By Julie Zeveloff
Law360, New York (April 07, 2009) — Finding that a Gap Inc. job applicant failed to support a negligence claim in a putative class action accusing the retail giant and outsourcing company Vangent Inc. of losing 750,000 job applicants’ personal data, a federal judge has granted summary judgment in favor of Gap and Vangent.
Judge Samuel Conti of the U.S. District Court for the Northern District of California on Monday granted summary judgment in favor of Gap and Vangent on the remaining claims in the suit and denied lead plaintiff Joel Ruiz’s motion for class certification as moot.
The suit, filed in November 2007, accused Gap of negligence, bailment, and violations of California privacy and business law after two laptop computers containing applications for retail positions at Gap were stolen from Vangent, which processes the retailer’s job applications.
In March 2008, Judge Conti granted Gap’s motion for judgment on the pleadings as to Ruiz’s bailment, unfair business practices and right to privacy claims, but he maintained Ruiz’ negligence claim and an allegation that Gap’s online application system violated California Civil Code by requiring applicants to input their social security numbers.
In that order, Judge Conti also denied Gap’s motion to strike class allegations and dismissed Gap’s declaratory judgment counterclaim against Ruiz.
Ruiz added Vangent as a defendant and asserted a breach of contract claim against the outsourcing company on Feb. 9, and Gap and Vangent moved for summary judgment on the remaining claims on Feb. 13.
While Ruiz has standing to bring the suit based on an increased risk of identity theft, that risk “does not rise to the level of appreciable harm necessary to assert a negligence claim under California law,” Judge Conti said in Monday’s ruling.
Ruiz’s reliance on California-based future medical monitoring cases to support his negligence claim was misguided, because lost-data cases are not analogous to medical monitoring cases, and Ruiz did not present evidence sufficient to overcome the kind of evidentiary burdens that apply in medical monitoring cases, the judge found.
The court also rejected Ruiz’s argument that he should recover damages for money spent monitoring his credit after the information breach, finding that Gap offered affected applicants one year of free credit monitoring and fraud insurance, but Ruiz did not take advantage of that offer.
As to Ruiz’s claim under California Civil Code, Judge Conti found that while applicants must enter their social security numbers before submitting their applications, Gap and Vangent do not actually require applicants to use their social security numbers to access the job application Web site.
The court also found that Ruiz could not support his breach of contract claim, which accused Vangent of violating its employment screening services agreement with Gap by failing to preserve the security and confidentiality of applicants’ data through encryption.
“Because Ruiz has not been a victim of identity theft, he can present no evidence of appreciable and actual damage as a result of the theft of the two laptop computers,” Judge Conti said.
“We are very pleased with the outcome of this case,” a spokeswoman for Gap Inc. said. “We regret that this instance happened entirely, but we believe the court made the right decision.”
An attorney for Ruiz did not immediately respond to a request for comment Tuesday.
Ruiz is represented by Finkelstein Thompson LLP and Barnow and Associates PC.
Gap Inc. is represented by Morrison & Foerster LLP.
Vangent Inc. is represented by Zuckerman Spaeder LLP.
The case is Ruiz v. Gap Inc. et al., case number 07-cv-05739, in the U.S. District Court for the Northern District of California.