 |
|
|
| 11/20/2009 8:33:00 AM | Email this article • Print this article | Federal judge dismisses Driver's Privacy Protection lawsuit
Does not decide whether state can sell info without express consent
A federal judge has dismissed a lawsuit against Wisconsin Department of Transportation officials, whom three Wisconsin women alleged broke federal law by selling their driver's license information to commercial vendors.
In the case, Margaret Kraege, Kelly Tomko and Stephanie Tomko charged that DOT secretary Frank Busalacchi, Department of Motor Vehicles administrator Lynne Judd, and 10 'John Doe' state employees violated the federal Driver's Privacy Protection Act - and that state employees have been doing so since early 2001 - by selling the data to companies such as ShadowSoft, a firm specializing in public records distribution.
According to court documents, ShadowSoft in turn sold the information to PublicData, which made it available for search and sale on the Internet.
Specifically, the federal Act states, authorized employees "shall not knowingly disclose or otherwise make available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record" except for "permissible uses" such as "for use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions."
Certain limited private distribution of the information is also allowed.
In dismissing the case, Barbara Crabb, the judge for the U.S. District Court for the Western District of Wisconsin, did not determine whether the state's policy went further than permitted by the federal statute and thus violated the DPPA, but instead found that the federal statute does not allow claims "against state officials individually, or a claim of civil rights violation."
The defendants had claimed the state officials who released the information knew, or should have known, that doing so would be a violation of the DPPA. In essence, they argued, the employees misread the state's policy on the Act.
Crabb disagreed.
"It is the state's policies, and the defendants implementation of them, that are at the heart of plaintiffs' complaint," Crabb wrote in her decision. "Thus, plaintiffs' claims under the Act are substantially against the state of Wisconsin and barred by the doctrine of sovereign immunity."
That latter doctrine, in general, makes the state immune from civil or criminal prosecution.
In addition, Crabb determined, the DPPA, enacted in Wisconsin in 2000 and federally in 1994, includes "a comprehensive mechanism for relief," and therefore the women could not claim that sale of the information violated their civil rights.
Under the statute, the U.S. Department of Justice can impose penalties upon state agencies in violation, and the DPPA permits a minimum award of $2,500 for individuals, but only when a plaintiff has a base claim for actual damages and the individual has brought a civil suit. Awards can, and have, been much higher, though.
When individuals bring a civil suit, however, as in this case, they can only sue individuals, organizations and entities in violation, but states and state agencies are specifically excluded.
Crabb observed that state policies permit release of license information to purchasers who purport to use it for purposes permissible under the Act.
"They require only cursory review of the purchasers' intended use of the information," she wrote. "However, the policies do require defendants to inform purchasers of the liability arising from misuse of the information and advise purchasers to seek legal counsel if there is a question about the permissibility of the intended use."
According to the DOT website, "certain requesters are authorized by law to receive your name and address upon request, provided such information is used for the purpose of writing and renewing insurance policies and related underwriting; billing and paying of insurance claims; vehicle safety recall notification programs; law enforcement activities; if the requester has written permission of the person; if such use is related to the operation of a motor vehicle or public safety; by an insurer or insurance support organization or self insured entity or its agency, employees or contractors for claims, anti-fraud, rating and underwriting.
What is the law?
As of last week, it was not clear whether the defendants intended to appeal the case. What's more, whether the state's policies are legal remains undecided.
For its part, the state maintains it long ago sent its policies to the federal Department of Justice and has not heard any criticism.
The department's so-called opt-out provision could be central to the case, if it or another proceeds. That provision allows motorists to withhold their name and address included in requests for 10 or more records by asking the department to do so, but they must complete and return an 'opt-out' form.
In a 2000 case, however, Reno v. Condon, the Supreme Court ruled that opt-out provisions weren't legal, meaning the state had to have express written consent to give out the information.
"The DPPA establishes a regulatory scheme that restricts the States' ability to disclose a driver's personal information without the driver's consent," justice William Rehnquist wrote for the court's majority. "The DPPA generally prohibits any state DMV, or officer, employee, or contractor thereof, from 'knowingly disclos[ing] or otherwise mak[ing] available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record.'"
However, Rehnquist observed, the DPPA's ban on disclosure of personal information does not apply if drivers have consented to the release of their data. In earlier years, the justice added, "the DPPA provided that a DMV could obtain that consent either on a case-by-case basis or could imply consent if the State provided drivers with an opportunity to block disclosure of their personal information when they received or renewed their licenses and drivers did not avail themselves of that opportunity."
But the federal law had changed, Rehnquist observed,
"However, (the statute), which was signed into law on October 9, 1999, changed this 'opt-out' alternative to an 'opt-in' requirement," he wrote. "Under the amended DPPA, States may not imply consent from a driver's failure to take advantage of a state-afforded opportunity to block disclosure, but must rather obtain a driver's affirmative consent to disclose the driver's personal information for use in surveys, marketing, solicitations, and other restricted purposes."
In another case, settled in 2006, Fidelity Federal Bank and Trust of West Palm Beach, Fla., paid a $50-million settlement for buying nearly 600,000 names and addresses from the Florida Department of Highway Safety and Motor Vehicles and then using the list for direct marketing.
The bank reportedly paid a penny a name.
James Kehoe filed a class action lawsuit, claiming that the bank's purchase of the names violated the DPPA, even though Florida law at the time allowed the information's sale.
In that case, too, Kehoe fought a district court ruling that he had to demonstrate actual damages before obtaining monetary compensation under the DPPA. Kehoe appealed, and prevailed on appeal.
Crabb's other DPPA ruling
Crabb has been involved in another DPPA ruling concerning Wisconsin.
In 2005, William Parus filed a lawsuit alleging violation of his federal privacy rights after a Minocqua police dispatcher, Dawn Bresnahan, gave his license plate information to DNR warden Tom Kroeplin. In addition to Bresnahan and Kroeplin, Parus sued the town of Minocqua, the town of Woodruff and police officer Clay Kreitlow, who had also sought information on the license plate.
In a ruling similar to the one last week, Crabb threw out the complaint against the dispatcher and the town of Minocqua, saying Bresnahan was only acting in her capacity as a law enforcement employee and was carrying out a law enforcement function when she gave Kroeplin the information.
Prior to Kroeplin's request, made in a telephone call, Bresnahan had been told not to give the information out and that police were not seeking the vehicle in question.
Crabb did not dismiss the case against the other defendants; Parus ultimately won a $100,000 settlement.
Richard Moore can be reached at rmmoore1@verizon.net.
|
Comment on this story
|
|
|
|
