DONOVAN W. FRANK, District Judge.
This matter is before the Court on the following motions: (1) Defendant Hennepin County's ("Hennepin County") Motion to Dismiss and/or for Summary Judgment and/or to Sever with respect to Plaintiff Brook Mallak's ("Plaintiff") Complaint relating primarily to violations of the Driver's
The Department of Vehicle Services ("DVS") is a division of the Minnesota Department of Public Safety ("DPS"). (Doc. No. 1, Compl. ¶ 53.) DPS maintains a database that contains the motor-vehicle records for Minnesota Drivers ("DVS Database"), which includes "names, dates of birth, driver's license numbers, addresses, driver's license photos, weights, heights, social security numbers, various health and disability information, and eye colors of Minnesota drivers." (Id. ¶¶ 53-54.)
Plaintiff is a practicing attorney in Brainerd and Little Falls, Minnesota. (Id. ¶ 44.) Plaintiff alleges she has "well established" and "long-standing ties within the community." (Id. ¶¶ 45-46, 51.) Plaintiff was a full-time public defender between 2003 and 2008 in Crow Wing and Aitkin Counties, who represented adult criminal defendants, juvenile delinquents, and parties in child welfare matters. (Id. ¶ 48.) Plaintiff has also served on Crow Wing County Drug and DWI Courts and a number of steering committees, has volunteered with high school students, and has taught as an adjunct teacher at Bemidji State University. (Id. ¶ 52.)
Plaintiff requested an audit report from DPS in March 2013, at which time she learned that her driver's license information had been accessed by Minnesota municipal and state personnel approximately 190 times between 2003 and 2012. (Id. ¶¶ 1-2, 55-76, 120-123 & Ex. A.) Plaintiff alleges that she provided the following to DPS: her address, color photograph, social security number, date of birth, weight, height, and eye color. (Id. ¶ 173.) Plaintiff alleges that each of these searches was run by her name, rather than by her license plate number or driver's license number. (Id. ¶ 3.) Plaintiff further alleges that these accesses were done knowingly, and that she had committed no crimes that would have justified any of the accesses identified in her Complaint. (Id. ¶¶ 77-78.) Searches allegedly made by Defendants are summarized as follows:
Entity TOTAL number of accesses Aitkin County 5 City of Baxter 4 City of Brainerd 7 Cass County 5
City of Crosslake 2 Crow Wing County 81 City of Fridley 2 Hennepin County 1 City of Little Falls 22 City of Long Prairie 1 City of Minneapolis 1 Morrison County 1 City of Pine River 1 Ramsey County 1 Scott County 7 City of St. Cloud 1 St. Louis County 1 City of Staples 2 Wright County 1
(Id. ¶¶ 56-76 & Ex. A.) Plaintiff alleges that it has been established by a report and corresponding hearing of the Minnesota Office of the Legislative Auditor and magazine articles that law enforcement in Minnesota misuses state databases. (Id. ¶¶ 141-44, 162.) Plaintiff alleges that as a result of learning that her information had been viewed on these occasions, she felt "victimized, nervous, angry, anxious, nauseated, and feared for her safety when alone." (Id. ¶ 124.)
Plaintiff brings her lawsuit against ten Minnesota counties and ten Minnesota cities (including, City Defendants, County Defendants, Hennepin County, Ramsey County and Anoka County). (Id. ¶¶ 12-32.) Plaintiff also brings suit against the following: "Entity Does," which are various unknown municipalities (id. ¶ 33); Jane and John Does, who are law enforcement supervisors, officers, or employees of municipal entities or other federal, state, county, or municipal entities in Minnesota (in their individual capacities) (id. ¶ 35); Commissioner Michael Campion and Commissioner Ramona Dohman, Commissioners of DPS (in their individual capacities) (id. ¶¶ 38-39); and "DPS Does," who are officers, supervisors, employees, independent contractors or agents of the Minnesota Department of Public Safety (in their individual capacities) (id. ¶ 42).
