Playing Chicken with Claims for Unfair Trade Practices

The past year has seen several notable decisions concerning how choice-of-law regimes can affect the viability of a claim for violation of N.C. Gen. Stat. § 75-1.1.

Today’s post involves another case on this topic.

In Koch Foods, Inc. v. Pate Dawson Company, a federal district court assessed a claim for unfair trade practices by the seller of processed poultry against directors and officers of a distributor that bought the seller’s poultry.

This post studies the court’s meaty decision.

I’ll Buy, But Who’s Paying?

Koch sold processed poultry to Pate Dawson Company. Dawson, in turn, sold the poultry to restaurants. Its top customer was Bojangles.

When Dawson delivered the poultry to Bojangles, Bojangles would pay Dawson the cost of the poultry, plus the cost of shipping. Dawson would then pay Koch a portion of what Dawson received from Bojangles.

In September 2015, Bojangles ended its relationship with Dawson. That decision put Dawson in financial peril.

After Bojangles cut the cord, however, Dawson continued to order poultry from Koch. In the three months following the end of its relationship with Bojangles, Dawson placed 38 orders with Koch for products worth $3.6 million.

Dawson paid the first $106,000 of that amount, but no more.

Koch then sued Dawson and the company’s officers. Koch alleged that the officers never intended to pay for the $3.6 million in poultry. Koch’s claims included a claim for unfair and deceptive trade practices.

Koch settled its claims with Dawson, but not its claims with the officers. Koch and the officers each moved for summary judgment on the claim for unfair trade practices.

A Most Significant Inquiry into the Applicable Choice of Law

Koch filed the case in Mississippi federal court on diversity grounds, but no party is a Mississippi citizen. Koch has its principal place of business in Illinois. (Koch is the majority member of Koch Foods of Mississippi, LLC, which sold the poultry to Dawson.) The officers all live in North Carolina, which was also Dawson’s principal place of business.

The court’s first order of business was to discern what state’s law applies to the claim for unfair trade practices. To do that, the court turned to Mississippi’s conflict-of-law rules.

Before doing so, the court noted that an actual conflict exists between the laws of Mississippi and North Carolina on unfair trade practices. Each state has its own analogue of Section 5 of the FTC Act. Mississippi’s statute, however, applies only to consumer transactions, and not to business-to-business transactions.

For claims for unfair trade practices, Mississippi law applies the “most significant relationship” test. (Notably, two recent decisions in North Carolina—one from a federal district court, and one from the North Carolina Business Court—show that North Carolina’s choice-of-law regime is more likely to apply a different test, the lex loci test, to claims for unfair trade practices.)

Under the “most significant relationship” test, as it applies under Mississippi law, the court turned to the following four factors to discern which state’s law has the most significant relationship to the relevant conduct and the parties:

  1. the place where the injury occurred;
  1. the place where the conduct that caused the injury occurred;
  1. the domicile, residence, nationality, place of incorporation, and place of business of the parties; and
  1. the place where the relationship between the parties is centered.

The “most significant relationship” test then calls for the evaluation of these contacts in light of seven more choice-of-law considerations. These considerations include “the needs of the interstate and international systems” and “the protection of justified expectations.”

Having laid out these “guideposts”—some of which the court itself described as “nebulous”—the court placed the most weight on the second factor: the place where the conduct that caused the injury occurred. That conduct occurred in North Carolina. The court concluded that North Carolina’s interest in regulating the conduct within its borders outweighed any policy or interest of Mississippi.

Would the lex loci test have yielded the same result? It’s not clear. As the Business Court recently explained, the place that a plaintiff suffered its pecuniary loss is not necessarily where the plaintiff has its principal place of business.

A Dispute of Facts

Having concluded that the law on section 75-1.1 applies to Koch’s claims, the court reasoned that buying $3.6 million of a product without the means or intent to pay for it violates section 75-1.1.

In reaching this conclusion, the court effectively ruled that this conduct amounted to substantial aggravating circumstances. As the Business Court recently explained in Post v. Avita Drugs, deception in a contract’s formation is a “classic example of an aggravating circumstance.”

This conclusion, however, did not mean that the court granted offensive summary judgment in Koch’s favor. The parties had conflicting facts about whether Dawson actually lacked the means or intent to pay for the poultry products, and a jury must resolve that factual dispute.

Considerations for 75-1.1 Claims Concerning Multistate Conduct

Koch Foods is an instructive case for litigators and businesses involved in claims of unfair trade practices that cross state lines.

First, in litigation on unfair trade practices, the choice of forum matters. In Koch Foods, the viability of a claim for unfair trade practices required a forum in which section 75-1.1—because its reach is not limited to consumer transactions—would apply. Mississippi’s choice-of-law regime, which applies the “most significant relationship” test, led to that outcome.

