Mallak v. Aitkin County et al
Filing
89
MEMORANDUM OPINION AND ORDER. 1. Defendant Hennepin County's Motion to Dismiss and/or for Summary Judgment and/or to Sever (Doc. No. 19 ) is GRANTED IN PART and DENIED IN PART as follows: a. Defendant Hennepin County's motion to dismiss (Doc. No. 19 ) is GRANTED, and Hennepin County is DISMISSED WITH PREJUDICE; and b. Defendant Hennepin County's motions for summary judgment and to sever (Doc. No. 19 ) are DENIED AS MOOT. 2. The City Defendants' Motion to Dismiss (Doc. No. 43 ) is GRANTED IN PART and DENIED IN PART as follows: a. Counts II, III and VI are DISMISSED WITH PREJUDICE in their entirety; b. Count I against the City of Crosslake, the City of Long Prairie, and the City of Pine River is DISMISSED WITH PR EJUDICE; andc. Count I against the City of Baxter, the City of Brainerd, the City of Fridley, the City of Little Falls, the City of Minneapolis, the City of St. Cloud and the City of Staples remains. 3. The County Defendants' Motion to Dismiss and/or for Summary Judgment (Doc. No. 49 ) is GRANTED IN PART and DENIED IN PART as follows: a. Counts II, III and VI are DISMISSED WITH PREJUDICE in their entirety; b. Count I against Scott County and St. Louis County is DISMISSED WITH PREJUDICE; and c. Count I against Aitkin County, Cass County, Crow Wing County, Morrison County, and Wright County remains. 4. Defendant Ramsey County's Motion to Dismiss or for Severance (Doc. No. 55 ) is GRANTED IN PART and DENIED IN PART as follows: a. Defendant Ramsey County's motion to dismiss (Doc. No. 55 ) is GRANTED, and Ramsey County is DISMISSED WITH PREJUDICE; and b. Defendant Ramsey County's motion for severance (Doc. No. 55 ) is DENIED AS MOOT. 5. The Commissioner Defendants ' Motion to Dismiss (Doc. No. 30 ) is GRANTED in its entirety, and the Commissioner Defendants are DISMISSED WITH PREJUDICE. 6. The parties shall contact the Magistrate Judges chamber to schedule a settlement conference to occur within sixty (60) days of the date of this Order. 7. Discovery at this stage should be limited to the issue of the permissibility of the relevant accesses. (Written Opinion). Signed by Judge Donovan W. Frank on 3/31/2014. (BJS)
<![CDATA[
UNITED STATES DISTRICT COURT
DISTRICT OF MINNESOTA
Brook Mallak,
Civil No. 13-2119 (DWF/LIB)
Plaintiff,
v.
MEMORANDUM
OPINION AND ORDER
Aitkin County; Anoka County; City of
Baxter; City of Brainerd; Cass County; City of
Crosslake; Crow Wing County; City of Fridley;
Hennepin County; City of Little Falls; City of
Long Prairie; City of Minneapolis; Morrison
County; City of Pine River; Ramsey County;
City of St. Cloud; Scott County; St. Louis
County; City of Staples; Wright County; Tinker
& Larson, Inc.; Michael Campion, acting in his
individual capacity as Commissioner of the
Minnesota Department of Public Safety;
Ramona Dohman, acting in her individual
capacity as Commissioner of the Minnesota
Department of Public Safety; John and Jane
Does (1 - 500) acting in their individual
capacity as supervisors, officers, deputies, staff,
investigators, employees or agents of the other
law-enforcement agencies or Tinker & Larson,
Inc.; Department of Public Safety Does (1-30)
acting in their individual capacity as officers,
supervisors, staff, employees, independent
contractors or agents of the Minnesota
Department of Public Safety; and Entity Does
(1-50) including cities, counties, municipalities,
and other entities sited in Minnesota and federal
departments and agencies,
Defendants.
Jonathan A. Strauss, Esq., Lorenz F. Fett, Jr., Esq., Mark H. Zitzewitz, Esq., Sonia L.
Miller-Van Oort, Esq., and Kenneth H. Fukuda, Esq., Sapientia Law Group, counsel for
Plaintiff.
Jon K. Iverson, Esq., Susan M. Tindal, Esq., and Stephanie A. Angolkar, Esq., Iverson,
Reuvers Condon, counsel for Defendants City of Baxter, City of Brainerd, City of
Crosslake, City of Fridley, City of Little Falls, City of Pine River, City of St. Cloud, City
of Staples, and City of Long Prairie.
Erin E. Benson, Esq., Margaret A. Skelton, Esq., and Timothy A. Sullivan, Esq., Ratwik,
Roszak & Maloney, PA, counsel for Defendants Cass County, Crow Wing County,
Morrison County, Scott County, Wright County, and Aitkin County.
Toni A. Beitz, Assistant County Attorney, Beth A. Stack, Assistant County Attorney, and
Daniel D. Koczor, Assistant County Attorney, Hennepin County Attorney’s Office,
counsel for Defendant Hennepin County.
Timothy S. Skarda, Assistant City Attorney, Minneapolis City Attorney’s Office, counsel
for Defendant City of Minneapolis.
Kimberly R. Parker, Assistant County Attorney, and Robert B. Roche, Assistant County
Attorney, Ramsey County Attorney’s Office, counsel for Defendant Ramsey County.
Leslie E. Beiers, Assistant County Attorney, and Nick D. Campanario, Assistant County
Attorney, St. Louis County Attorney’s Office, counsel for Defendant St. Louis County.
Oliver J. Larson, Assistant Attorney General, Minnesota Attorney General’s Office,
counsel for Defendants Michael Campion and Ramona Dohman.
INTRODUCTION
This matter is before the Court on the following motions: (1) Defendant Hennepin
County’s (“Hennepin County”) Motion to Dismiss and/or for Summary Judgment and/or
to Sever with respect to Plaintiff Brook Mallak’s (“Plaintiff”) Complaint relating
primarily to violations of the Driver’s Privacy Protection Act (“DPPA”) (Doc. No. 19);
2
(2) Defendants City of Baxter, City of Brainerd, City of Crosslake, City of Fridley, City
of Little Falls, City of Long Prairie, City of Pine River, City of St. Cloud, and City of
Staples’s (collectively, “City Defendants”) Motion to Dismiss (Doc. No. 43); (3)
Defendants Aitkin County, Cass County, Crow Wing County, Morrison County, Scott
County, and Wright County’s (collectively, “County Defendants”) Motion to Dismiss
and/or for Summary Judgment (Doc. No. 49); (4) Defendant Ramsey County’s (“Ramsey
County”) Motion to Dismiss or for Severance (Doc. No. 55); and (5) Defendants
Commissioner Ramona Dohman and Commissioner Michael Campion’s (collectively,
“Commissioner Defendants”) Motion to Dismiss (Doc. No. 30). 1 For the reasons set
forth below, the Court denies in part and grants in part the motions.
BACKGROUND
The Department of Vehicle Services (“DVS”) is a division of the Minnesota
Department of Public Safety (“DPS”). (Doc. No. 1, Compl. ¶ 53.) DPS maintains a
database that contains the motor-vehicle records for Minnesota Drivers (“DVS
Database”), which includes “names, dates of birth, driver’s license numbers, addresses,
driver’s license photos, weights, heights, social security numbers, various health and
disability information, and eye colors of Minnesota drivers.” (Id. ¶¶ 53-54.)
Plaintiff is a practicing attorney in Brainerd and Little Falls, Minnesota. (Id. ¶ 44.)
Plaintiff alleges she has “well established” and “long-standing ties within the
community.” (Id. ¶¶ 45-46, 51.) Plaintiff was a full-time public defender between 2003
1
Defendants Tinker & Larson, Inc. and Anoka County are no longer parties to this
suit. (Doc. Nos. 80 & 88.)
3
and 2008 in Crow Wing and Aitkin Counties, who represented adult criminal defendants,
juvenile delinquents, and parties in child welfare matters. (Id. ¶ 48.) Plaintiff has also
served on Crow Wing County Drug and DWI Courts and a number of steering
committees, has volunteered with high school students, and has taught as an adjunct
teacher at Bemidji State University. (Id. ¶ 52.)
Plaintiff requested an audit report from DPS in March 2013, at which time she
learned that her driver’s license information had been accessed by Minnesota municipal
and state personnel approximately 190 times between 2003 and 2012. (Id. ¶¶ 1-2, 55-76,
120-123 & Ex. A.) Plaintiff alleges that she provided the following to DPS: her address,
color photograph, social security number, date of birth, weight, height, and eye color.
(Id. ¶ 173.) Plaintiff alleges that each of these searches was run by her name, rather than
by her license plate number or driver’s license number. (Id. ¶ 3.) Plaintiff further alleges
that these accesses were done knowingly, and that she had committed no crimes that
would have justified any of the accesses identified in her Complaint. (Id. ¶¶ 77-78.)