With respect to the Commissioner Defendants, Plaintiff alleges that they directed the creation of the DVS Database that includes the driver's license records and also directed its maintenance and updating. (Id. ¶¶ 80-81.) She also alleges that they knowingly directed the provision of access to that database, that they should have known the data was being accessed on multiple occasions, and that any unauthorized access could have been prevented, but was not. (Id. ¶¶ 82-85.) Plaintiff alleges that, as a result, the Commissioner Defendants "knowingly authorized, directed, ratified, approved, acquiesced in, committed or participated in the disclosure of protected data." (Id. ¶ 86; see also id. ¶¶ 94-95.) Plaintiff alleges that the Commissioners failed to create effective monitoring of the system and did not implement adequate training for the system. (Id. ¶¶ 99-100.) Finally, Plaintiff alleges that the Commissioner Defendants knew of impermissible accesses by law enforcement officers, and knew law enforcement officers were viewing private data contained in the database. (Id. ¶¶ 104-07.)
In her Complaint, Plaintiff asserts the following claims: (1) violation of the DPPA
In deciding a motion to dismiss pursuant to Rule 12(b)(6), a court assumes all facts in the complaint to be true and construes all reasonable inferences from those facts in the light most favorable to the complainant. Morton v. Becker, 793 F.2d 185, 187 (8th Cir.1986). In doing so, however, a court need not accept as true wholly conclusory allegations, Hanten v. Sch. Dist. of Riverview Gardens, 183 F.3d 799, 805 (8th Cir.1999), or legal conclusions drawn by the pleader from the facts alleged. Westcott v. City of Omaha, 901 F.2d 1486, 1488 (8th Cir.1990). A court may consider the complaint, matters of public record, orders, materials embraced by the complaint, and exhibits attached to the complaint in deciding a motion to dismiss under Rule 12(b)(6). Porous Media Corp. v. Pall Corp., 186 F.3d 1077, 1079 (8th Cir.1999).
To survive a motion to dismiss, a complaint must contain "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). Although a complaint need not contain "detailed factual allegations," it must contain facts with enough specificity "to raise a right to relief above the speculative level." Id. at 555, 127 S.Ct. 1955. As the United States Supreme Court recently reiterated, "[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements," will not pass muster under Twombly. Ashcroft v. Iqbal, 556 U.S. 662, 663, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (citing Twombly, 550 U.S. at 555, 127 S.Ct. 1955). In sum, this standard "calls for enough fact[s] to raise a reasonable expectation that discovery will reveal evidence of [the claim]." Twombly, 550 U.S. at 556, 127 S.Ct. 1955.
The DPPA, 18 U.S.C. §§ 2721-2725, regulates the disclosure of personal information contained in records accessible through state departments of motor vehicles ("DMVs"). Maracich v. Spears, ___ U.S. ___, 133 S.Ct. 2191, 2195, 186 L.Ed.2d 275 (2013). Congress enacted the DPPA in 1994 to address privacy concerns with respect to personal information contained in motor vehicles records, including concerns relating to threatening or criminal use of that information. See Gordon v. Softech Int'l, Inc., 726 F.3d 42, 45 (2d Cir.2013) (citing congressional record); Senne v. Vill. of Palatine, Ill., 695 F.3d 597, 607 (7th Cir.2012) (same). Under the DPPA, a "State department of motor vehicles, and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity ... personal information ... about any individual obtained by the department in connection with a motor vehicle record" except as allowed under 18 U.S.C.
The DPPA defines "personal information" as "information that identifies an individual," and includes a person's "photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information...." 18 U.S.C. § 2725(3). "Person" means "an individual, organization or entity, but does not include a State or agency thereof[.]" 18 U.S.C. § 2725(2). The Attorney General can bring a claim against a State department of motor vehicles with a "policy or practice of substantial noncompliance" and can seek civil penalties. 18 U.S.C. § 2723(b).
There are multiple exceptions for which disclosure of driver's license information is permitted. See 18 U.S.C. § 2721(b)(1)-(14) (emphasis added). These exceptions generally relate to various governmental and business purposes, such as "use by any government agency, including any court or law enforcement agency, in carrying out its functions," as well as provisions relating to the resale and disclosure of information by authorized recipients for permitted purposes. See 18 U.S.C. § 2721(b) & (c). The exceptions are intended to be broadly applied. See Kost v. Hunt, 983 F.Supp.2d 1121, 1133-34, Civ. No. 13-583, 2013 WL 6048921, at *12 (D.Minn. Nov. 15, 2013) (Ericksen, J.).
