
    A09A2028.
    FINNERTY v. STATE BANK AND TRUST COMPANY.
    (687 SE2d 842)
   JOHNSON, Presiding Judge.

Donald Finnerty executed a promissory note payable to Security Bank of North Metro on August 15, 2007, in the principal amount of $1,160,000. Security Bank filed the present complaint on September 30, 2008, alleging Finnerty defaulted on the note. Finnerty counterclaimed for invasion of privacy and other damages associated with Security Bank’s inclusion of his social security number in an exhibit to the complaint. The trial court granted Security Bank’s motion for summary judgment and entered judgment against Finnerty.

There is no dispute that Finnerty defaulted on the note. Rather, Finnerty argues that the trial court erred in granting Security Bank’s motion for summary judgment on his counterclaims. Specifically, Finnerty asserts that Security Bank’s unauthorized disclosure of his social security number violated the Gramm-Leach-Bliley Act (“GLBA”), and gave him state law claims for negligence, negligence per se, invasion of privacy, attorney fees, and punitive damages. We find no error and affirm the trial court’s grant of summary judgment against Finnerty.

1. Finnerty’s argument ignores well settled Georgia law establishing that such invasion of privacy claims are barred because the pleadings filed in this case, including the exhibits, are privileged as a matter of law: “All charges, allegations, and averments contained in regular pleadings filed in a court of competent jurisdiction, which are pertinent and material to the relief sought, whether legally sufficient to obtain it or not, are privileged.” Exhibits attached to complaints are part of the pleadings. And the privilege is absolute, entirely freeing the party from any liability to the person injured by the words or the publication.

Finnerty suggests that his social security number was not “pertinent and material to the relief sought” as required by the statute in order to assert the absolute privilege. However, this argument misses the mark. Clearly, the note was “pertinent and material” to Security Bank’s lawsuit to collect damages after Finnerty defaulted on the note. While the better practice would have been to redact Finnerty’s social security number in the note, the fact remains that the note was pertinent and material to the case and was legitimately filed. In fact, the note was required to establish Security Bank’s claim. In addition, Finnerty’s argument ignores the fact that he voluntarily executed and delivered the note with his social security number contained therein. This was the primary document relied upon by Finnerty in obtaining his loan, and Finnerty should not now be allowed to claim an invasion of privacy when the note is introduced as an exhibit after his default.

2. Not only are Finnerty’s claims barred based on the privilege attached to the pleadings filed by Security Bank, but Finnerty’s claims also fail as a matter of law. It is well settled that no private right of action exists for an alleged violation of the GLBA. Thus, Finnerty’s counterclaim for damages pursuant to the GLBA fails as a matter of law. Nonetheless, because Finnerty based his state law claims of negligence, invasion of privacy, punitive damages, and attorney fees on the allegation that Security Bank’s conduct violated the GLBA, we must address whether a violation of the GLBA occurred. We find that it did not.

The GLBA provides that “[fit is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.” “Nonpublic personal information” is defined as “personally identifiable financial information — (i) provided by a consumer to a financial institution; (ii) resulting from any transaction with the consumer or any service performed for the consumer; or (iii) otherwise obtained by the financial institution.” The GLBA, however, lists exceptions to the rule against disclosing nonpublic personal information. It specifically permits financial institutions to disclose nonpublic personal information “as necessary to effect, administer, or enforce a transaction requested or authorized by the consumer.” The GLBA then defines “necessary to effect, administer, or enforce the transaction” to mean “the disclosure is required, or is one of the lawful or appropriate methods, to enforce the rights of the financial institution. . . .”

Since Security Bank disclosed the note that included Finnerty’s social security number to enforce its rights, no violation of the GLBA occurred. Consequently, Finnerty’s state law claims based on a violation of the GLBA must fail.

3. The state law claims also fail because there was no public disclosure of Finnerty’s social security number. Under Georgia law, in order to state a cause of action for invasion of privacy premised on the public disclosure of private facts, there must be a public disclosure in which the information is distributed to the public at large. Here, the unredacted information was filed in a case using electronic filing. Access to the electronic filing system used by the Fulton County State Court is limited to authorized users (including licensed attorneys and their staff, judges and their staff, court administrative staff, pro se litigants, and other public users such as media representatives). These users must register, are assigned a confidential login name and password to access the system, and may be charged fees to access and use the system. Public access terminals connected to the electronic filing system are located in the clerk’s office for individuals to access public files on the system free of charge.

