Banks cannot be held liable for negligence when an employee steals the identity of a customer using the institution’s confidential information, Wells Fargo Bank attorney Robert R. Ambler Jr. told the Georgia Supreme Court Monday.

Ambler, a partner with Womble Carlyle Sandridge & Rice, was defending his client in such a case.

Wells Fargo is appealing a Georgia Court of Appeals ruling that a federal statute supports a negligence claim under state law, in a case where a bank teller in 2008 used her position to obtain information about a customer, stole his identity and used it to obtain $600,000 in credit.

Former Chief Justice Leah Ward Sears, partner at Schiff Hardin, is the bank’s co-counsel in the case and attended the arguments. She did not speak.

In the case at hand, a firefighter is suing the bank for unspecified damages for identity theft and subsequent damage to his credit, his lawyers said. The teller worked for Wachovia Bank, which subsequently was acquired by Wells Fargo.

R. David Humphreys of Tulsa, Okla., argued that the Court of Appeals found properly that his client Stephen Kale Jenkins has a negligence claim. He didn’t use his full time to rebut the bank’s argument but said that the bank clearly has a legal duty to protect his client’s information.

He said the other side was creating a "red herring" that the federal statute isn’t specific enough to create a legal claim in Georgia. The first time the specificity issue was raised was at the Supreme Court and the other side created "confusion," Humphreys said.

When there is no cause of action under Georgia law but a federal law has been violated, a claim of negligence can go forward because a legal duty was breached, the Court of Appeals said.

The applicable law in this case is the Gramm-Leach-Bliley Act, which provides for the regulation and protection of consumer information.

"The seminal question is, is there a duty," under Georgia law based on standards laid out in the Gramm-Leach-Bliley Act, Justice P. Harris Hines asked Ambler. "Everything grows from there."

"I do not believe there is a duty," replied Ambler. "A duty is not free flowing. It is a duty to conform to a standard of care."

The Gramm-Leach-Bliley provision at issue here "sets forth merely a policy. It doesn’t impose a duty," Ambler said.

Wells Fargo’s position is that the Court of Appeals erroneously provided a foundation for liability based on a law that isn’t specific enough and that courts have found the law doesn’t create a right of private action. The victim of identity theft contends the federal law creates a basis for a negligence case because state law gives plaintiffs the right to file claims based on an alleged breach of legal duty.

In the underlying case, Wachovia teller Kandace Caniece Waters mined the institution’s data for a former customer with a name similar to her husband, Stephen Jenkins, according to the Wells Fargo appellate brief. The teller found Stephen Kale Jenkins, who had been a customer of banks Wachovia had purchased. The teller and her husband used the customer’s identity and credit to make $600,000 of purchases. The couple went on a spending spree, buying jewelry, multiple vehicles and a trailer for the husband’s lawn business.

"It was like a child being let loose in a department store and saying you can have whatever you want," said James W. Kytle, co-counsel for Stephen Kale Jenkins. His client found out his identity had been stolen when he received a letter from a jeweler thanking him for a purchase he didn’t make, Kytle said.

The teller and her husband were found guilty of identity theft. She received three months probation from a Coweta Superior Court judge. Her husband served three years in state prison, according to Coweta Judicial Circuit Assistant District Attorney Raymond Mayer.

The victim, a firefighter and emergency technician, sued the bank in 2009 for breach of a confidential relationship and negligence, among other things. Wells Fargo removed the case to federal court and that court sent it back to state court. The Gwinnett County State Court threw out the case in a judgment on the pleadings, saying Wells Fargo wasn’t liable. The Court of Appeals reinstated the case on the negligence claim under O.C.G.A. § 51-1-6.

The federal statute imposed in this case "at best sets a general framework," Ambler said. The language relevant to this lawsuit is "a statement of policy."

"These are guidelines to assist regulators," he said.

Justice David Nahmias noted that "there are multipage standards" laid out for regulators in challenging Ambler’s argument that the act’s language is more than a set of guidelines.

Further, "there is a standard that says you must, shall have a system to protect against unauthorized access to information and the allegations in the complaint at least are that you didn’t," Nahmias said.

Justice Keith Blackwell weighed in at the end of the arguments, saying the act didn’t seem to provide definitive guidelines.

Blackwell read a portion of the appendix to the act containing instructions for financial institutions. "Each bank must consider whether their following security measures are appropriate for the bank and adopt the measures the bank concludes are appropriate," he read.

"So how can you say those are a definitive standard of conduct?" he asked, expressing doubt that the guidelines gave rise to a legal claim under Georgia law.

"I believe that the other obligations in that section are independent of that," meaning the rest of the act is perhaps more binding.

Hines posed the same question to him as he did to Ambler.

"Give me your best authority," Hines said.

"The real thrust of our state law claim is this statute,” O.C.G.A. § 51-1-6, Humphreys said.

Hines noted that both sides claimed that specific law was on their side.