With respect to remedies, the DPPA provides for:
18 U.S.C. § 2724(b). The DPPA also allows for criminal fines against an individual who "knowingly violates this chapter[,]" 18 U.S.C. § 2723(a), as well as civil penalties for noncompliance by a "State Department of Motor Vehicles." 18 U.S.C. § 2723(b).
The DPPA does not include a statute of limitations provision. However, the parties agree that the general four-year statute of limitations provided for by 28 U.S.C. § 1658(a) applies in this case. (See, e.g., Doc. No. 41, at 8; Doc. No. 46, at 18.) However, the parties dispute when this four-year period began to run. Plaintiffs argue that the "discovery rule" applies to DPPA claims and that the cause of action does not begin to accrue until the plaintiff has "discovered" it. See Merck & Co. v. Reynolds, 559 U.S. 633, 644, 130 S.Ct. 1784, 176 L.Ed.2d 582 (2010). In this case, application of the discovery rule would mean the clock started running in March 2013 when Plaintiff requested and received an audit report from DPS and, at that time, discovered that her records had been accessed. (Compl. ¶¶ 120-23.) Defendants argue that the "standard rule" applies. (See, e.g., Doc. No. 22, at 12-13.) Under the standard rule, "a claim accrues when the plaintiff has a complete and present cause of action." Gabelli v. S.E.C., ___ U.S. ___, 133 S.Ct. 1216, 1220, 185 L.Ed.2d 297 (2013) (internal quotations and citations omitted). In this case, under the standard rule, the clock would have started running at the time the records were actually accessed. See id.
Moreover, in so holding, decisions in this district have thoroughly analyzed the relevant case law, the text and structure of the relevant statute of limitations, the nature of DPPA claims, and legislative history in coming to their decisions. See, e.g., Rasmusson, 991 F.Supp.2d at 1079-83, 2014 WL 107067, at *11-14 (holding that the standard rule applies in light of case precedent,
Plaintiff argues that 28 U.S.C. § 1658 does not implicitly
Plaintiff also argues that this is the type of case that compels application of the discovery rule in the interest of fairness. However, this case is not a case that "cries out" for the discovery rule, such as a case relating to fraud, concealment, latent injury, or certain medical malpractice scenarios. See Gabelli, 133 S.Ct. at 1217 (the discovery rule applies "where a defendant's deceptive conduct may prevent a plaintiff from even knowing that he or she has been defrauded") (emphasis in original); Gross, 906 F.Supp.2d at 810-11 (the discovery rule can be applicable where the injury is "unknown and inherently unknowable," such as in the medical malpractice or product liability context; the injury is not just difficult to discover, but is "nearly impossible" to discover).
Here, while Plaintiff alleges that Defendants exercised "secrecy" and that Plaintiff could not have known about her injury, this is the extent of Plaintiff's allegations. These allegations do not constitute specific facts regarding fraud, concealment or latent injury and do not rise to the level of being "inherently unknowable." See, e.g., Rasmusson, 991 F.Supp.2d at 1081-82, 2014 WL 107067, at *13 (no deceptive conduct or concealment was alleged). Here, Plaintiff could have contacted DVS at any time, and thus could have learned of any lookups of her driver's license information. If the information regarding the lookups can be accessed at any time, it is incapable of being concealed or "secret." Merely being unknown is insufficient, the information
Considering the DPPA-related cases that have declined to apply the discovery rule, their detailed reasoning, and the additional reasons set forth above, the Court agrees that the standard rule applies to the statute of limitations in the context of DPPA cases. As a result, claims related to accesses before August 5, 2009, are properly dismissed as follows:
To state a claim under the DPPA, a plaintiff must allege that: (1) a defendant knowingly obtained, disclosed or used personal information; (2) from a motor vehicle record; (3) for a purpose not permitted. 18 U.S.C. § 2724(a); Taylor v. Acxion Corp., 612 F.3d 325, 335 (5th Cir.2010). It is the plaintiff's burden to prove these three elements. Smythe, 2013 WL 2443849, at *4 (citing rulings from the Eleventh, Fourth, and Ninth Circuits on this issue).
Defendants
Additionally, based on these definitions and the nature of the data at issue, physical possession is not required for "obtainment."