Searches allegedly made by Defendants are summarized as follows:
Entity
Aitkin County
City of Baxter
City of Brainerd
Cass County
City of Crosslake
Crow Wing County
City of Fridley
Hennepin County
City of Little Falls
City of Long Prairie
City of Minneapolis
Morrison County
TOTAL number of accesses
5
4
7
5
2
81
2
1
22
1
1
1
4
Entity
City of Pine River
Ramsey County
Scott County
City of St. Cloud
St. Louis County
City of Staples
Wright County
TOTAL number of accesses
1
1
7
1
1
2
1
(Id. ¶¶ 56-76 & Ex. A.) Plaintiff alleges that it has been established by a report and
corresponding hearing of the Minnesota Office of the Legislative Auditor and magazine
articles that law enforcement in Minnesota misuses state databases. (Id. ¶¶ 141-44, 162.)
Plaintiff alleges that as a result of learning that her information had been viewed on these
occasions, she felt “victimized, nervous, angry, anxious, nauseated, and feared for her
safety when alone.” (Id. ¶ 124.)
Plaintiff brings her lawsuit against ten Minnesota counties and ten Minnesota
cities (including, City Defendants, County Defendants, Hennepin County, Ramsey
County and Anoka County). (Id. ¶¶ 12-32.) Plaintiff also brings suit against the
following: “Entity Does,” which are various unknown municipalities (id. ¶ 33); Jane and
John Does, who are law enforcement supervisors, officers, or employees of municipal
entities or other federal, state, county, or municipal entities in Minnesota (in their
individual capacities) (id. ¶ 35); Commissioner Michael Campion and Commissioner
Ramona Dohman, Commissioners of DPS (in their individual capacities) (id. ¶¶ 38-39);
and “DPS Does,” who are officers, supervisors, employees, independent contractors or
agents of the Minnesota Department of Public Safety (in their individual capacities) (id.
¶ 42).
5
With respect to the Commissioner Defendants, Plaintiff alleges that they directed
the creation of the DVS Database that includes the driver’s license records and also
directed its maintenance and updating. (Id. ¶¶ 80-81.) She also alleges that they
knowingly directed the provision of access to that database, that they should have known
the data was being accessed on multiple occasions, and that any unauthorized access
could have been prevented, but was not. (Id. ¶¶ 82-85.) Plaintiff alleges that, as a result,
the Commissioner Defendants “knowingly authorized, directed, ratified, approved,
acquiesced in, committed or participated in the disclosure of protected data.” (Id. ¶ 86;
see also id. ¶¶ 94-95.) Plaintiff alleges that the Commissioners failed to create effective
monitoring of the system and did not implement adequate training for the system. (Id.
¶¶ 99-100.) Finally, Plaintiff alleges that the Commissioner Defendants knew of
impermissible accesses by law enforcement officers, and knew law enforcement officers
were viewing private data contained in the database. (Id. ¶¶ 104-07.)
In her Complaint, Plaintiff asserts the following claims: (1) violation of the DPPA
against all Defendants; (2) violation of 42 U.S.C. § 1983 against individual Defendants
(excluding supervisors); (3) violation of 42 U.S.C. § 1983 against all City Defendants,
County Defendants, Entity Does and supervisors; (4) violation of 42 U.S.C. § 1983
against Commissioner Defendants and DPS Does; (5) violation of 42 U.S.C. § 1983
against Commissioner Dohman and seeking prospective relief; and (6) state law invasion
of privacy against all Defendants. (Id. ¶¶ 172-268.) Defendants now move to dismiss
based on the statute of limitations, failure to state a claim under the DPPA, failure to state
a claim under § 1983, and failure to state a claim for invasion of privacy.
6
DISCUSSION
I.
Legal Standard
In deciding a motion to dismiss pursuant to Rule 12(b)(6), a court assumes all
facts in the complaint to be true and construes all reasonable inferences from those facts
in the light most favorable to the complainant. Morton v. Becker, 793 F.2d 185, 187 (8th
Cir. 1986). In doing so, however, a court need not accept as true wholly conclusory
allegations, Hanten v. Sch. Dist. of Riverview Gardens, 183 F.3d 799, 805 (8th Cir.
1999), or legal conclusions drawn by the pleader from the facts alleged. Westcott v. City
of Omaha, 901 F.2d 1486, 1488 (8th Cir. 1990). A court may consider the complaint,
matters of public record, orders, materials embraced by the complaint, and exhibits
attached to the complaint in deciding a motion to dismiss under Rule 12(b)(6). Porous
Media Corp. v. Pall Corp., 186 F.3d 1077, 1079 (8th Cir. 1999).
To survive a motion to dismiss, a complaint must contain “enough facts to state a
claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544,
570 (2007). Although a complaint need not contain “detailed factual allegations,” it must
contain facts with enough specificity “to raise a right to relief above the speculative
level.” Id. at 555. As the United States Supreme Court recently reiterated, “[t]hreadbare
recitals of the elements of a cause of action, supported by mere conclusory statements,”
will not pass muster under Twombly. Ashcroft v. Iqbal, 556 U.S. 662, 663 (2009) (citing
Twombly, 550 U.S. at 555). In sum, this standard “calls for enough fact[s] to raise a
reasonable expectation that discovery will reveal evidence of [the claim].” Twombly, 550
U.S. at 556.
7
II.
The DPPA
A.
Background and Framework of the DPPA
The DPPA, 18 U.S.C. §§ 2721-2725, regulates the disclosure of personal
information contained in records accessible through state departments of motor vehicles
(“DMVs”). Maracich v. Spears, 133 S. Ct. 2191, 2195 (2013). Congress enacted the
DPPA in 1994 to address privacy concerns with respect to personal information
contained in motor vehicles records, including concerns relating to threatening or
criminal use of that information. See Gordon v. Softech Int’l, Inc., 726 F.3d 42, 45 (2d
Cir. 2013) (citing congressional record); Senne v. Vill. of Palatine, Ill., 695 F.3d 597, 607
(7th Cir. 2012) (same). Under the DPPA, a “State department of motor vehicles, and any
officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make
available to any person or entity . . . personal information . . . about any individual
obtained by the department in connection with a motor vehicle record” except as allowed
under 18 U.S.C. § 2721(b). 18 U.S.C. § 2721(a). It is also unlawful for “any person
knowingly to obtain or disclose personal information, from a motor vehicle record, for
any use not permitted under section 2721 (b) of this title.” 18 U.S.C. § 2722(a).
The DPPA defines “personal information” as “information that identifies an
individual,” and includes a person’s “photograph, social security number, driver
identification number, name, address (but not the 5-digit zip code), telephone number,
and medical or disability information . . . .” 18 U.S.C. § 2725(3). “Person” means “an
individual, organization or entity, but does not include a State or agency thereof[.]”
18 U.S.C. § 2725(2). The Attorney General can bring a claim against a State department
8
of motor vehicles with a “policy or practice of substantial noncompliance” and can seek
civil penalties. 18 U.S.C. § 2723(b).
There are multiple exceptions for which disclosure of driver’s license information
is permitted. See 18 U.S.C. § 2721(b)(1)-(14) (emphasis added). These exceptions
generally relate to various governmental and business purposes, such as “use by any
government agency, including any court or law enforcement agency, in carrying out its
functions,” as well as provisions relating to the resale and disclosure of information by
authorized recipients for permitted purposes. See 18 U.S.C. § 2721(b) & (c). The
exceptions are intended to be broadly applied. See Kost v. Hunt, Civ. No. 13-583,
2013 WL 6048921, at *12 (D. Minn. Nov. 15, 2013) (Ericksen, J.).
With respect to remedies, the DPPA provides for:
(1) actual damages, but not less than liquidated damages in the amount of
$2,500;
(2) punitive damages upon proof of willful or reckless disregard of the law;
(3) reasonable attorneys’ fees and other litigation costs reasonably incurred;
and
(4) such other preliminary and equitable relief as the court determines to be
appropriate.
18 U.S.C. § 2724(b). The DPPA also allows for criminal fines against an individual who
“knowingly violates this chapter[,]” 18 U.S.C. § 2723(a), as well as civil penalties for
noncompliance by a “State Department of Motor Vehicles.” 18 U.S.C. § 2723(b).
9
B.
Statute of Limitations
The DPPA does not include a statute of limitations provision. However, the
parties agree that the general four-year statute of limitations provided for by 28 U.S.C.
§ 1658(a) applies in this case. (See, e.g., Doc. No. 41, at 8; Doc. No. 46, at 18.)
However, the parties dispute when this four-year period began to run. Plaintiffs argue
that the “discovery rule” applies to DPPA claims and that the cause of action does not
begin to accrue until the plaintiff has “discovered” it. See Merck & Co. v. Reynolds, 559
U.S. 633, 644 (2010). In this case, application of the discovery rule would mean the
clock started running in March 2013 when Plaintiff requested and received an audit
report from DPS and, at that time, discovered that her records had been accessed.
