Taylor et al v. Acxiom Corporation et al

Filing 75

NOTICE by U.S. Interactive, Inc. re 62 Notice (Other), Notice (Other), Notice (Other) Supplemental Response of Defendant US Interactive to Plaintiffs' Statement of Violations of the Driver's Privacy Protection Act (Attachments: # 1 Exhibit A# 2 Exhibit B)(Smith, Michael)

Download PDF

Taylor et al v. Acxiom Corporation et al Doc. 75 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 1 of 10 IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF TEXAS (MARSHALL DIVISION) � � Case No. 2:07-cv-0001 v. � � (Judge Donald E. Walter) AXCIOM CORPORATION et al. � _____________________________________________________________________________________ � � Case No. 2:07-cv-0013 v. � � (Judge Donald E. Walter) ACS STATE & LOCAL � SOLUTIONS, INC. et al. � _____________________________________________________________________________________ � � Case No. 2:07-cv-0014 v. � � (Judge Donald E. Walter) TEXAS FARM BUREAU MUTUAL � INSURANCE COMPANY et al. � _____________________________________________________________________________________ SHARON TAYLOR et al. � � Case No. 2:07-cv-0017 v. � � (Judge Donald E. Walter) SAFEWAY, INC. et al. � _____________________________________________________________________________________ � � Case No. 2:07-cv-0018 v. � � (Judge Donald E. Walter) BIOMETRIC ACCESS CO. et al. � _____________________________________________________________________________________ SHARON TAYLOR et al. v. FREEMAN PUBLISHING CO. et al. � � � � � � Case No. 2:07-cv-0410 (Judge Donald E. Walter) SHARON TAYLOR et al. SHARON TAYLOR et al. SHARON TAYLOR et al. SHARON TAYLOR et al. ______________________________________________________________________________ SUPPLEMENTAL RESPONSE OF DEFENDANT U.S. INTERACTIVE, INC. TO PLAINTIFFS' STATEMENT OF VIOLATIONS OF THE DRIVER'S PRIVACY PROTECTION ACT HO1 13096236.1 Dockets.Justia.com Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 2 of 10 SUPPLEMENTAL RESPONSE OF DEFENDANT U.S. INTERACTIVE, INC. TO PLAINTIFFS' STATEMENT OF VIOLATIONS OF THE DRIVER'S PRIVACY PROTECTION ACT Plaintiffs' so-called "Statement of Violations of the Driver's Privacy Protection Act" ("Statement") does nothing to change the result required by Defendant U.S. Interactive, Inc.'s Motion to Dismiss and related filings: 1 This case should be dismissed as to USI. Plaintiffs' Statement attempts to avoid dismissal with the imposition of two requirements for obtainment of regulated data that are not found in the Driver's Privacy Protection Act ("DPPA" or "Act"): (1) a preexisting relationship with the person to whom the information pertains; and (2) an "immediately contemplated use" to which the information will be put. 2 Neither "requirement" can serve as a basis for liability, because neither "requirement" appears in the Act or the cases that interpret it. Plaintiffs' claims should be dismissed as to USI because their Statement confirms that this case is premised upon conduct not prohibited by the DPPA. I. The DPPA Does Not Require a Preexisting Relationship with a Person as a Prerequisite to Permissible Obtainment of His or Her Personal Information Plaintiffs' first contention--that it is impossible to obtain personal information for a DPPA-permitted purpose in the absence of a preexisting relationship with the person to whom 1 Motion of Defendant U.S. Interactive, Inc. ("USI") to Dismiss Plaintiffs' Complaint, filed April 30, 2007 in Case No. 2:07-cv-0017 [Docket No. 86]; Motion of Defendant U.S. Interactive, Inc. to Dismiss Plaintiffs' Complaint, filed April 30, 2007 in Case No. 2:07-cv-0018 [Docket No. 91]; Defendant U.S. Interactive, Inc.'s Reply to Plaintiffs' Response to USI's Motion to Dismiss, filed May 25, 2007 in Case No. 2:07-cv-0017 [Docket No. 98]; Defendant U.S. Interactive, Inc.'s Reply to Plaintiffs' Response to USI's Motion to Dismiss, filed May 25, 2007 in Case No. 2:07-cv-0017 [Docket No. 112]; Response of Defendant U.S. Interactive, Inc. to Plaintiffs' Notice of Filing Supplemental Authority, filed February 15, 2008 in Case No. 2:07-cv-0017 [Docket No. 157]; Response of Defendant U.S. Interactive, Inc. to Plaintiffs' Notice of Filing Supplemental Authority, filed February 15, 2008 in Case No. 2:07-cv-0018 [Docket No. 177] (collectively, "Motion to Dismiss"). USI reurges its Motion to Dismiss. USI also joins in Defendants' Consolidated Motion to Dismiss on Common Issues and Response to Plaintiffs' Statement of Violations, filed April 18, 2008 in Case No. 2:07-cv-0001 [Docket No. 72]. This filing supplements rather than supplants USI's Motion to Dismiss and its joinder in Defendants' Consolidated Motion to Dismiss on Common Issues. Plaintiffs' Statement at 37�38. 2 -2HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 3 of 10 the information pertains--is untenable. 3 Plaintiffs cite no authority to support this assertion, and none of the permissible purposes listed in the DPPA is contingent upon a prior relationship between the obtainer and the person whose information is being obtained. To the contrary, the DPPA's list of permissible purposes anticipates the lack of any such preexisting relationship. 