Moreover, Congress's failure to define "obtain" does not render the term ambiguous under Gregory. Gregory v. Ashcroft, 501 U.S. 452, 460-64, 111 S.Ct. 2395, 115 L.Ed.2d 410 (1991) (holding that courts should assess ambiguities by examining whether Congress made it "unmistakably clear in the language of the statute" what interpretation was intended). The DPPA can be understood by examination of its ordinary meaning and by applying common sense. A common sense understanding of the type of data at issue in DPPA cases is that once the information is viewed, it may be "possessed" or "obtained." The Court is not "reading into a statute provisions that do not exist" as argued by the Defendants, but instead is giving the term "obtain" (which is included in the statute) its ordinary meaning. See, e.g., Nelson, 2013 WL 5888235, at *2-3.
Defendants warn that Plaintiff's interpretation "of the DPPA would make a
Given this limiting language—that access be for "a purpose not permitted"—the Court agrees with Defendants and other courts in this district that to state a claim under the DPPA, a plaintiff must allege that the information was obtained "for a purpose not permitted."
Thus, whether Defendants' accesses of Plaintiff's driver's license record in this case supports a valid DPPA claim depends on the specific allegations in the Complaint and whether the information was obtained for a permitted purpose.
In light of the Court's analysis above relating to "obtaining" and "permitted purposes," the Court now examines whether Plaintiff has adequately stated a claim against the City and County Defendants (the Court addresses the Commissioners separately, below) under the DPPA.
Plaintiff further alleges that in each of these instances, her driver's license information was obtained based on searches "made by name, not license plate number." (Id. ¶ 3.) Again, she alleges approximately 190 accesses. (Id. ¶ 3, Ex. A.) She also alleges that misuse of state databases has been established by a state report and hearing, and various magazine articles. (Id. ¶¶ 141-44, 162.) She alleges that she had not committed any crimes that would have otherwise potentially justified such accesses. (Id. ¶ 78.) Additionally, Plaintiff alleges that she is a well-known attorney in her area with strong ties to the community. (Id. ¶¶ 44-52.) Finally, the detailed audit reveals searches for Plaintiff's information conducted at about three and four o'clock in the morning. (See id. ¶¶ 3, 78 & Ex. A.) At this stage, these facts taken together sufficiently state a plausible claim that Plaintiff's records were not accessed for a "permitted" purpose. In sum, Plaintiff puts forth sufficient allegations, when considered cumulatively, to "raise a reasonable expectation that discovery will reveal evidence of [a DPPA claim]." Twombly, 550 U.S. at 556, 127 S.Ct. 1955.
These facts distinguish this case from other cases
Moreover, Plaintiffs in other cases in this district have only generally alleged that the defendants' activities failed to fall within permitted exceptions and that the sheer number of accesses created a reasonable inference of a violation. See, e.g., Potocnik, 2014 WL 683980, at *3. This Court agrees that access-volume alone is not enough. Here, however, Plaintiff alleges more than these other cases; thus, the Court finds that Plaintiff has adequately stated a claim.
Defendants argue that Plaintiff's claims should be dismissed because Plaintiff has failed to allege any "actual damages" per the DPPA which reads: "The court may award—(1) actual damages, but not less than liquidated damages in the amount of $2,500...." 18 U.S.C. § 2724(b). As articulated in Kost, the DPPA does not require a showing of entitlement to actual or liquidated damages as a prerequisite to state a valid claim upon which relief can be granted. Also, the DPPA's remedies provision includes a number of potential remedies that are discretionary for the court ("the court may award"), and a plaintiff can later choose which damages she seeks to prove at trial. Kost, 983 F.Supp.2d at 1130-32, 2013 WL 6048921, at *9-10. Thus, at this stage, dismissal based on failure to plead actual damages is both premature and inappropriate. The Court declines to dismiss the DPPA claims on this basis at this time.
A § 1983 claim imposes liability on anyone who, under color of state law, deprives a person of rights secured by either the Constitution or federal laws. 42 U.S.C. § 1983; West v. Atkins, 487 U.S. 42, 48, 108 S.Ct. 2250, 101 L.Ed.2d 40 (1988). While it is well-settled that § 1983 provides a remedy for violations of statutory as well as constitutional rights, § 1983 does not provide a remedy for all federal laws, but only for federally protected rights. Blessing v. Freestone, 520 U.S. 329, 340, 117 S.Ct. 1353, 137 L.Ed.2d 569 (1997) (citations omitted). Section 1983 is not itself a source of substantive rights, but is the procedural vehicle through which to vindicate federal rights elsewhere conferred. Albright v. Oliver, 510 U.S. 266, 271, 114 S.Ct. 807, 127 L.Ed.2d 114 (1994).