(Compl. ¶¶ 120-23.) Defendants argue that the “standard rule” applies. (See, e.g., Doc.
No. 22, at 12-13.) Under the standard rule, “a claim accrues when the plaintiff has a
complete and present cause of action.” Gabelli v. S.E.C., 133 S. Ct. 1216, 1220 (2013)
(internal quotations and citations omitted). In this case, under the standard rule, the clock
would have started running at the time the records were actually accessed. See id.
As noted in Rasmusson v. Chisago County, neither the Supreme Court nor the
Eighth Circuit has addressed the issue of whether the discovery or standard rule should
apply in DPPA cases. Rasmusson v. Chisago Cnty., Civ. No. 12-632, 2014 WL 107067,
at *11 (D. Minn. Jan. 10, 2014) (Nelson, J.). However, a number of district courts in this
circuit and other circuits have held that the standard rule applies in DPPA cases, and
therefore a cause of action accrues at the time information is improperly accessed. Id.
at *12-14 (holding that a DPPA cause of action accrues at the time of an improper access
10
of information and that the discovery rule does not apply); see also Potocnik v. Anoka
Cnty., Civ. No. 13-1103, 2014 WL 683980, at *2 (D. Minn. Feb. 21, 2014) (Doty, J.)
(holding that the standard rule applies to claims under the DPPA); McDonough v. Al’s
Auto Sales, Inc., Civ. No. 13-1889, 2014 WL 683998, at *2 (D. Minn. Feb. 21, 2014)
(Doty, J.) (same); Bass v. Anoka Cnty., Civ. No. 13-860, 2014 WL 683969, at *2 (D.
Minn. Feb. 21, 2014) (Doty, J.) (same); Kost, 2013 WL 6048921, at *5-8 (same); Smythe
v. City of Onamia, Civ. No. 12-3149, 2013 WL 2443849, at *6 n.3 (D. Minn. June 5,
2013) (Montgomery, J.) (excluding an instance of record retrieval as “well outside the
statute of limitations” based on a four-year limit); see also, e.g., Haney v. Recall Ctr., 282
F.R.D. 436, 438 (W.D. Ark. 2012) (redefining the DPPA-related class to exclude class
members whose lookups occurred more than four years prior to the date of filing);
Roberts v. Source for Pub. Data, Civ. No. 08-4167, 2009 WL 3837502, at *7 (W.D. Mo.
Nov. 17, 2009) (excluding class members whose suits would be barred by the four-year
statute of limitations); Hurst v. State Farm Mut. Auto. Ins. Co., Civ. No. 10-1001, 2012
WL 426018, at *9 (D. Del. Feb. 9, 2012) (stating that the four-year statute of limitations
applies to DPPA cases).
Moreover, in so holding, decisions in this district have thoroughly analyzed the
relevant case law, the text and structure of the relevant statute of limitations, the nature of
DPPA claims, and legislative history in coming to their decisions. See, e.g., Rasmusson,
2014 WL 107067, at *11-14 (holding that the standard rule applies in light of case
11
precedent, 2 the text and structure of § 1658, 3 and the nature of the substantive area
covered by the DPPA); see also Kost, 2013 WL 6048921, at *5-9 (same). The Court
finds these cases to be persuasive and adopts their analyses. The Court additionally
addresses two issues brought by Plaintiff below.
2
Plaintiff argues that where a statute is silent as to whether the discovery or
standard rule applies, courts apply the discovery rule. (See Doc. No. 41, at 8.) However,
the discovery rule does not apply automatically. See Gabelli, 133 S. Ct. at 1220-21 (the
discovery rule is an exception that is standard in fraud cases); Gross v. Max,
906 F. Supp. 2d 802, 810-11 (N.D. Ind. 2012) (for § 1658 and other federal statutes: “the
discovery rule does not automatically apply to every federal statute; “whether the
discovery rule applies in any given case depends on the particular language of the statute
of limitations at issue and the type of injury the plaintiff has suffered”; and “some types
of injuries—fraud, concealment, latent disease, and medical malpractice—simply ‘cry
out’ for the application of the discovery rule.”); TRW Inc. v. Andrews, 534 U.S. 19, 20
(2001) (“[E]quity tolls the statute of limitations in cases of fraud or concealment, but
does not establish a general presumption across all contexts.”); Kost, 2013 WL 6048921,
at *6 (“Gabelli should be read as seriously undermining, if not rendering obsolete, earlier
statements by the lower courts that the discovery rule operates as a default” and holding
the discovery rule does not apply for DPPA claims).
3
In Rasmusson, the court held that in the case of DPPA claims, the structure and
text of § 1658 show that Congress implicitly excluded the discovery rule, and thus any
presumption that the discovery rule applies fails. Rasmusson, 2014 WL 107067,
at *12-13. Specifically, § 1658 includes a section with a general statute of limitations
and a section that references the discovery rule for claims involving only “fraud, deceit,
manipulation, or contrivance in contravention of a regulatory requirement.” Id. This
demonstrates Congress’s implied intent to exclude the discovery rule for claims under the
general statute of limitations provision. Id.; see also TRW, 534 U.S. at 27-82 (holding
that Congress implicitly excluded a general discovery rule for the Fair Credit Reporting
Act, which has a two-year limitations period and also includes an exception to apply the
discovery rule where “a defendant has materially and willfully misrepresented any
information.”). Moreover, § 1658’s provision relating to the discovery rule was added in
2002 without any changes to the rest of the statute, which also supports the view that
Congress considered the discovery rule and chose not to include it in the subsection for
general claims. Rasmusson, 2014 WL 107067, at *13.
12
Plaintiff argues that 28 U.S.C. § 1658 does not implicitly 4 exclude the discovery
rule because it includes the term “accrues,” which Plaintiff contends is the same as
silence on the issue of the discovery rule. (See, e.g., Doc. No. 41, at 12-13.) The Court
disagrees. The Supreme Court has expressly held that “in common parlance a right
accrues when it comes into existence.” U.S. v. Lindsay, 346 U.S. 568, 569 (1954); see
also Gabelli, 133 S. Ct. at 1220 (citing Lindsay, 346 U.S. at 569) (construing “accrue”
with respect to claims under the residential Lead-Based Paint Hazard Reduction Act to
mean when a right comes into existence); BLACK’S LAW DICTIONARY (7th ed.) (“accrue”
means “[t]o come into existence as an enforceable claim or right; to arise”). Thus,
“accrues” is not silent, as Plaintiff contends, but instead indicates the use of the standard
rule.
Plaintiff also argues that this is the type of case that compels application of the
discovery rule in the interest of fairness. However, this case is not a case that “cries out”
for the discovery rule, such as a case relating to fraud, concealment, latent injury, or
certain medical malpractice scenarios. See Gabelli, 133 S. Ct. at 1217 (the discovery rule
applies “where a defendant’s deceptive conduct may prevent a plaintiff from even
knowing that he or she has been defrauded”) (emphasis in original); Gross, 906
F. Supp. 2d at 810-11 (the discovery rule can be applicable where the injury is “unknown
and inherently unknowable,” such as in the medical malpractice or product liability
context; the injury is not just difficult to discover, but is “nearly impossible” to discover).
4
See supra note 3 (regarding § 1658’s implicit exclusion of the discovery rule).
13
Here, while Plaintiff alleges that Defendants exercised “secrecy” and that Plaintiff
could not have known about her injury, this is the extent of Plaintiff’s allegations. These
allegations do not constitute specific facts regarding fraud, concealment or latent injury
and do not rise to the level of being “inherently unknowable.” See, e.g., Rasmusson,
2014 WL 107067, at *13 (no deceptive conduct or concealment was alleged). Here,
Plaintiff could have contacted DVS at any time, and thus could have learned of any
lookups of her driver’s license information. If the information regarding the lookups can
be accessed at any time, it is incapable of being concealed or “secret.” Merely being
unknown is insufficient, the information must also be unknowable. Gross, 906 F. Supp.
2d at 810-11. While it is not necessarily easy or “fair” for Plaintiff to have to inquire as
to Defendants’ accesses of her records, the fact remains that Plaintiff was capable of
obtaining that information and of knowing of her alleged injury.
Considering the DPPA-related cases that have declined to apply the discovery
rule, their detailed reasoning, and the additional reasons set forth above, the Court agrees
that the standard rule applies to the statute of limitations in the context of DPPA cases.
As a result, claims related to accesses before August 5, 2009, are properly dismissed as
follows:
1.
Plaintiff’s DPPA claim against Hennepin County for the
single lookup in 2006.
2.
Plaintiff’s DPPA claim against Ramsey County for the single
lookup in 2006.
3.
Twenty-five of the forty-two alleged accesses by City
Defendants Baxter, Brainerd, Crosslake, Fridley, Little Falls, Long Prairie,
Pine River, St. Cloud, and Staples, specifically:
14
a.
Baxter (2 lookups);
b.
Brainerd (3 lookups);
c.
Crosslake (2 lookups) (this constitutes all
lookups by this Defendant, and therefore Plaintiff’s DPPA
claim against the City of Crosslake is dismissed in its
entirety);
d.