Second, Koch Foods is another data point that emphasizes that the facts concerning contract formation can be a fertile area for proving “substantial aggravating circumstances.”

Finally, the court’s ultimate ruling—that a trial is needed to determine Dawson’s financial condition and intent during contract formation—underscores the role of the factfinder in section 75-1.1 litigation. Even though whether a set of facts actually violates section 75-1.1 is a legal question, each litigant must be ready to persuade a factfinder that its set of facts constitutes the truth.

Author: Stephen Feldman

Unfair and Deceptive Trade Practices Claims in Data-Breach Lawsuits

Section 5 of the Federal Trade Commission Act provides a powerful tool for the federal government to regulate companies’ data-security practices. Rather than adopt specific data-security standards, the FTC often uses Section 5’s flexible and open-ended concepts of unfairness and deception to bring enforcement actions against companies for data-security failures.    

The FTC treats these enforcement actions as a form of “common law” that tells other companies what data-security practices Section 5 requires.

While it gives the FTC broad authority, Section 5 lacks a private right of action. Does this absence preclude a plaintiff in a data-breach lawsuit from nonetheless relying on the data-security “common law” developed by the FTC under Section 5?

A recent decision from a federal court in the state of Washington explored this question. This post studies two aspects of that decision, named Veridian Credit Union v. Eddie Bauer:

  • Can the failure to employ data-security measures that the FTC says are required by Section 5 be treated as evidence of a defendant’s negligence?
  • Can a plaintiff assert an unfairness claim for treble damages under a state’s “Little FTC Act” based on a defendant’s failure to employ FTC-mandated data security measures?

A Cyberattack Compromises Point of Sale Systems

Veridian arose from a cyberattack on Eddie Bauer’s in-store point-of-sale systems. The attack compromised customers’ credit- and debit-card information. 

Veridian—a credit union whose cardholders shopped at affected stores and had their information stolen—sued Eddie Bauer for failing to prevent the breach. Eddie Bauer’s lax data security practices, Veridian alleged, caused it damages including the costs to cancel and reissue affected cards and to refund cardholders for unauthorized charges.

Veridian’s complaint asserted a common-law negligence claim. For the “duty” element of that claim, Veridian alleged that Section 5 required Eddie Bauer to use reasonable data-security measures. To that end, Veridian pointed to orders issued by the FTC against other companies for failing to secure payment-card data, and to the informal guidance contained in the FTC publication “Protecting Personal Information: A Guide for Business.”  

Veridian also asserted a claim under Washington’s Consumer Protection Act  (“CPA”). That statute, like Section 5, broadly prohibits unfair or deceptive acts and practices. It also allows courts to award treble damages to private plaintiffs. According to Veridian, Eddie Bauer’s failure to employ security measures that the FTC has said are required by Section 5 was also an “unfair” practice under the CPA.

Blaming the Victim?

Eddie Bauer moved to dismiss the claims. 

As to the negligence claim, Eddie Bauer argued that it owed Veridian no duty to secure its customers’ payment-card data. Section 5 could not be the source of any such duty, Eddie Bauer contended, because Congress didn’t intend for the statute to protect parties in Veridian’s position.

As for Veridian’s CPA claim, Eddie Bauer observed that “unfairness” requires a showing that a defendant’s conduct was “likely to cause substantial harm” that consumers could not reasonably avoid. The company then argued that being victimized by cyberattack did not satisfy this test, for two reasons: 

  1. the consumers suffered harm owing to the theft of payment-card information, not any failure by Eddie Bauer to properly secure that information; and
  1. the consumers could avoid any risks posed by the company’s data-security practices by paying with cash instead of credit cards.

The Court’s Decision

The court denied Eddie Bauer’s motion as to both claims.

The court agreed with Eddie Bauer that Veridian’s common-law negligence claim could not rest on a violation of Section 5. Under Washington law, the violation of a statute can be evidence of negligence—but only if the statute was intended to protect a class of persons that includes the plaintiff. In this case, Congress enacted Section 5 to protect a business’s consumers and competitors from unfair trade practices. Veridian was neither.

Despite this conclusion, the court allowed Veridian’s negligence claim to proceed. The reason? A different Washington state statute supplied the requisite duty. That statute requires a business to reimburse financial institutions for the cost to reissue payment cards if the business has failed to use reasonable care, and that failure causes a breach.

As to the CPA claim, the court rejected Eddie Bauer’s argument that being victimized by a data breach was not an “unfair” practice because the real harm to consumers flows from the acts of a malicious third party. 

The court first observed that the Washington legislature modeled the CPA on Section 5 and specifically intended the CPA to be interpreted in light of FTC orders.  Pointing to the FTC’s data-security cases against LabMD and Wyndham Hotels, Veridian had shown that the FTC had concluded that failing to properly secure payment-card data could be an unfair practice.