Congressional establishment of a comprehensive remedial scheme forecloses use of § 1983 as a remedy for violation of federal statutes.
Plaintiff first argues that the DPPA itself confers rights separately enforceable under § 1983. Plaintiff relies primarily on Collier v. Dickinson, in which the Eleventh Circuit held that the DPPA creates a statutory right to privacy enforceable under § 1983. 477 F.3d 1306, 1311 (11th Cir.2007). Plaintiff further argues that there is no conflict between the DPPA and a § 1983 claim because Plaintiff is "merely pursuing an alternative form of relief." The Court disagrees.
These issues have been addressed in a number of decisions in this district, as well as in other district courts. Various courts have held that, irrespective of whether a plaintiff is able to demonstrate that the DPPA confers a federally protected right in accordance with the "Blessing test," Congress intended to create a comprehensive enforcement scheme through the DPPA and to thereby preclude a remedy under § 1983. See, e.g., Rasmusson, 991 F.Supp.2d at 1072-74, 2014 WL 107067, at *4-6 (holding that the comprehensive nature of the DPPA's remedial scheme, along with an analysis of various circuit court decisions, "indicate Congress's intent to foreclose a remedy under § 1983" and dismissing the plaintiff's § 1983 claim based on an underlying DPPA violation as a result); Nelson, 2013 WL 5888235, at *5-7 (holding that the "DPPA's remedial scheme, which is both comprehensive and more restrictive than § 1983, expresses Congress's intent to preclude other means of enforcement" and dismissing the plaintiff's § 1983 claim based on an underlying DPPA violation as a result); Kiminski, 2013 WL 6872425, at *10-14 (same); Bass, 998 F.Supp.2d at 823-24, 2014 WL 683969, at *6-7 (same and citing Kiminski); Roberts v. Source for Pub. Data, 606 F.Supp.2d 1042, 1046 (W.D.Mo.2008) (same); Kraege v. Busalacchi, 687 F.Supp.2d 834, 840-41 (W.D.Wis.2009) (same). Here too, the Court adopts the reasoning of Rasmusson and Kiminski on these issues.
In rendering their decisions, courts in this district have also considered the City of Rancho Palos Verdes, Cal. v. Abrams, 544 U.S. 113, 125 S.Ct. 1453, 161 L.Ed.2d 316 (2005), which held that a statute that includes "an express, private means of redress"
Thus, this Court agrees that the DPPA is a comprehensive remedial scheme that precludes a DPPA-based claim under § 1983, and the Court dismisses Plaintiff's § 1983 claims based on an underlying DPPA violation.
Plaintiff also brings a claim under § 1983 on the ground that the access of her driver's record violates her constitutional right to privacy.
First, Plaintiff argues that, according to the Supreme Court's recent decision in Maracich, a right to privacy exists with respect to Plaintiff's private personal information found in her driver's record. However, neither Maracich nor any other case is so clear on this issue. Maracich did not directly address the issue of whether a constitutional right to privacy in driver's license records exists, but instead addressed whether an attorney's solicitation of clients constitutes a "permissible purpose" under the DPPA. Maracich, 133 S.Ct. at 2195-96. While
Second, Plaintiff alleges that the information at issue includes a person's "address, color photograph, date of birth, weight, height and eye color, and in some instances, [his or her] medical and/or disability information." (Compl. ¶ 67 (emphasis added).) No case has yet found that a constitutional right to privacy exists under the Fourth or Fourteenth Amendment for the type of information typically found in driver's licenses and protected by the DPPA (address, color photograph, date of birth, weight, height, and eye color). Condon v. Reno, 155 F.3d 453, 464 (4th Cir. 1998) rev'd on other grounds by Reno v. Condon, 528 U.S. 141, 120 S.Ct. 666, 145 L.Ed.2d 587 (2000) ("Of particular importance here, neither the Supreme Court nor this Court has ever found a constitutional right to privacy with respect to the type of information found in motor vehicle records."); Pryor v. Reno, 171 F.3d 1281 (11th Cir.1999) rev'd on other grounds by Reno v. Pryor, 528 U.S. 1111, 120 S.Ct. 929, 145 L.Ed.2d 807 (2000). Courts in this district have agreed. See, e.g., Rasmusson, 991 F.Supp.2d at 1074, 2014 WL 107067, at *6; Kiminski, 2013 WL 6872425, at *14; McDonough, 2014 WL 683998, at *4-6. Certainly, that this information is readily and regularly disclosed anywhere one presents a driver's license shows there is no reasonable expectation of privacy in such information. See, e.g., Kiminski, 2013 WL 6872425, at *14. The Court adopts the reasoning of the courts in this district in that regard. See id.