4 Plaintiffs' attempt to include an extrastatutory "preexisting relationship" requirement is precluded by the text of the Act itself. II. The DPPA Does Not Require an "Immediately Contemplated Use" as a Prerequisite to Permissible Obtainment of Regulated Data Equally without merit is Plaintiffs' claim--also unsupported--that the Act requires an "immediately contemplated use" of regulated data as a prerequisite to permissible obtainment. 5 This claim rests upon the notion that the Act imposes liability based upon an obtainment made for a permissible purpose, but also made without an "immediately contemplated use" at the time of obtainment. This contention likewise finds no support in the Act. The DPPA requires neither "use" of permissibly obtained data nor an "immediately contemplated use" as a condition of permissible obtainment. A. An "Immediately Contemplated Use" Is Not Necessary to Permissible Obtainment It is undisputed that the DPPA permits obtainment for certain purposes. Whether a purpose is permissible is determined solely by the use to which the obtainer intends to put the Plaintiffs' Statement at 38 ("Based on the lack of any relationship, business or otherwise, between the above-referenced Plaintiffs and this Defendant, the above-referenced Plaintiffs assert that this Defendant had no permissible purpose for obtaining their personal information."). 4 3 E.g., 18 U.S.C. � 2721(b)(8) (obtainment of DPPA-regulated data permissible "[f]or use by any licensed private investigative agency or licensed security service for any purpose permitted under this section"). 5 Plaintiffs' Statement at 38 ("Any purpose this Defendant had for obtaining the above-referenced Plaintiffs' `personal information' other than an immediately contemplated use of the information for one of the DPPA's authorized uses for the information constitutes a violation of the DPPA."). -3HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 4 of 10 regulated data. 6 Nothing in the Act requires that the intended use be immediate, or that the intended use be "immediately contemplated" at the time of obtainment. If obtainment is made for a permissible purpose--that is, for the purpose of engaging in a use allowed by the Act--then the Act does not make that purpose impermissible simply because the obtainer does not contemplate putting the information to its intended use immediately following obtainment. It is undisputed that: (1) as a provider of online and video driver safety courses, USI obtains the VTR Database for the purpose of immediately verifying the identities of its students, as required by Texas law; 7 (2) student identity verification is a permissible purpose for obtainment under the Act; 8 and (3) this purpose is the only purpose for which USI obtains the VTR Database. 9 Plaintiffs nonetheless contend that USI violates the Act because it obtains the complete VTR Database without knowing at the time of obtainment those persons whose identities it will be asked to verify, and thus has no "immediately contemplated use" for all of the information contained in the VTR Database. 10 This contention fails. It does nothing to change the undisputed fact that USI obtains the VTR Database for the permissible purpose of verifying the identities of its students as required 18 U.S.C. � 2724(a) ("A person who knowingly obtains, discloses, or uses personal information, from a motor vehicle record, for a purpose not permitted under this chapter shall be liable to the individual to whom the information pertains . . . ." (emphasis added)); id. � 2724(b)(1)�(14) (allowing obtainment of DPPA-regulated data "[f]or use" in the activities specified in these subsections). Plaintiffs' Statement at 37 ("Defendant U.S. Interactive, Inc. is a provider of online and video driver safety courses."); Motions of Defendant U.S. Interactive, Inc. to Dismiss Plaintiffs' Complaint at 9. Accord: Tex. Admin. Code � 176.1110(c)(1)�(2). 8 7 6 Plaintiffs' First Amended Complaint--Class Action ("Complaint") � 70 ("Defendants may have a permissible use under the DPPA for obtaining `personal information' for some of the people in the database."); Motions of Defendant U.S. Interactive, Inc. to Dismiss Plaintiffs' Complaint at 19. Accord: 18 U.S.C. � 2721(b)(2), (3), and (14). Motions of Defendant U.S. Interactive, Inc. to Dismiss Plaintiffs' Complaint at 4, 11 ("USI purchases from Texas the State's [VTR Database] for the sole purpose of verifying the identification of students who take USI's driver safety courses."); Defendant U.S. Interactive, Inc.'s Replies to Plaintiffs' Response to USI's Motion to Dismiss at 3. 