Fridley (1 lookup);
e.
Little Falls (15 lookups);
f.
Long Prairie (1 lookup) (this constitutes all
lookups by this Defendant, and therefore Plaintiff’s DPPA
claim against the City of Long Prairie is dismissed in its
entirety); and
g.
Pine River (1 lookup) (this constitutes all
lookups by this Defendant, and therefore Plaintiff’s DPPA
claim against the City of Pine River is dismissed in its
entirety).
4.
Fifty-two of the 100 alleged accesses by County Defendants
Aitkin, Cass, Crow Wing, Scott, and Wright, specifically:
a.
Aitkin (2 lookups);
b.
Cass (1 lookup);
c.
Crow Wing (42 lookups); and
d.
Scott (7 lookups) (this constitutes all lookups
by this Defendant, and therefore Plaintiff’s DPPA claim
against Scott County is dismissed in its entirety).
C.
DPPA Claims Generally
To state a claim under the DPPA, a plaintiff must allege that: (1) a defendant
knowingly obtained, disclosed or used personal information; (2) from a motor vehicle
record; (3) for a purpose not permitted. 18 U.S.C. § 2724(a); Taylor v. Acxion Corp., 612
15
F.3d 325, 335 (5th Cir. 2010). It is the plaintiff’s burden to prove these three elements.
Smythe, 2013 WL 2443849, at *4 (citing rulings from the Eleventh, Fourth, and Ninth
Circuits on this issue).
Defendants 5 argue that Plaintiff has failed to state claims under the DPPA because
Plaintiff has only alleged that the driver’s license data was “viewed,” which fails to
constitute a violation under the statute. Specifically, Defendants argue that “accessing”
or “viewing” information does not constitute “obtaining,” “disclosing,” or “using”
information as required under the DPPA. Plaintiff argues that any release of driver’s
license record information that is not for a “permissible purpose” provides a valid basis
for a claim.
First, as other courts have done, this Court looks to the definition of the term
“obtain.” As noted in Kost, the dictionary definition of the term “obtain” reflects a
process of acquisition or possession. 2013 WL 6048921, at *10 (citing
Merriam-Webster’s Collegiate Dictionary (10th ed. 2001) (“to gain or attain”), and
Shorter Oxford English Dictionary (6th ed. 2007) (“come into the possession or
enjoyment of; secure or gain as the result of request or effort, acquire, get”)). Based on
these definitions, what actually qualifies as “obtaining” depends on the specific
circumstances and allegations involved. See Kost, 2013 WL 6048921, at *10 (discussing
instances where data could be considered “obtained”). Thus, whether an individual
“obtained” information involves a fact-specific analysis.
5
Each Defendant incorporates the arguments of all other Defendants; therefore the
Court will address each argument with respect to all Defendants.
16
Additionally, based on these definitions and the nature of the data at issue,
physical possession is not required for “obtainment.” 6 As stated by another court in this
district, “information itself is not tangible so the Court sees no reason why its possession
or acquisition would need to be.” Nelson v. Jesson, Civ. No. 13-340, 2013 WL 5888235,
at *2 (D. Minn. Nov. 1, 2013). For example, in the case of a driver’s record, a person
could view an address or social security number, remember that information, and then
use that information for the very purposes the DPPA seeks to address, such as stalking or
identity theft. In such a case, the data would not have been printed or written down, but
would have been obtained. By viewing an address or other information someone “could
use or transmit [the information] to others, even though he did not possess the
information in any physical sense. This potential for misuse or dissemination of personal
information is precisely what the statute intends to constrain.” Id. at *3. Even
considering the City Defendants’ claims that a deprivation must occur to meet the
statutory elements of a DPPA claim, here, the viewing of otherwise private data does
“deprive” an individual of, or cause the individual to “part with,” his or her information
and the privacy of that information—privacy the individual would have expected and can
never have back.
6
The cases and similar statutes cited by Defendants on this issue do not conflict
with this view of “obtaining.” For example, Ramsey County claims that if Congress had
wanted to create liability for “accessing” or “viewing” data, it could have done so
explicitly, as it did in the areas of cybercrime, child pornography, and income tax return
privacy. (Doc. No. 57, at 12) (citing 18 U.S.C. § 2252A(a)(5)(a) (which makes it a crime
to knowingly access with intent to view child pornography), and 26 U.S.C. § 7431(a)(1)
and (2) (which create a civil cause of action against one who inspects or discloses tax
return information)).
17
Moreover, Congress’s failure to define “obtain” does not render the term
ambiguous under Gregory. Gregory v. Ashcroft, 501 U.S. 452, 460-64 (1991) (holding
that courts should assess ambiguities by examining whether Congress made it
“unmistakably clear in the language of the statute” what interpretation was intended).
The DPPA can be understood by examination of its ordinary meaning and by applying
common sense. A common sense understanding of the type of data at issue in DPPA
cases is that once the information is viewed, it may be “possessed” or “obtained.” The
Court is not “reading into a statute provisions that do not exist” as argued by the
Defendants, but instead is giving the term “obtain” (which is included in the statute) its
ordinary meaning. See, e.g., Nelson, 2013 WL 5888235, at *2-3.
Defendants warn that Plaintiff’s interpretation “of the DPPA would make a federal
case out of the most passive ways that a pervasive state-created database is accessed” and
would impede the broad or “unfettered access” the DPPA was designed to ensure. (See,
e.g., Doc. No. 46, at 6.) However, the final element of a claim under the DPPA—that an
action be “for a purpose not permitted”—necessarily prevents such a result. Thus, the
requirement of a “permitted purpose” for lawful access does not impede Defendants’
otherwise broad access to DVS Databases. Searches and views of information by law
enforcement officials are generally permitted and are not restricted; where accesses occur
within the scope of the fourteen, statutory, permissible uses, such accesses are not likely
to be challenged. 18 U.S.C. § 2721(b).
Given this limiting language—that access be for “a purpose not permitted”—the
Court agrees with Defendants and other courts in this district that to state a claim under
18
the DPPA, a plaintiff must allege that the information was obtained “for a purpose not
permitted.” 7 See, e.g., Smythe, 2013 WL 2443849, at *6 (holding that even though
simply retrieving records may be a violation, it must be without a permitted purpose);
Kost, 2013 WL 6048921, at *11 (“The plain language of the [statute] . . . makes it clear
that the personal information must be knowingly obtained ‘for a purpose not
permitted.’”); Kiminski v. Hunt, Civ. No. 13-185, 2013 WL 6872425, at *6 (D. Minn.
Sept. 20, 2013) (Ericksen, J.). This is also consistent with the Eighth Circuit’s
determination that, with respect to the DPPA, “[t]he proper focus for courts is not the
manner in which the information was acquired, but the use to which it is eventually put.”
Cook v. ACS State & Local Solutions, Inc., 663 F.3d 989, 994 (8th Cir. 2011). In so
holding, the Eighth Circuit declined to establish a temporal limit regarding “stockpiled”
DPPA data (thereby focusing on manner of acquisition) and instead affirmed that the
focus of a DPPA claim is whether the information was obtained for a permissible
purpose. Id. at 995.
Thus, whether Defendants’ accesses of Plaintiff’s driver’s license record in this
case supports a valid DPPA claim depends on the specific allegations in the Complaint
and whether the information was obtained for a permitted purpose. 8
7
Plaintiff will also have to show that those who accessed her data did so for an
impermissible purpose. See Kiminski, 2013 WL 6872425, at *6. Here, Plaintiff’s
allegations sufficiently address all elements of her claims. See infra Section II.D.
8
This view of the DPPA does not displace Minnesota law with respect to driver’s
license information. The Supreme Court has already determined that the DPPA is
constitutional. Reno v. Condon, 528 U.S. 141 (2000). Additionally, the rule of lenity
(Footnote Continued on Next Page)
19
D.
Plaintiff’s DPPA Claims Against City and County Defendants 9
In light of the Court’s analysis above relating to “obtaining” and “permitted
purposes,” the Court now examines whether Plaintiff has adequately stated a claim
against the City and County Defendants (the Court addresses the Commissioners
separately, below) under the DPPA. 10
Plaintiff alleges that a number of people “impermissibly accessed [her] Private
Data.” (Compl. ¶¶ 56-76.) Plaintiff attaches a chart showing approximately 190 accesses
between the years 2003 and 2012 by various Defendants. (Id. ¶ 3, Ex. A.) The chart
shows the location of each lookup, identified by “County name Sheriff,” and the exact
time and date of each lookup. This sufficiently alleges that Plaintiff’s information was
knowingly obtained per the Court’s analysis above.
Plaintiff further alleges that in each of these instances, her driver’s license
information was obtained based on searches “made by name, not license plate number.”