Plaintiff focuses her argument on the fact that the above-mentioned cases "failed to acknowledge more is contained in a motor vehicle record than just one's address, height, weight, and photograph" (Doc. No. 41, at 20); Plaintiff maintains that social security numbers ("SSNs") and other sensitive health records have long been established to be "intimate personal information" that are constitutionally protected. The Court disagrees.
The question of whether there is a constitutional right to privacy in SSNs is unsettled, and has not been resolved by the Eighth Circuit. Some courts have held that disclosure of SSNs without permission violates the constitutional right of privacy. See Arakawa v. Sakata, 133 F.Supp.2d 1223, 1229 (D.Hawai'i 2001) (considering "the voluminous and largely ambiguous case law on the subject" of privacy rights in confidential information and concluding that the public disclosure of motorists' social security numbers violated constitutional privacy rights). Other courts have roundly rejected the contention that there is such a constitutional right to privacy. Cassano v. Carb, 436 F.3d 74, 75 (2d Cir. 2006) (holding that "the Constitution does not provide a right to privacy in one's SSN"); McElrath v. Califano, 615 F.2d 434, 441 (7th Cir.1980) (holding that disclosure of social security number as a condition of eligibility for government financial assistance did not violate plaintiff's right to privacy) (citations omitted). And, while these courts have primarily only addressed the release of social security numbers to official agencies (rather than individuals
With respect to the medical information that Plaintiff alleges is included in driver's license records, such information may be protected in some instances, but is not always protected. See Cooksey, 289 F.3d at 517. Here, however, Plaintiff does not allege that her driver's record includes medical records, and does not allege that her medical information was accessed. As a result, without deciding the issue of whether medical records are constitutionally protected, the Court holds that Plaintiff has failed to state a claim based on a constitutional right to privacy in her medical information.
For the above reasons, the Court holds that Plaintiff's claims under § 1983 based on a constitutional right to privacy are properly dismissed.
There can be no Monell claim where there is no underlying violation of Plaintiff's constitutional rights. See Brockinton v. City of Sherwood, 503 F.3d 667, 674 (8th Cir.2007). Because Plaintiff has not established an underlying violation of any constitutional right (see supra Section III.B.), any Monell claim against the City and County Defendants must be dismissed.
Defendants claim that they are entitled to qualified immunity on Plaintiff's claims. Qualified immunity is a defense only against a claim in one's individual capacity. Johnson v. Outboard Marine Corp., 172 F.3d 531, 535 (8th Cir.1999). Qualified immunity protects government officials and employees performing discretionary functions "from liability for civil damages insofar as their conduct does not violate clearly established statutory or constitutional rights of which a reasonable person would have known." Saucier v. Katz, 533 U.S. 194, 202, 121 S.Ct. 2151, 150 L.Ed.2d 272 (2001). To state a claim for qualified immunity, the plaintiff must assert a violation of a statutory or constitutional right, and the alleged right must be clearly established at the time of the alleged misconduct. Id.
Here, at this stage of the proceedings, plaintiff has adequately alleged the violation of a clearly established statutory right. The DPPA is clear that accessing driver's license information without a permissible purpose violates the law. The DPPA has been in place since 1994. By August 2009, Defendants would have been on notice of the DPPA and its prohibition of the access of driver's license information for impermissible purposes.