For this reason, Eddie Bauer should have foreseen that failing to secure payment-card data could substantially injure consumers. The fact that the attackers also caused the injury was immaterial: under Section 5 (and thus the CPA), an unfair practice need not be the only cause of the harm. 

The court also had sharp words for Eddie Bauer’s “the consumers could have used cash” argument. As the court pointed out, the use of credit and debit cards is “ubiquitous” in all types of commerce. And when deciding how to pay, customers would have no way of knowing that Eddie Bauer’s payment-card security measures were deficient. Because of these points, the court characterized the argument as “disingenuous.”

Avoiding Liability: Keep An Eye on the FTC

Veridian suggests that the FTC’s aggressive use of its unfairness authority under Section 5 to regulate data security may have another unexpected consequence for companies.  Private plaintiffs—including in business-to-business data-breach lawsuits—can look to the FTC’s enforcement actions to establish a claim under state laws that regulate unfair and deceptive trade practices.

The prospect of treble damages under these laws gives companies another reason to stay current on the FTC’s developing body of data security “common law.”

Author: Alex Pearce

Internal Business Disputes, Third Parties, and Section 75-1.1

The reach of N.C. Gen. Stat § 75-1.1 extends to conduct “in or affecting commerce.” Although this phrasing seems broad, courts interpreted it to exempt several types of conduct from the statute’s purview. 

One recognized exemption is for internal business disputes: that is, conduct among members of the same business.

A recent decision by the North Carolina Business Court addressed this important exemption. In Chisum v. Campagna, the plaintiff tried to sidestep the exemption by alleging that his section 75-1.1 claim involved not only owners of the same business, but also several third-party companies.

Did that allegation bring the claim within the statute’s ambit? This post examines the Court’s analysis and conclusion.

A membership dispute

Dennis Chisum was a commercial real estate developer in the Wilmington area. In the 1990s, he teamed up with fellow Wilmington developers, and father and son, Rocky and Rick Campagna. The three formed several LLCs to develop land in and around Wilmington.

Chisum alleged that, beginning in 2007, the Campagnas started a campaign to squeeze Chisum out of the LLCs. The campaign allegedly included “sham” capital calls, designed to dilute his interest in each company. According to Chisum, he never received notice of the capital calls, and the Campagnas also held member meetings without him. Through these capital calls and meetings, the Campagnas purported to cut Chisum’s ownership in each company in half.

Chisum further alleged that the Campagnas engaged in self-interested transactions, including (a) diverting opportunities to themselves or other entities they controlled, (b) selling the companies’ assets without Chisum’s knowledge or approval, and (c) failing to pay Chisum his proper share of the assets. 

Chisum’s complaint included a section 75-1.1 claim. The defendants moved to dismiss that claim.

Conduct does not become less “internal” to a business simply because the conduct benefits third parties

Judge Gregory P. McGuire granted the motion to dismiss. As his decision explains, Chisum’s section 75-1.1 claim concerned a dispute between owners of a business—and therefore fell beyond the statute’s reach.

Judge McGuire noted that the Campagnas’ allegedly wrongful conduct involved intracorporate actions. This conduct included the “sham” capital calls, a fraudulent attempt to amend an operating agreement, and the Campagnas’ conversion of Chisum’s membership interests. 

That alleged conduct, Judge McGuire explained, did not affect any other market participants; the conduct only affected the co-owners of the businesses. To confirm this conclusion, Judge McGuire cited White v. Thompson, 364 N.C. 47, 52, 691 S.E.2d 676, 679 (2010). In White, the Supreme Court held that section 75-1.1 does not regulate the “internal conduct of individuals within a single market participant,” which the court defined as a “single business.”

While the exemption clearly captured these allegations, Chisum’s other allegations required a deeper analysis. Chisum alleged that the Campagnas had diverted assets and opportunities away from the Chisum-associated LLCs and into other companies that the Campagnas controlled. Chisum argued that the exemption did not apply to these actions because the actions involved third parties—namely, companies that the Campagnas alone controlled.

Here, Judge McGuire drew a line: he reasoned that the mere involvement of a third party was not enough, and that the allegedly unfair or deceptive conduct must actually be directed toward the third party to affect commerce. 

Judge McGuire then applied that rule. Chisum alleged that the Campagnas directed the unfair conduct toward the Chisum-associated LLCs—and not toward any third-party companies. The conduct therefore constituted conduct internal to the businesses that Chisum owned with the Campagnas. Critically, the fact that third-party companies benefitted from the allegedly wrongful conduct did not, by itself, mean that the Campagnas directed their conduct toward those companies.

Overcoming the exemption

The exemption for internal business disputes often sounds the death knell for section 75-1.1 claims. The decision in Chisum adds another data point to this conclusion. As Chisum reveals, the exemption can apply even when internal conduct benefits a third party.

Author: Jeremy Falcone