(Id. ¶ 3.) Again, she alleges approximately 190 accesses. (Id. ¶ 3, Ex. A.) She also
alleges that misuse of state databases has been established by a state report and hearing,
and various magazine articles. (Id. ¶¶ 141-44, 162.) She alleges that she had not
(Footnote Continued From Previous Page)
does not apply because the DPPA is not criminal and no “grievous ambiguity” exists.
See Maracich, 133 S. Ct. at 209.
9
These Defendants include Entity Does and Jane and John Does.
10
As discussed above, the DPPA claims against Hennepin County, Ramsey County,
and certain other City and County Defendants are properly dismissed on statute of
limitations grounds.
20
committed any crimes that would have otherwise potentially justified such accesses. (Id.
¶ 78.) Additionally, Plaintiff alleges that she is a well-known attorney in her area with
strong ties to the community. (Id. ¶¶ 44-52.) Finally, the detailed audit reveals searches
for Plaintiff’s information conducted at about three and four o’clock in the morning. (See
id. ¶¶ 3, 78 & Ex. A.) At this stage, these facts taken together sufficiently state a
plausible claim that Plaintiff’s records were not accessed for a “permitted” purpose. In
sum, Plaintiff puts forth sufficient allegations, when considered cumulatively, to “raise a
reasonable expectation that discovery will reveal evidence of [a DPPA claim].”
Twombly, 550 U.S. 556.
These facts distinguish this case from other cases 11 in this district. For example,
the court in Kost found that Plaintiff had not adequately stated a claim against one
Defendant because Plaintiff alleged no facts “that make an improper purpose for access
plausible.” Kost, 2013 WL 6048921, at *14 (emphasis added). But, in that case, the
plaintiff’s information was searched by driver’s license number; a search by driver’s
license number (as opposed to a search by name) reasonably implicates a number of
legitimate law enforcement concerns. (See Kost v. Hunt, Civ. No. 13-583, Doc. Nos. 1
& 9; see also Doc. No. 69, at 19).) In Kost, the Court also considered allegations that the
searches might have been driven by publicity, but found that the timeline of events made
11
The fact that the Court in Smythe focused on the detailed history between the
plaintiff and the individual who accessed her records does not change this result. See
Smythe, 2013 WL 2443849, at *6-7. Here, the Court finds that Plaintiff has pled
sufficient facts to state a DPPA claim.
21
such an allegation implausible. See Kost, 2013 WL 6048921, at *14. There are no
similar dispositive facts in this case.
Moreover, Plaintiffs in other cases in this district have only generally alleged that
the defendants’ activities failed to fall within permitted exceptions and that the sheer
number of accesses created a reasonable inference of a violation. See, e.g., Potocnik,
2014 WL 683980, at *3. This Court agrees that access-volume alone is not enough.
Here, however, Plaintiff alleges more than these other cases; thus, the Court finds that
Plaintiff has adequately stated a claim. 12
Thus, Plaintiff has sufficiently stated a claim against the remaining City and
County Defendants for alleged violations of the DPPA. Plaintiff’s allegations amount to
more than a merely conclusory statement that those Defendants conducted an
“impermissible” search. While the allegations are certainly sparse, narrowly drawn
discovery should be allowed to address this issue. The Court finds that, at this early
stage, dismissal would be premature.
E.
DPPA and Damages
Defendants argue that Plaintiff’s claims should be dismissed because Plaintiff has
failed to allege any “actual damages” per the DPPA which reads: “The court may
12
Consequently, the Court finds that this case is distinguishable from Mitchell v.
Aitkin Cnty., Civ. No. 13-2167, 2014 WL 835129 (D. Minn. Feb. 27, 2014). Specifically,
the Court finds the facts presented by Plaintiff sufficiently establish a plausible inference
or reflect an “outward manifestation” of an impermissible purpose to state a claim at this
early stage. This finding requires neither an inference as to “what went on in a particular
officer’s mind” nor an impermissible burden shift to defendants in DPPA cases. See id.
at *5-9.
22
award—(1) actual damages, but not less than liquidated damages in the amount of
$2,500 . . . .” 18 U.S.C. § 2724(b). As articulated in Kost, the DPPA does not require a
showing of entitlement to actual or liquidated damages as a prerequisite to state a valid
claim upon which relief can be granted. Also, the DPPA’s remedies provision includes a
number of potential remedies that are discretionary for the court (“the court may award”),
and a plaintiff can later choose which damages she seeks to prove at trial. Kost, 2013
WL 6048921, at *9-10. Thus, at this stage, dismissal based on failure to plead actual
damages is both premature and inappropriate. The Court declines to dismiss the DPPA
claims on this basis at this time.
III.
§ 1983 Claims
A § 1983 claim imposes liability on anyone who, under color of state law,
deprives a person of rights secured by either the Constitution or federal laws. 42 U.S.C.
§ 1983; West v. Atkins, 487 U.S. 42, 48 (1988). While it is well-settled that § 1983
provides a remedy for violations of statutory as well as constitutional rights, § 1983 does
not provide a remedy for all federal laws, but only for federally protected rights.
Blessing v. Freestone, 520 U.S. 329, 340 (1997) (citations omitted). Section 1983 is not
itself a source of substantive rights, but is the procedural vehicle through which to
vindicate federal rights elsewhere conferred. Albright v. Oliver, 510 U.S. 266, 271
(1994).
23
A.
Statutory Claims Based on the DPPA
Congressional establishment of a comprehensive remedial scheme forecloses use
of § 1983 as a remedy for violation of federal statutes. 13 Alsbrook v. City of Maumelle,
184 F.3d 999, 1011 (8th Cir. 1999) (citations omitted). Further, there is a presumption
that “Congress intended that the enforcement mechanism provided in the statute be
exclusive.” Id. Courts have so held with respect to a number of different federal
statutory schemes. See, e.g., id. (holding that the ADA’s comprehensive remedial
scheme bars a § 1983 claim); DeYoung v. Patten, 898 F.2d 628, 634-35 (8th Cir. 1990)
(same with respect to the Federal Communications Act).
Plaintiff first argues that the DPPA itself confers rights separately enforceable
under § 1983. Plaintiff relies primarily on Collier v. Dickinson, in which the Eleventh
Circuit held that the DPPA creates a statutory right to privacy enforceable under § 1983.
477 F.3d 1306, 1311 (11th Cir. 2007). Plaintiff further argues that there is no conflict
between the DPPA and a § 1983 claim because Plaintiff is “merely pursuing an
alternative form of relief.” The Court disagrees.
These issues have been addressed in a number of decisions in this district, as well
as in other district courts. Various courts have held that, irrespective of whether a
13
Courts apply a two-step process to determine whether a claim under § 1983 is
available. Blessing, 520 U.S. at 340-41. The first step requires a plaintiff to establish
that a statutory scheme creates specifically articulable individual rights. Id. at 340.
Second, even if a federally protected right has been established, this is merely a
rebuttable presumption; a defendant can then show that Congress has specifically
foreclosed such a remedy, either explicitly in the statute or implicitly, “by creating a
comprehensive enforcement scheme that is incompatible with individual enforcement
under § 1983.” Id. at 341.
24
plaintiff is able to demonstrate that the DPPA confers a federally protected right in
accordance with the “Blessing test,” Congress intended to create a comprehensive
enforcement scheme through the DPPA and to thereby preclude a remedy under § 1983.
See, e.g., Rasmusson, 2014 WL 107067, at *4-6 (holding that the comprehensive nature
of the DPPA’s remedial scheme, along with an analysis of various circuit court decisions,
“indicate Congress’s intent to foreclose a remedy under § 1983” and dismissing the
plaintiff’s § 1983 claim based on an underlying DPPA violation as a result); Nelson, 2013
WL 5888235, at *5-7 (holding that the “DPPA’s remedial scheme, which is both
comprehensive and more restrictive than § 1983, expresses Congress’s intent to preclude
other means of enforcement” and dismissing the plaintiff’s § 1983 claim based on an
underlying DPPA violation as a result); Kiminski, 2013 WL 6872425, at *10-14 (same);
Bass, 2014 WL 683969, at *6-7 (same and citing Kiminski); Roberts, 606 F. Supp. 2d
at 1046 (same); Kraege v. Busalacchi, 687 F. Supp. 2d 834, 8401 (W.D. Wis. 2009)
(same). Here too, the Court adopts the reasoning of Rasmusson and Kiminski on these
issues.
In rendering their decisions, courts in this district have also considered the City of
Rancho Palos Verdes, Cal. v. Abrams, 544 U.S. 113 (2005), which held that a statute that
includes “an express, private means of redress” 14 ordinarily indicates “that Congress did
14
Courts have allowed redress under § 1983 where the statutes at issue failed to
provide an adequate private remedy through which aggrieved parties could seek redress.