It may well be that, as this case proceeds, Defendants will be able to establish that they are entitled to qualified immunity because their actions were not "clearly established" violations of the law. However, given the allegations at this stage, if Defendants accessed Plaintiff's data for an impermissible purpose as alleged, it was clearly established in 2009 and thereafter, that doing so constituted a violation of the
Minnesota first recognized a claim for invasion of privacy in 1998. Lake v. Wal-Mart Stores, Inc., 582 N.W.2d 231, 235 (Minn.1998). The Minnesota Supreme Court adopted three separate causes of action that are generally referred to as invasion of privacy. Id. Here, Plaintiff's claim is for intrusion upon seclusion.
Intrusion upon seclusion is actionable when "one intentionally intrudes, physically or otherwise upon the solitude or seclusion of another or his private affairs or concerns, if the intrusion would be highly offensive to a reasonable person." Lake v. Wal-Mart, 582 N.W.2d at 233 (citations omitted); Swarthout v. Mut. Serv. Life Ins. Co., 632 N.W.2d 741, 744 (Minn.Ct.App.2001).
What is "highly offensive" is generally considered a "question of fact" for the jury, and only becomes a question of law "if reasonable persons can draw only one conclusion from the evidence." Swarthout, 632 N.W.2d at 745. To determine whether an interference is offensive, courts consider: "the degree of intrusion, the context, conduct and circumstances surrounding the intrusion as well as the intruder's motives and objectives, the setting into which he intrudes, and the expectations of those whose privacy is invaded" and "the number and frequency of the intrusive contacts." Bauer v. Ford Motor Credit Co., 149 F.Supp.2d 1106, 1109 (D.Minn.2001). The interference must be a "substantial one, of a kind that would be highly offensive to the ordinary reasonable person, as the result of conduct to which the reasonable person would strongly object." Swarthout, 632 N.W.2d at 745 (internal citations omitted). For example, in Lake v. Wal-Mart, the court found allegations that nude photographs of the plaintiffs had been publicized were sufficient to state a claim for invasion of privacy. 582 N.W.2d at 235. In Swarthout, the court found that "[v]iewing this record in the light most favorable to [the plaintiff] we cannot say that, as a matter of law, the altering of [the plaintiff's] release and the illicit obtaining, conveying, and publicizing of his private medical information was not the `substantial' and `highly offensive' intrusion upon Swarthout's seclusion that would satisfy the ... [intrusion upon seclusion] test." 632 N.W.2d at 745.
Here, the Court finds that "reasonable persons can draw only one conclusion from the evidence"—that the access of information as alleged by Plaintiff cannot
Second, though Plaintiff points to the viewing of medical information and social security numbers to satisfy the standard, Plaintiff has failed to adequately make any such allegations about the accesses to her record. Plaintiff alleges that her social security number was provided to DPS (Compl. ¶ 173), but never alleges it was viewed or accessed. (See id. ¶ 79 (Plaintiff alleges Defendants viewed: "her home address, color photograph or image, date of birth, eye color, height, weight and driver identification number.").) Plaintiff makes no allegations about her medical information. Therefore, Plaintiff has failed to sufficiently allege the existence of an intrusion that could be considered by a jury to be "highly offensive" or that is based on a "legitimate expectation of privacy." All claims for invasion of privacy are thus dismissed.
Plaintiff alleges that the Commissioner Defendants directed the construction of an electronic database consisting of Minnesota drivers' information, and then granted law enforcement officers and other governmental personnel access to the database without proper training or instruction and without proper monitoring or restrictions. Furthermore, Plaintiff argues that the Commissioner Defendants knew that there were illegal accesses and that misuse of the database was widespread. For these actions, Plaintiff sues the Commissioner Defendants in their individual capacities under the DPPA, § 1983, and for invasion of privacy.
