79 Cal.App.5th 755
Cal. Ct. App.2022Background
- Plaintiffs Hector Casillas and Adela Gonzalez alleged investigators (Reynolds, Glover) at the direction of insurers (Berkshire, Cypress, Zenith) executed repeated directory-traversal attacks on HQSU’s client database over ~15 months and copied ~33,000 litigation files (including plaintiffs’ files).
- HQSU hosted password-protected litigation/in-take files accessible to counsel, staff, and clients; plaintiffs claimed the copied files contained private, medical, and privileged information.
- Plaintiffs originally sued in federal court (abandoned an invasion‑of‑privacy claim there), later filed a California trespass‑to‑chattels claim alleging injury to their property interests in the files and loss of privacy/confidentiality.
- At the demurrer stage the plaintiffs conceded respondents did not damage or disrupt the HQSU computer system, corrupt the files, or impair plaintiffs’ access to the files.
- The trial court sustained demurrers to the trespass‑to‑chattels claim (with leave to amend); plaintiffs declined to amend, stipulated to judgment, and appealed. The Court of Appeal affirmed.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether copying files from a third‑party server states trespass to chattels absent system damage or disruption | Copying the files invaded plaintiffs’ property interests in the files and their privacy/confidentiality; Intel is distinguishable because Intel did not involve file copying | Under Intel, trespass to chattels requires damage or impairment to the computer system; plaintiffs alleged no system damage or impairment | Demurrer sustained — trespass requires damage/disruption; absent such injury, claim fails |
| Whether unauthorized viewing/copying of files that remain intact and accessible can constitute actionable injury to the files/property interests | Loss of confidentiality/privacy and breach of privilege are actionable injuries to plaintiffs’ property interests in the files | Privacy/confidentiality and reputational harms are distinct non‑property injuries and cannot be recast as the required property injury for trespass | Held for defendants — privacy/confidentiality harms do not satisfy trespass‑to‑chattels injury element |
| Whether doctrines (e.g., merger) or federal cases (TransUnion, Ackerman, Synopsys) support treating privacy intrusions as property injury | Merger doctrine or cited federal decisions support treating the intrusion as a cognizable property injury | Merger doctrine does not convert privacy harms into an injury to property for trespass; cited federal authorities are distinguishable or address different legal issues | Held for defendants — merger and cited authorities do not establish trespass injury here |
Key Cases Cited
- Intel Corp. v. Hamidi, 30 Cal.4th 1342 (2003) (trespass‑to‑chattels requires injury to plaintiff’s personal property or legal interest therein; electronic communications that neither damage nor impair a computer system are not actionable as trespass)
- TransUnion LLC v. Ramirez, 141 S. Ct. 2190 (2021) (Supreme Court addressed Article III concrete injury in context of dissemination of defamatory credit‑report information; not a trespass‑to‑chattels decision)
- United States v. Ackerman, 831 F.3d 1292 (10th Cir. 2016) (discussed Fourth Amendment search issues; noted historical dignitary aspects of chattel protection but not controlling for modern trespass‑to‑chattels injury element)
- eBay, Inc. v. Bidder's Edge, 100 F. Supp. 2d 1058 (N.D. Cal. 2000) (robotic data collection cases can support injunctive relief where website system harm or impairment is shown)
- Register.com, Inc. v. Verio, 126 F. Supp. 2d 238 (S.D.N.Y. 2000) (similar treatment of automated data scraping where system harm threatened)
- Capitol Audio Access, Inc. v. Umemoto, 980 F. Supp. 2d 1154 (E.D. Cal. 2013) (applying Intel to dismiss trespass claim for unauthorized access to password‑protected database absent alleged system damage or disruption)
- Synopsys, Inc. v. Ubiquiti Networks, Inc., 313 F. Supp. 3d 1056 (N.D. Cal. 2018) (dismissing trespass claim where access did not impair system functioning and data‑use claims implicated statutory preemption)
- In re iPhone Application Litigation, 844 F. Supp. 2d 1040 (N.D. Cal. 2012) (privacy or data‑collection injuries insufficient to state trespass‑to‑chattels claim)