See Rancho Palos Verdes, 544 U.S. at 121-22 (citing Blessing, 520 U.S. at 348 (finding a
§ 1983 claim was available because Title IV–D contains “no private remedy—either
judicial or administrative—through which aggrieved persons can seek redress”); Livadas
(Footnote Continued on Next Page)
25
not intend to leave open a more expansive remedy under § 1983.” See, e.g., Kiminski,
2013 WL 6872425, at *12 (quoting Rancho Palos Verdes, 544 U.S. at 121). Courts in
this district have also determined that the DPPA provides a more restrictive private cause
of action than that permitted by § 1983, given the available remedies, relevant limitation
periods, 15 and potential defendants 16 for claims asserted under each statute. See, e.g.,
Kiminski, 2013 WL 6872425, at *12-14 (comparing the remedies provided under 18
U.S.C. § 2724(b) and 18 U.S.C. § 2723 in light of Rancho Palos Verdes). The courts in
this district have thus determined that the DPPA “does not leave open the door for a
§ 1983 action.” 17 See id. at *12.
(Footnote Continued From Previous Page)
v. Bradshaw, 512 U.S. 107, 133-34 (1994) (there was a “complete absence of provision
for relief from governmental interference” in the statute); Golden State Transit Corp. v.
Los Angeles, 493 U.S. 103, 108-09 (1989) (“There is . . . no comprehensive enforcement
scheme for preventing state interference with federally protected labor rights that would
foreclose the § 1983 remedy”); Wilder v. Va. Hosp. Assn., 496 U.S. 498, 521 (1990) (the
statute “contains no . . . provision for private judicial or administrative enforcement”);
Wright v. Roanoke Redev. & Hous. Auth., 479 U.S. 418, 427 (1987) (same); accord
Middlesex Cnty. Sewerage Auth. v. Nat’l Sea Clammers Ass’n., 453 U.S. 1, 19-20 (1981)
(finding a § 1983 remedy unavailable because the statute provided a private remedy and
was more restrictive); Smith v. Robinson, 468 U.S. 992, 1012 (1984) (same)).
15
A DPPA claim is subject to a four-year statute of limitations, but the parties agree
that a § 1983 claim in this case would be subject to a six-year statute of limitations. (See,
e.g., Doc. No. 22, at 21; Doc. No. 41, at 17.)
16
The DPPA expressly excludes civil suits against states and state agencies (except a
narrow set of remedies brought by the Attorney General against the State Department of
Motor Vehicles).
17
Courts in this district have also distinguished the case heavily relied upon by
Plaintiff—Collier. See, e.g., Rasmusson, 2014 WL 107067, at *5-6 (holding that Collier
(Footnote Continued on Next Page)
26
Thus, this Court agrees that the DPPA is a comprehensive remedial scheme that
precludes a DPPA-based claim under § 1983, and the Court dismisses Plaintiff’s § 1983
claims based on an underlying DPPA violation.
B.
Constitutional Claims
Plaintiff also brings a claim under § 1983 on the ground that the access of her
driver’s record violates her constitutional right to privacy. 18 Certain private information
is entitled to constitutional protection; however, “not every disclosure of personal
information will implicate the constitutional right to privacy.” Cooksey v. Boyer, 289
F.3d 513, 515-16 (8th Cir. 2002). “[T]o violate the constitutional right of privacy the
information disclosed must either be a shocking degradation or an egregious
humiliation . . . , or a flagrant breach of a pledge of confidentiality which was
instrumental in obtaining the personal information.” Id. at 516 (internal citations and
quotations omitted). Courts also “examine the nature of the material opened to public
view to assess whether the person had a legitimate expectation that the information would
(Footnote Continued From Previous Page)
and a similar case failed to address the DPPA’s restrictive remedy and restrictive statute
of limitations and declining to apply those cases).
18
Plaintiff alleges that Defendants violated her right to privacy under the Fourth and
Fourteenth Amendments. “Similar to the Fourteenth Amendment standards, a search
occurs under the Fourth Amendment when the government violates a subjective
expectation of privacy that society recognizes as reasonable.” Rasmusson, 2014 WL
107067, at *6 (quotations and citations omitted). Because the Court finds no reasonable
expectation of privacy in the type of data at issue in this case, the Court analyzes
violations under both Amendments together in this section.
27
remain confidential while in the state’s possession.” Eagle v. Morgan, 88 F.3d 620, 625
(8th Cir. 1996); see also Cooksey, 289 F.3d at 516.
First, Plaintiff argues that, according to the Supreme Court’s recent decision in
Maracich, a right to privacy exists with respect to Plaintiff’s private personal information
found in her driver’s record. However, neither Maracich nor any other case is so clear on
this issue. Maracich did not directly address the issue of whether a constitutional right to
privacy in driver’s license records exists, but instead addressed whether an attorney’s
solicitation of clients constitutes a “permissible purpose” under the DPPA. Maracich,
133 S. Ct. at 2195-96. While the Supreme Court recognized the importance of the
information available through motor vehicle databases, it did not hold that this
information is constitutionally protected; Maracich is therefore not controlling here. See
id.
Second, Plaintiff alleges that the information at issue includes a person’s “address,
color photograph, date of birth, weight, height and eye color, and in some instances, [his
or her] medical and/or disability information.” (Compl. ¶ 67 (emphasis added).) No
case has yet found that a constitutional right to privacy exists under the Fourth or
Fourteenth Amendment for the type of information typically found in driver’s licenses
and protected by the DPPA (address, color photograph, date of birth, weight, height, and
eye color). Condon v. Reno, 155 F.3d 453, 464 (4th Cir. 1998) rev’d on other grounds by
Reno v. Condon, 528 U.S. 141 (2000) (“Of particular importance here, neither the
Supreme Court nor this Court has ever found a constitutional right to privacy with respect
to the type of information found in motor vehicle records.”); Pryor v. Reno, 171 F.3d
28
1281 (11th Cir. 1999) rev’d on other grounds by Reno v. Pryor, 528 U.S. 1111 (2000).
Courts in this district have agreed. See, e.g., Rasmusson, 2014 WL 107067, at *6;
Kiminski, 2013 WL 6872425, at *14; McDonough, at 2014 WL 683998, at *4-6.
Certainly, that this information is readily and regularly disclosed anywhere one presents a
driver’s license shows there is no reasonable expectation of privacy in such information.
See, e.g., Kiminski, 2013 WL 6872425, at *14. The Court adopts the reasoning of the
courts in this district in that regard. See id.
Plaintiff focuses her argument on the fact that the above-mentioned cases “failed
to acknowledge more is contained in a motor vehicle record than just one’s address,
height, weight, and photograph” (Doc. No. 41, at 20); Plaintiff maintains that social
security numbers (“SSNs”) and other sensitive health records have long been established
to be “intimate personal information” that are constitutionally protected. The Court
disagrees. 19
The question of whether there is a constitutional right to privacy in SSNs is
unsettled, and has not been resolved by the Eighth Circuit. Some courts have held that
disclosure of SSNs without permission violates the constitutional right of privacy. See
Arakawa v. Sakata, 133 F. Supp. 2d 1223, 1229 (D. Hawaii 2001) (considering “the
voluminous and largely ambiguous case law on the subject” of privacy rights in
19
The Court notes that it is not even clear whether Plaintiff has adequately alleged
access of her SSN as she alleges that she provided her SSN to DPS, but never alleges it
was accessed or viewed. However, even giving Plaintiff the benefit of the doubt on this
issue, the Court still finds Plaintiff has not stated a claim based on a constitutional right to
privacy in her SSN here.
29
confidential information and concluding that the public disclosure of motorists’ social
security numbers violated constitutional privacy rights). Other courts have roundly
rejected the contention that there is such a constitutional right to privacy. Cassano v.
Carb, 436 F.3d 74, 75 (2d Cir. 2006) (holding that “the Constitution does not provide a
right to privacy in one’s SSN”); McElrath v. Califano, 615 F.2d 434, 441 (7th Cir. 1980)
(holding that disclosure of social security number as a condition of eligibility for
government financial assistance did not violate plaintiff’s right to privacy) (citations
omitted). And, while these courts have primarily only addressed the release of social
security numbers to official agencies (rather than individuals acting outside of their
official capacity or actions by the general public), this issue has still not been decided in
the affirmative by the Eighth Circuit. It is not in dispute that a person has a privacy
interest in avoiding the public disclosure of personal matters, and that SSNs are
recognized as sensitive and highly confidential. See In re Crawford, 194 F.3d 954, 958
(9th Cir. 1999); see generally Doyle v. Wilson, 529 F. Supp. 1343, 1348 (D. Del. 1982).
Even so, a privacy interest and a sensitive or highly confidential designation are not the
same as having a constitutional right to privacy. The Court concludes that Plaintiff has
not stated a claim based on a constitutional right to privacy in this information.
With respect to the medical information that Plaintiff alleges is included in
driver’s license records, such information may be protected in some instances, but is not
always protected. See Cooksey, 289 F.3d at 517. Here, however, Plaintiff does not allege
that her driver’s record includes medical records, and does not allege that her medical
information was accessed. As a result, without deciding the issue of whether medical
30
records are constitutionally protected, the Court holds that Plaintiff has failed to state a
claim based on a constitutional right to privacy in her medical information.