Because Plaintiff seeks redress against the Commissioner Defendants in their individual capacities, to state a claim, Plaintiff must show that each Commissioner is "a person who knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a purpose not permitted." 18 U.S.C. § 2724(a). A "person" is "an individual, organization or entity" but cannot be "a State or agency thereof." 18 U.S.C. § 2725(3). Pursuant to the plain language of the statute, any obtainment,
Plaintiff argues that the following allegations are sufficient to show an "impermissible purpose" by the Commissioner Defendants: (a) they had the ability to determine if unauthorized access was being made and to prevent it; (b) they failed to prevent unauthorized access to Plaintiff's private data; (c) they knowingly authorized, directed, ratified, approved, acquiesced in, committed, or participated in the disclosure of Plaintiff's private data; and (d) they knowingly disclosed Plaintiff's private data and violated state policy by devising and implementing the DVS Database that failed to uphold Plaintiff's privacy rights as required by the DPPA. But, in reality, Plaintiff's allegations amount to a claim that the Commissioner Defendants violated the DPPA by releasing the information to their respective employees and agencies for a permitted purpose (i.e., doing their jobs), but without proper safeguards, training, or monitoring. This is not the same as releasing the information for an impermissible purpose. As explained in Kiminski, Plaintiff's reading would require a deviation from the plain language of the statute and is not supported by law. Kiminski, 2013 WL 6872425, at *8. The possibility that the Commissioner Defendants disclosed the data for the permissible purpose of allowing law enforcement officers and other governmental personnel to do their jobs is just too great for Plaintiff to overcome without specific allegations to the contrary; Plaintiff offers none. In fact, the type of situation described by Plaintiff is explicitly contemplated and addressed by the DPPA itself, which allows the Attorney General to impose civil penalties upon a state department of motor vehicles that has a "policy or practice of substantial noncompliance" with respect to driver's license information and records. 18 U.S.C. § 2723(b); Kiminski, 2013 WL 6872425, at *8. Furthermore, any allegations made by Plaintiff with respect to the February 2013 hearing
Finally, Plaintiff argues that Gordon, 726 F.3d 42, creates a duty of care to which the Commissioners must be held with respect to driver's license data. In Kiminski, the court generally held that Gordon is inconsistent with the plain language of the DPPA and the Commissioner Defendants cannot be held individually liable for systemic issues as alleged in the complaint. 2013 WL 6872425, at *8-9. Again, the Court finds the reasoning in Kiminski persuasive and adopts it.
With respect to Plaintiff's § 1983 claims against the Commissioner Defendants, because the Court has already held that Plaintiff cannot state a claim under § 1983 (see detailed analysis in Section III, supra), these claims are also dismissed against the Commissioner Defendants. Similarly, although the Commissioner Defendants did not address the question of invasion of privacy, the Court finds that the legal and factual issues with respect to the Commissioner Defendants are not materially different from those alleged against the other Defendants. As a matter of law, Plaintiff has alleged no conduct that could rise to the requisite level of offensiveness to state an invasion of privacy claim. Thus, all claims against the Commissioner Defendants and DPS Does are properly dismissed.
Hennepin County also seeks summary judgment. However, because no claims remain against Hennepin County, this motion is moot.
The County Defendants seek summary judgment as to the allegations relating to the fifteen occasions on which Plaintiff's DVS data was accessed by Crow Wing County Probation between 2004 and 2012 because Crow Wing County Probation employees are not employees of any of the County Defendants. (Doc. No. 52, at 23-24 & Doc. No. 82, at 9.) Plaintiff concedes that those fifteen accesses are not attributable to the County Defendants and agrees that they should be dismissed as a result. (Doc. No. 72, at 9-10.) Thus, the Court dismisses claims relating to the fifteen accesses by Crow Wing County Probation.
Hennepin County and Ramsey County seek severance. Insofar as these parties have been dismissed, the question of severance is moot.
For the reasons discussed above, the Court concludes that all of Plaintiff's § 1983 claims and invasion of privacy claims are properly dismissed for failure to state a claim. The Court dismisses all DPPA claims related to searches made prior to August 2009 as well as the relevant Defendants. Thus, only DPPA claims against certain City and County Defendants for searches conducted after August 2009 remain. The remaining entities and corresponding number of searches are as follows: Aitkin County (3 searches); City of Baxter (2 searches); City of Brainerd (4 searches); Cass County (4 searches); Crow Wing County (39 searches); City of Fridley (1 search); City of Little Falls (7 searches); City of Minneapolis (1 search); Morrison County (1 search); City of St. Cloud (1 search); City of Staple (2 searches); and Wright County (1 search). The Court also orders the parties to settlement discussions, particularly with respect to those entities for which only a single
Finally, the Court assumes that the parties in this case, as well as other governmental entities, are proactively working on significant policy and rule changes to prevent the impermissible access to data and to ensure that individuals responsible for any such impermissible access will be held accountable. Such reform should be a priority of all agencies given the extent of potential litigation and associated costs.
Based upon the foregoing,
(Doc. Nos. 80 & 88.)