10 9 Plaintiffs' Statement at 38. -4HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 5 of 10 by Texas law. That purpose is not altered or otherwise made impermissible by the fact that USI does not know at the time of obtainment those persons who subsequently will enroll in its courses. Regardless of what it knows or does not know at the time of obtainment about the persons who will take its courses at some point in the future, USI obtains the VTR Database for the single and permissible purpose of verifying the identities of its students--that is, "[f]or use in connection with matters of motor vehicle or driver safety"; "[f]or use in the normal course of business by a legitimate business . . . to verify the accuracy of personal information submitted by the individual to the business"; and "[f]or any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety." 11 Therefore, Plaintiffs' impermissible obtainment claim against USI fails because they do not allege an impermissible purpose. To the contrary, Plaintiffs concede that USI has a permissible purpose for obtaining the information of those persons who enroll in its driver safety courses. 12 But Plaintiffs do not allege that USI had a different purpose for obtaining the information pertaining to persons who did not enroll in its courses. Because Plaintiffs concede that USI obtains information on certain persons in the VTR Database (its students) for a permissible purpose, and because Plaintiffs do not allege that USI obtains the information on the remainder of persons in the VTR Database for a different purpose, Plaintiffs admit that USI purchases the entire VTR Database for the same purpose--which is to say a permissible purpose. In view of this absence of any impermissible purpose allegation, Plaintiffs also attempt to rely upon the unsupported assertion that the DPPA prohibits the sale or obtainment of the 11 12 Id. �� 2721(b)(2), (b)(3), and (b)(14). Complaint � 73 ("Defendants may have a permissible use under the DPPA for obtaining `personal information' for some of the people in the database . . . ."). -5HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 6 of 10 complete VTR Database because the Act "contemplate[s]" verification of student identities only "on a case-by-case basis." The U.S. Supreme Court already has rejected this argument by observing that the Act regulates the States as owners and sellers "of databases." 13 Plaintiffs' interpretation of the DPPA as prohibiting bulk sales also is contrary to that of: (1) the U.S. District Court for the Eastern District of Louisiana; 14 (2) the U.S. Department of Justice (the agency tasked with ensuring DPPA compliance by the States); 15 (3) the Federal Bureau of Investigation; 16 (4) Texas law's express allowance for "bulk" sales of DPPA-regulated data; 17 (5) all other states that sell their motor vehicle record information on a bulk basis; (6) the Reno v. Condon, 528 U.S. 141, 151, 120 S. Ct. 666, 672 (2000) ("The DPPA regulates the States as the owners of data bases." (emphasis added)). Accord: Rios v. Direct Mail Express, Inc., 435 F. Supp.2d 1199, 1206 (S.D. Fla. 2006) ("[A] key component of the Reno holding was the court's finding that the DPPA regulates the states as the owners of databases . . . ."). 14 13 Russell v. Choicepoint Servs., Inc., 302 F. Supp.2d 654, 665�66 (E.D. La. 2004) ("Defendant contends that this congressional linguistic choice, among others, reveals an intent to allow companies like Reed Elsevier to obtain and resell drivers' personal information to parties with a permissible use under the DPPA. The Court agrees."). October 9, 1998 Letter from Robert C. McFetridge, Special Counsel to the Assistant Attorney General, Civil Division, United States Department of Justice, to Peter Sacks, Chief, Government Bureau, Office of the Massachusetts Attorney General, at 1 ("[Y]ou posed the question of whether the Massachusetts Registry of Motor Vehicles may release personal information to a commercial distributor who disseminates the information only to other authorized recipients or entities that use the information solely for authorized purposes. Under these circumstances, we believe that such releases are permissible under the statute. We agree with the general proposition that a commercial distributor may qualify as an authorized recipient of personal information under the statute.") (attached as Ex. A). Accord: 18 U.S.C. � 2723(b) ("Any State department of motor vehicles that has a policy or practice of substantial noncompliance with this chapter shall be subject to a civil penalty imposed by the Attorney General . . . ."). March 24, 1999 Testimony of Louis J. Freeh, Director, Federal Bureau of Investigation, Before the Senate Committee on Appropriations, Subcommittee for the Departments of Commerce, Justice, and State, the Judiciary, and Related Agencies, at 6 ("The FBI subscribes to various commercial on-line databases, such as Lexis/Nexis, Dun & Bradstreet, and others, to obtain public source information regarding individuals, businesses, and organizations that are subjects of investigations. Information obtained includes . . . motor vehicle registration records . . . .") (attached as Ex. B). 37 Tex. Admin. Code � 15.141(a) (entitled "Bulk Requests for Driver Record Information" and stating, "[t]he department will release personal information to qualified requestors only after a written agreement has been signed by both parties"). 