For the above reasons, the Court holds that Plaintiff’s claims under § 1983 based
on a constitutional right to privacy are properly dismissed.
C.
Monell Claims
There can be no Monell claim where there is no underlying violation of Plaintiff’s
constitutional rights. See Brockinton v. City of Sherwood, 503 F.3d 667, 674 (8th
Cir. 2007). Because Plaintiff has not established an underlying violation of any
constitutional right (see supra Section III.B.), any Monell claim against the City and
County Defendants must be dismissed.
IV.
Qualified Immunity
Defendants claim that they are entitled to qualified immunity on Plaintiff’s claims.
Qualified immunity is a defense only against a claim in one’s individual capacity.
Johnson v. Outboard Marine Corp., 172 F.3d 531, 535 (8th Cir. 1999). Qualified
immunity protects government officials and employees performing discretionary
functions “from liability for civil damages insofar as their conduct does not violate
clearly established statutory or constitutional rights of which a reasonable person would
have known.” Saucier v. Katz, 533 U.S. 194, 202 (2001). To state a claim for qualified
immunity, the plaintiff must assert a violation of a statutory or constitutional right, and
the alleged right must be clearly established at the time of the alleged misconduct. Id.
Here, at this stage of the proceedings, plaintiff has adequately alleged the violation
of a clearly established statutory right. The DPPA is clear that accessing driver’s license
31
information without a permissible purpose violates the law. The DPPA has been in place
since 1994. By August 2009, Defendants would have been on notice of the DPPA and its
prohibition of the access of driver’s license information for impermissible purposes.
It may well be that, as this case proceeds, Defendants will be able to establish that
they are entitled to qualified immunity because their actions were not “clearly
established” violations of the law. However, given the allegations at this stage, if
Defendants accessed Plaintiff’s data for an impermissible purpose as alleged, it was
clearly established in 2009 and thereafter, that doing so constituted a violation of the
DPPA. 20 Thus, at this stage, Defendants are not entitled to qualified immunity.
V.
Invasion of Privacy Claims
Minnesota first recognized a claim for invasion of privacy in 1998. Lake v.
Wal-Mart Stores, Inc., 582 N.W.2d 231, 235 (Minn. 1998). The Minnesota Supreme
Court adopted three separate causes of action that are generally referred to as invasion of
privacy. Id. Here, Plaintiff’s claim is for intrusion upon seclusion. 21 (Compl. ¶ 264.)
20
This is different from Roth v. Guzman, 650 F.3d 603 (6th Cir. 2011), cited by
Ramsey County in support of its argument for qualified immunity. In that case, the court
considered whether qualified immunity applied to a DPPA claim when information that
was disclosed for a purportedly permissible purpose was actually obtained for an
impermissible purpose and whether “stockpiling” for a permissible purpose violated the
DPPA. Roth, 650 F.3d at 614, 617. The court held that the answers to those questions
were not clearly established and that qualified immunity applied as a result. Id. Here, the
scenario as alleged is simply impermissible, direct accesses—the primary scenario
contemplated by the DPPA.
21
Intrusion upon seclusion is an intentional tort with a two-year statute of limitations
under Minn. Stat. § 541.07(1). Hough v. Shakopee Pub. Schs., 608 F. Supp. 2d 1087,
1118 (D. Minn. 2009); Manion v. Nagin, Civ. No. 00-238, 2003 WL 21459680, at *9 (D.
(Footnote Continued on Next Page)
32
Intrusion upon seclusion is actionable when “one intentionally intrudes, physically
or otherwise upon the solitude or seclusion of another or his private affairs or concerns, if
the intrusion would be highly offensive to a reasonable person.” Lake v. Wal-Mart, 582
N.W.2d at 233 (citations omitted); Swarthout v. Mut. Serv. Life Ins. Co., 632 N.W.2d 741,
744 (Minn. Ct. App. 2001).
What is “highly offensive” is generally considered a “question of fact” for the jury,
and only becomes a question of law “if reasonable persons can draw only one conclusion
from the evidence.” Swarthout, 632 N.W.2d at 745. To determine whether an
interference is offensive, courts consider: “the degree of intrusion, the context, conduct
and circumstances surrounding the intrusion as well as the intruder’s motives and
objectives, the setting into which he intrudes, and the expectations of those whose privacy
is invaded” and “the number and frequency of the intrusive contacts.” Bauer v. Ford
Motor Credit Co., 149 F. Supp. 2d 1106, 1109 (D. Minn. 2001). The interference must be
a “substantial one, of a kind that would be highly offensive to the ordinary reasonable
person, as the result of conduct to which the reasonable person would strongly object.”
Swarthout, 632 N.W.2d at 745 (internal citations omitted). For example, in Lake v.
Wal-Mart, the court found allegations that nude photographs of the plaintiffs had been
publicized were sufficient to state a claim for invasion of privacy. 582 N.W.2d at 235. In
Swarthout, the court found that “[v]iewing this record in the light most favorable to [the
(Footnote Continued From Previous Page)
Minn. June 20, 2003); see Manteuffel v. City of N. St. Paul, 570 N.W.2d 807, 810-11
(Minn. Ct. App. 1996) (analyzing the types of torts to which Minn. Stat. § 541.07(1)
applies and explaining that intentional torts are regularly covered by that section).
33
plaintiff] we cannot say that, as a matter of law, the altering of [the plaintiff’s] release and
the illicit obtaining, conveying, and publicizing of his private medical information was
not the ‘substantial’ and ‘highly offensive’ intrusion upon Swarthout’s seclusion that
would satisfy the . . . [intrusion upon seclusion] test.” 632 N.W.2d at 745.
Here, the Court finds that “reasonable persons can draw only one conclusion from
the evidence”—that the access of information as alleged by Plaintiff cannot rise to the
level of offensiveness required to state a claim for invasion of privacy. Id. at 745. First,
the Court agrees with Nelson and Rasmusson that to the extent that only Plaintiff’s
address, date of birth, weight, height, eye color, driver identification number, and driving
record were accessed, she cannot state a claim because “this information is included on
the face of a driver’s license and, as discussed above, there is a low expectation of
privacy in this type of information because individuals show their driver’s licenses to
strangers on a daily basis. Moreover, much of this information can be obtained by
looking at an individual or through public records.” Rasmusson, 2014 WL 107067,
at *10; Nelson, 2013 WL 5888235, at *8 (holding the same, and that because there was
no allegation that the records at issue contained a social security number or financial or
medical information, “no reasonable person could consider the intrusion . . . highly
offensive”); see also Bass, 2014 WL 683969, at *7 (holding that information relating to
the plaintiff’s address, date of birth, weight, height, eye color, and driver identification
number were not “particularly sensitive” and could not meet the “highly offensive”
threshold and dismissing the claims as a result).
34
Second, though Plaintiff points to the viewing of medical information and social
security numbers to satisfy the standard, Plaintiff has failed to adequately make any such
allegations about the accesses to her record. Plaintiff alleges that her social security
number was provided to DPS (Compl. ¶ 173), but never alleges it was viewed or
accessed. (See id. ¶ 79 (Plaintiff alleges Defendants viewed: “her home address, color
photograph or image, date of birth, eye color, height, weight and driver identification
number.”).) Plaintiff makes no allegations about her medical information. Therefore,
Plaintiff has failed to sufficiently allege the existence of an intrusion that could be
considered by a jury to be “highly offensive” or that is based on a “legitimate expectation
of privacy.” All claims for invasion of privacy are thus dismissed.
VI.
Issues Specific to the Commissioner Defendants
Plaintiff alleges that the Commissioner Defendants directed the construction of an
electronic database consisting of Minnesota drivers’ information, and then granted law
enforcement officers and other governmental personnel access to the database without
proper training or instruction and without proper monitoring or restrictions. Furthermore,
Plaintiff argues that the Commissioner Defendants knew that there were illegal accesses
and that misuse of the database was widespread. For these actions, Plaintiff sues the
Commissioner Defendants in their individual capacities under the DPPA, § 1983, and for
invasion of privacy. 22
22
The Court agrees with the Commissioner Defendants that Plaintiff’s claims against
the DPS Does are based on the same theory of liability as her claims against the
(Footnote Continued on Next Page)
35
Because Plaintiff seeks redress against the Commissioner Defendants in their
individual capacities, to state a claim, Plaintiff must show that each Commissioner is “a
person who knowingly obtains, discloses or uses personal information, from a motor
vehicle record, for a purpose not permitted.” 18 U.S.C. § 2724(a). A “person” is an
individual, organization or entity” but cannot be “a State or agency thereof.” 18 U.S.C.
