By opting out of the settlement, Vinton reserved her right to bring a suit against Certegy over the same privacy claims that were resolved in the settlement. (Compl. Ex. B at 1.)
Subsequently, Vinton instigated this suit against Certegy alleging that Certegy violated the privacy provisions of the Gramm-Leach-Bliley Act of 1999 ("GLBA") § 106-102, 15 U.S.C. § 6801. Certegy filed a Motion to Dismiss, alleging that Vinton's Complaint failed to state a claim upon which relief may be granted.
II. DISCUSSION
When deciding a motion to dismiss under Federal Rule of Civil Procedure 12(b)(6), a district court must construe the complaint in the light most favorable to the plaintiff, accept as true all of the factual allegations in the complaint, and draw all reasonable inferences in favor of the plaintiff. Directv, Inc. v. Treesh, 487 F.3d 471, 476 (6th Cir. 2007); Evans-Marshall v. Bd.of Educ. of Tripp City Exempted Vill. Sch. Dist., 428 F.3d 223, 228 (6th Cir. 2005). The defendant has the burden of establishing that the plaintiff has failed to state a claim upon which relief may be granted. Directv, Inc., 487 F.3d at 476. When considering whether to grant a 12(b)(6) motion, the court primarily considers the allegations in the complaint, but may also take into account items appearing in the record of the case and attached exhibits. Amini v. Oberlin College, 259 F.3d 493, 502 (6th Cir. 2001).
The United States Supreme Court recently held, in order to survive a 12(b)(6) motion, a complaint need only provide sufficient factual allegations to raise a right to relief above the speculative level, on the assumption that the factual allegations in the complaint are true. Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 127 S.Ct. 1955, 1964-1965 (2007). See also Erickson v. Pardus, 551 U.S. 89, 127 S.Ct. 2197, 2200 (2007) (per curiam) ("Specific facts are not necessary; the statement need only `give the defendant fair notice of what the . . . claim is an the grounds upon which it rests.'" (quoting Twombly, 127 S.Ct. at 1064 (quoting Conley v. Gibson, 355 U.S. 41, 47 (1957))). The Court also retired the "no set of facts" standard often quoted in 12(b)(6) motions. Id. at 1969 ("The phrase is best forgotten as an incomplete, negative gloss on an accepted pleading standard; once a claim has been stated adequately, it may be supported by showing any set of facts consistent with the allegations in the complaint.").
A. There is no private right of action under the Gramm-Leach-Bliley Act.
In her complaint, Vinton alleges that Certegy violated the privacy provisions of the GLBA. (Compl. ¶ 6.) But even when the facts outlined in her complaint are taken to be true, and all reasonable inferences drawn in favor of her, the Complaint still fails to state a claim upon which relief can be granted because the GLBA does not grant a private cause of action.
In general, "private rights of action to enforce federal law must be created by Congress." Alexander v. Sandoval, 532 U.S. 275, 286 (2001) (citing Touche Ross Co. v. Redington, 442 U.S. 560, 578 (1979)). The pertinent part of the GLBA states:
This subchapter and the regulations prescribed thereunder shall be enforced by the Federal functional regulators, the State insurance authorities, and the Federal Trade Commission with respect to financial institutions and other persons subject to their jurisdiction under applicable law. . . .15 U.S.C. § 6805(a). The Eighth Circuit Court of Appeals, a handful of Sixth Circuit district courts, and various other district courts have recognized that this language does not grant a private cause of action. See, e.g., Dunmire v. Morgan Stanley DW, Inc., 475 F.3d 956, 960 (8th Cir. 2007) ("[n]o private right of action exists for an alleged violation of the GLBA"); In re Lentz, 405 B.R. 893, 899 (N.D. Ohio 2009) ("courts have consistently held there is no private right of action created by Congress in the GLBA); In re French, 401 B.R. 295, 310 (E.D. Tenn. 2009) ("[b]y its very terms, the Gramm-Leach-Bliley Act does not provide a private right of action"). In Briggs v. Emporia State Bank, the District Court of Kansas asserted, "The fact that Congress expressly provided for one method of enforcing the GLBA suggests that Congress intended to preclude others." No. 05-2125-JWL, 2005 WL 2035038 at *2 (D. Kan. Aug. 23, 2005) (citing Alexander, 532 U.S. at 290) (emphasis added).
B. The federal bill upon which Vinton relies was never enacted into law, and additionally, the proposed changes would not have established a private right of action under the GLBA.
Vinton contests the case law's conclusion that the GLBA does not provide a private right of action by relying on the text of a bill, the Fair Consumer Data Security and Notification Act of 2005. (See Pl. Resp.; Fair Consumer Data Security and Notification Act of 2005, H.R. 3140, 109th Cong. § 3 (1st Sess. 2005)). This reliance is misplaced for two reasons: first, Vinton erroneously treats the bill as if it were a law, and second, even the bill's proposed amendments would not grant a private cause of action under the GLBA.
Article 1, Section 7 of the Constitution clearly describes the only processes by which a bill can become a law. U.S. Const, art. I, § 7. See United States v. Estate of Romani, 523 U.S. 517, 535-536 (1998). First, a bill may be passed by both the House of Representatives and the Senate then signed by the president. Id. Second, a bill can pass into law if, after an objection by the President, two thirds of the House of Representatives and two thirds of the Senate approve the bill upon reconsideration. Id. Finally, if a bill passes the House and the Senate, but is not returned by the President within ten days, the bill becomes a law. U.S. Const, art I, § 7. The bill at issue here, the Fair Consumer Data Security and Notification Act of 2005, was referred to the House Committee on Financial Services, but was never voted upon by the House or the Senate. The Library of Congress, THOMAS, http://thomas. loc.gov/cgi-bin/bdquery/z?d109:H.R.3140 (last visited July 8, 2009). Therefore, the bill never became a law, and Vinton cannot rely on it as such. See U.S. Const. art. I, § 7.
If the bill had been enacted into law, however, it would have amended the GLBA by adding a new section to the statute, entitled "Notification of Data Security Breaches." H.R. 3140, 109th Cong. § 3 (1st Sess. 2005). This proposed section would have established standards for agencies to require
in regulation, that a financial institution notify customers following the discovery of a breach of security of any data system maintained by the financial institution in which nonpublic personal information was, or is reasonably believed to have been, acquired by an unauthorized person.Id. The section goes on to explain the content of the regulations, recognize certain people who are to be treated as financial institutions under the section, and discuss the treatment of encrypted information. Id. The bill in no way would have modified the language of the GLBA that states it "shall be enforced by the Federal functional regulators, the State insurance authorities, and the Federal Trade Commission." 15 U.S.C. § 6805(a). As a result, Vinton's reliance upon the bill is misplaced, and ultimately does not help her form an argument to save her claim from dismissal.
III. CONCLUSION
Ultimately, Vinton fails to state a claim upon which relief can be granted in her Complaint. Even when assuming all factual allegations made in the complaint are completely true, the Court cannot grant Vinton any relief because the GLBA does not provide for a private right of action. See, e.g., Dunmire, 475 F.3d at 960. Accordingly, Defendants are entitled to dismissal of the action.