While Georgia law has not yet determined whether such filing constitutes a public dissemination, bankruptcy courts have dealt with this issue, and we find their holdings persuasive. In cases where debtors have sought relief predicated on the disclosure of their unredacted social security numbers in the proofs of claims filed by creditors, bankruptcy courts have dismissed the cases for failing to state a claim, finding that the information was not disseminated to the public at large because an electronic filing system was utilized:

[W]hile the Claim was filed with this Court via the electronic filing system, such information is only available to parties who take affirmative actions to seek out the information. . . . For access to the Court’s electronic database, parties must be licensed to practice law and must register with the Court and obtain a login and password. As officers of the Court, that an attorney may have had access to this information does not pose a risk to the Debtor. . . . The final way to gain access to the bankruptcy file is to physically visit the Clerk’s Office and use the computers provided to the public there. While it would appear that public access is freely granted to case files, if sought out, the likelihood that any member of the public viewed the Debtor’s file is remote. The Clerk’s Office sees little foot traffic, very few members of the public access the Court’s electronic database in the Clerk’s Office. Further, the Debtor has not asserted or alleged that anyone actually sought out and viewed the Debtor’s personal information nor has she asserted that she suffered any damages as a result of the filing of the Claim. The Court therefore finds that the information was not in fact “publicized” and did not constitute an invasion of privacy.

We agree and adopt this rationale in the present case, especially in light of the fact that Finnerty has failed to allege that anyone actually viewed his social security number. Although we understand Finnerty’s concern that his social security number may have been disclosed, we also note that the case never went to trial, so it is unlikely that anyone outside the clerk’s office or the judge’s chambers ever saw the document at issue. The mere fact that all the documents filed in a case file are technically deemed “public records” does not satisfy the “publicity” element necessary to state a claim for invasion of privacy under Georgia law.

4. Moreover, Finnerty’s state law claims alleging that Security Bank’s action caused him injuries are wholly speculative. Even if Security Bank had a duty to redact Finnerty’s social security number, which we find it did not have, “[a] wrongdoer is not responsible for a consequence which is merely possible, according to occasional experience, but only for a consequence which is probable, according to ordinary and usual experience.” Here, Finnerty’s counterclaim alleges he “has suffered an increased risk of identity theft” and “non-authorized third parties have access to the otherwise confidential personal information disclosed by [Security Bank].” However, he has failed to demonstrate that the Bank’s purported unlawful disclosure made it “probable” that he would suffer any identity theft or that any specific persons actually have accessed his confidential personal information as a result of the purported unlawful disclosure. A fear of future damages is too speculative to form the basis for recovery.

5. Based on the foregoing, State Bank and Trust Company’s motion for a supersedeas bond is hereby deemed moot.

Judgment affirmed.

Ellington and Mikell, JJ., concur.

Decided November 3, 2009

Reconsideration denied December 11,2009

Schreeder, Wheeler & Flint, John A. Christy, Elizabeth L. Fite, for appellant.

Richard J. Dreger, Kenneth P. Robin, for appellee. 
      
       This Court granted State Bank and Trust Company’s motion to substitute itself as the appellee in the case after State Bank purchased the loan documents at issue in this case.
     
      
       15 USCS § 6801 et seq.
     
      
       OCGA § 51-5-8.
     
      
      
        Garner v. Roberts, 238 Ga. App. 738, 740 (2) (520 SE2d 255) (1999).
     
      
      
        O’Neal v. Home Town Bank of Villa Rica, 237 Ga. App. 325, 332 (8) (514 SE2d 669) (1999).
     
      
       See Dunmire v. Morgan Stanley DW, 475 F3d 956, 960 (8th Cir. 2007).
     
      
       15 USCS § 6801 (a).
     
      
       15 USCS § 6809 (4) (A).
     
      
       15 USCS § 6802 (e) (1).
     
      
       15 USCS § 6809 (7) (B).
     
      
       See Nelson v. Glynn-Brunswick Hosp. Auth., 257 Ga. App. 571, 578 (3) (571 SE2d 557) (2002); Peacock v. Retail Credit Co., 302 FSupp. 418, 423-424 (N.D. Ga. 1969) (applying Georgia law in granting defendant summary judgment on plaintiffs invasion of privacy claim premised on public disclosure of facts due to lack of “public” disclosure).
     
      
       See State Court of Fulton County’s Local E-Filing Rules, published online at www.georgiacourts.org/courts/fulton.
     
      
       (Citations and punctuation omitted.) In re Southhall, 2008 Bankr. LEXIS 3446 (II) (N.D. Ala. 2008); see also In re French, 401 BR 295, 317-319 (E) (E.D. Tenn. 2009).
     
      
      
        Dry Storage Corp. v. Piscopo, 249 Ga. App. 898, 900 (550 SE2d 419) (2001).
     
      
       See, e.g., In re Killian, 2009 Bankr. LEXIS 2030 (S.C. 2009) (being exposed to an increased risk of identity theft does not allege an injury that is to accrue in the future).
     