§ 2725(3). Pursuant to the plain language of the statute, any obtainment, disclosure or
use must be for a purpose not permitted. (See supra Section II.C.) Here, Plaintiff fails to
make any allegations that either of the Commissioner Defendants personally obtained,
disclosed, or used personal information from a motor vehicle record. But even if they
did, Plaintiff fails to allege that the Commissioner Defendants did so, or did anything at
all, with the driver’s license information that was “for a purpose not permitted.” See
Kiminski, 2013 WL 6872425, at *6 (“Under the plain language of the statute, the person
who obtains, discloses, or uses the information must do so for an impermissible purpose”
and examining a number of cases that support this proposition) (emphasis in original);
Nelson, 2013 WL 5888235, at *3 (dismissing DPPA claims against Commissioners for
failure to allege an impermissible purpose because “[i]t is not enough that they disclosed
information to [a Defendant] and he acted with an impermissible purpose, the
Commissioners themselves must have acted with such a purpose”) (emphasis in original).
See also Roth, 650 F.3d at 607-609 (holding that because officials disclosed the data for a
(Footnote Continued From Previous Page)
Commissioner Defendants. The Court will therefore treat the DPS Does as included in
its analysis of the Commissioner Defendants.
36
permissible purpose, the fact that it was later used for an impermissible purpose did not
create DPPA violation). The Court finds Kiminski and Nelson’s reasoning compelling on
this issue, and hereby adopts it.
Plaintiff argues that the following allegations are sufficient to show an
“impermissible purpose” by the Commissioner Defendants: (a) they had the ability to
determine if unauthorized access was being made and to prevent it; (b) they failed to
prevent unauthorized access to Plaintiff’s private data; (c) they knowingly authorized,
directed, ratified, approved, acquiesced in, committed, or participated in the disclosure of
Plaintiff’s private data; and (d) they knowingly disclosed Plaintiff’s private data and
violated state policy by devising and implementing the DVS Database that failed to
uphold Plaintiff’s privacy rights as required by the DPPA. But, in reality, Plaintiff’s
allegations amount to a claim that the Commissioner Defendants violated the DPPA by
releasing the information to their respective employees and agencies for a permitted
purpose (i.e., doing their jobs), but without proper safeguards, training, or monitoring.
This is not the same as releasing the information for an impermissible purpose. As
explained in Kiminski, Plaintiff’s reading would require a deviation from the plain
language of the statute and is not supported by law. Kiminski, 2013 WL 6872425, at *8.
The possibility that the Commissioner Defendants disclosed the data for the permissible
purpose of allowing law enforcement officers and other governmental personnel to do
their jobs is just too great for Plaintiff to overcome without specific allegations to the
contrary; Plaintiff offers none. In fact, the type of situation described by Plaintiff is
explicitly contemplated and addressed by the DPPA itself, which allows the Attorney
37
General to impose civil penalties upon a state department of motor vehicles that has a
“policy or practice of substantial noncompliance” with respect to driver’s license
information and records. 18 U.S.C. § 2723(b); Kiminski, 2013 WL 6872425, at *8.
Furthermore, any allegations made by Plaintiff with respect to the February 2013
hearing 23 cannot support claims regarding what the Commissioner Defendants knew or
did for the time period relevant to this lawsuit (2009 to 2012). Simply put, Plaintiff has
not sufficiently alleged an impermissible purpose with respect to the Commissioner
Defendants.
Finally, Plaintiff argues that Gordon, 726 F.3d 42, creates a duty of care to which
the Commissioners must be held with respect to driver’s license data. In Kiminski, the
court generally held that Gordon is inconsistent with the plain language of the DPPA and
the Commissioner Defendants cannot be held individually liable for systemic issues as
alleged in the complaint. 2013 WL 6872425, at *8-9. Again, the Court finds the
reasoning in Kiminski persuasive and adopts it.
With respect to Plaintiff’s § 1983 claims against the Commissioner Defendants,
because the Court has already held that Plaintiff cannot state a claim under § 1983 (see
detailed analysis in Section III, supra), these claims are also dismissed against the
Commissioner Defendants. Similarly, although the Commissioner Defendants did not
address the question of invasion of privacy, the Court finds that the legal and factual
issues with respect to the Commissioner Defendants are not materially different from
23
Plaintiff ties a number of her allegations to a 2013 report and hearing about
database use in Minnesota.
38
those alleged against the other Defendants. As a matter of law, Plaintiff has alleged no
conduct that could rise to the requisite level of offensiveness to state an invasion of
privacy claim. Thus, all claims against the Commissioner Defendants and DPS Does are
properly dismissed.
VII.
Summary Judgment
A.
Hennepin County
Hennepin County also seeks summary judgment. However, because no claims
remain against Hennepin County, this motion is moot.
B.
Crow Wing County
The County Defendants seek summary judgment as to the allegations relating to
the fifteen occasions on which Plaintiff’s DVS data was accessed by Crow Wing County
Probation between 2004 and 2012 because Crow Wing County Probation employees are
not employees of any of the County Defendants. (Doc. No. 52, at 23-24 & Doc. No. 82,
at 9.) Plaintiff concedes that those fifteen accesses are not attributable to the County
Defendants and agrees that they should be dismissed as a result. (Doc. No. 72, at 9-10.)
Thus, the Court dismisses claims relating to the fifteen accesses by Crow Wing County
Probation.
VIII. Motion for Severance
Hennepin County and Ramsey County seek severance. Insofar as these parties
have been dismissed, the question of severance is moot.
39
CONCLUSION
For the reasons discussed above, the Court concludes that all of Plaintiff’s § 1983
claims and invasion of privacy claims are properly dismissed for failure to state a claim.
The Court dismisses all DPPA claims related to searches made prior to August 2009 as
well as the relevant Defendants. Thus, only DPPA claims against certain City and
County Defendants for searches conducted after August 2009 remain. The remaining
entities and corresponding number of searches are as follows: Aitkin County
(3 searches); City of Baxter (2 searches); City of Brainerd (4 searches); Cass County
(4 searches); Crow Wing County (39 searches); City of Fridley (1 search); City of Little
Falls (7 searches); City of Minneapolis (1 search); Morrison County (1 search); City of
St. Cloud (1 search); City of Staple (2 searches); and Wright County (1 search). The
Court also orders the parties to settlement discussions, particularly with respect to those
entities for which only a single search is alleged. The Court notes that discovery at this
early stage should be limited in scope to address the issue of the permissibility of the
relevant accesses.
Finally, the Court assumes that the parties in this case, as well as other
governmental entities, are proactively working on significant policy and rule changes to
prevent the impermissible access to data and to ensure that individuals responsible for
any such impermissible access will be held accountable. Such reform should be a
priority of all agencies given the extent of potential litigation and associated costs.
40
ORDER
Based upon the foregoing, IT IS HEREBY ORDERED that:
1.
Defendant Hennepin County’s Motion to Dismiss and/or for Summary
Judgment and/or to Sever (Doc. No. [19]) is GRANTED IN PART and DENIED IN
PART as follows:
a.
Defendant Hennepin County’s motion to dismiss (Doc.
No. [19]) is GRANTED, and Hennepin County is DISMISSED WITH
PREJUDICE; and
b.
Defendant Hennepin County’s motions for summary
judgment and to sever (Doc. No. [19]) are DENIED AS MOOT.
2.
The City Defendants’ Motion to Dismiss (Doc. No. [43]) is GRANTED IN
PART and DENIED IN PART as follows:
a.
Counts II, III and VI are DISMISSED WITH PREJUDICE
in their entirety;
b.
Count I against the City of Crosslake, the City of Long
Prairie, and the City of Pine River is DISMISSED WITH PREJUDICE;
and
c.
Count I against the City of Baxter, the City of Brainerd, the
City of Fridley, the City of Little Falls, the City of Minneapolis, the City of
St. Cloud and the City of Staples remains.
41
3.
The County Defendants’ Motion to Dismiss and/or for Summary
Judgment (Doc. No. [49]) is GRANTED IN PART and DENIED IN PART as
follows:
a.
Counts II, III and VI are DISMISSED WITH PREJUDICE
in their entirety;
b.
Count I against Scott County and St. Louis County is
DISMISSED WITH PREJUDICE; and
c.
Count I against Aitkin County, Cass County, Crow Wing
County, Morrison County, and Wright County remains.
4.
Defendant Ramsey County’s Motion to Dismiss or for Severance (Doc.
No. [55]) is GRANTED IN PART and DENIED IN PART as follows:
a.
Defendant Ramsey County’s motion to dismiss (Doc.
No. [55]) is GRANTED, and Ramsey County is DISMISSED WITH
PREJUDICE; and
b.
Defendant Ramsey County’s motion for severance (Doc.
No. [55]) is DENIED AS MOOT.
5.
The Commissioner Defendants’ Motion to Dismiss (Doc. No. [30]) is
GRANTED in its entirety, and the Commissioner Defendants are DISMISSED WITH
PREJUDICE.
6.
The parties shall contact the Magistrate Judge’s chamber to schedule a
settlement conference to occur within sixty (60) days of the date of this Order.
42
7.
Discovery at this stage should be limited to the issue of the permissibility of
the relevant accesses.
Dated: March 31, 2014
s/Donovan W. Frank
DONOVAN W. FRANK
United States District Judge
43
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