17 16 15 -6HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 7 of 10 legislators who enacted the DPPA; 18 and (7) those persons and entities across the country that purchase motor vehicle record information on a bulk basis for a DPPA-permitted purpose. Nothing in the DPPA prohibits obtainment of the entire VTR Database, provided the obtainment is made for a permissible purpose. Plaintiffs admit that USI satisfies that requirement, and thus Plaintiffs' claims against it should be dismissed. B. The DPPA Does Not Require that Permissibly Obtained Data Be Used Nor does the DPPA require that permissibly obtained information actually be used, immediately or otherwise. There is no "use" requirement in the DPPA, and thus no prohibition on nonuse--for a day, a year, or into perpetuity. That permissibly obtained data is not put to use by the obtainer is immaterial because the Act does not impose liability for nonuse. A DPPA claim is not created because an entity obtains data for a permissible purpose, and then opts not to use that data in any way. Permissibly obtained data remains as such notwithstanding nonuse. Liability under the DPPA thus turns not upon nonuse or upon the absence of an "immediately contemplated use," but rather upon the question of whether the obtainment was made for a permissible purpose. The decisive factor is whether the data was obtained for a permissible purpose. Here, it was. Plaintiffs do not dispute that USI obtained the VTR Database for the permissible purpose of verifying the identity of it students, and thus the nonuse of some of the information contained in the VTR Database does not provide a basis for the imposition of liability. 18 E.g., 139 Cong. Rec. E2747-02 (1993) (statement of Rep. Moran: "H.R. 3365 acknowledges that there are many businesses that depend on access to motor vehicle records to serve their customers, including insurance companies, financial institutions, vehicle dealers, and others. By focusing this legislation on the personal information contained within a driver file, this bill does not limit those legitimate organizations in using the information."). -7HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 8 of 10 To the extent they are making it, Plaintiffs' "improper use" claim also fails for similar reasons. 19 Plaintiffs assert that USI improperly "uses" their personal information by storing it in a database for later use. 20 But storage is not use; it is nonuse. Because the DPPA does not require use of permissibly obtained data, it does not impose liability for nonuse. If it exists, Plaintiffs' improper use claim cannot be credited and should be dismissed. III. Conclusion For each of these reasons, and for the reasons stated in Defendants' Consolidated Response and in USI's Motion to Dismiss and related filings, Plaintiffs' claims should be dismissed as to USI. Respectfully submitted, _________________________________ Michael C. Smith State Bar No. 18650410 SIEBMAN REYNOLDS BURG PHILLIPS & SMITH LLP 713 South Washington Avenue Marshall, Texas 75670 Telephone: (903) 938-8900 Facsimile: (972) 767-4620 E-Mail: michaelsmith@siebman.com Lead Attorney for Defendant U.S. INTERACTIVE, INC. Whether Plaintiffs are making an improper use claim is unclear. Cf. Plaintiffs' Statement at 1 ("Each Defendant named in this litigation has obtained and used each named Plaintiffs' personal information from the State of Texas in violation of the [DPPA]." (emphasis added)) with Plaintiffs' Statement at 1 ("What follows is a breakdown, by case, discussing how each individual Defendant violated the DPPA by either improperly obtaining, or using various groups of named Plaintiffs' personal information . . . ." (emphasis added)). To the extent Plaintiffs are making an improper use claim against USI, that claim fails for the reasons explained in the main text. Plaintiffs' Statement at 38 ("[T]his Defendant has continued to use Plaintiffs' personal information by maintaining a database containing the above-referenced Plaintiffs' personal information as part and parcel to the conduct of its ordinary business activities and as a business resource."). USI assumes the truth of this allegation only for purposes of its Motion to Dismiss and this supplemental response. 20 19 -8HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 9 of 10 OF COUNSEL: Walter J. Cicack State Bar No. 04250535 Karl E. Neudorfer State Bar No. 24053388 SEYFARTH SHAW LLP 700 Louisiana Street, Suite 3700 Houston, Texas 77002 Telephone: (713) 225-2300 Facsimile: (713) 225-2340 E-Mail: wcicack@seyfarth.com Michael A. Hawash State Bar No. 00792061 FARRAR & BALL 1010 Lamar, Suite 1600 Houston, TX 77002 Telephone: (713) 221-8300 E-Mail: michael@fbtrial.com -9HO1 13096236.1 Case 2:07-cv-00001 Document 75 Filed 04/21/2008 Page 10 of 10 CERTIFICATE OF SERVICE I certify that on this 21st day of April, 2008, I electronically filed the foregoing Supplemental Response of Defendant U.S. Interactive, Inc. to Plaintiffs' Statement of Violations of the Driver's Privacy Protection Act with the Clerk of this Court using the Court's CM/ECF system, which will send notification of such filing and serve a copy of same upon all known counsel of record who have appeared and consented to electronic service. Any other counsel of record will be served via facsimile transmission or first class mail. Michael C. Smith - 10 HO1 13096236.1

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?