Summary
affirming grant of summary judgment against a civilian plaintiff because the records the plaintiff sought to purge were not accessible by a "system of records" within the meaning of the Privacy Act
Summary of this case from Glenn v. RumsfeldOpinion
No. 86-6077.
Argued and Submitted February 5, 1987.
Decided April 14, 1987.
Meryl Sue Baker, pro se.
Kay Teeters, Walnut Creek, Cal., Beth L. Levine, San Diego, Cal., for defendant-appellee.
Appeal from the United States District Court for the Southern District of California.
Meryl Sue Baker, a Navy civilian employee, filed a civil suit against the Department of the Navy, alleging that the Navy violated the Privacy Act, 5 U.S.C. § 552a (1982), by refusing to amend or expunge an investigative report in its employee grievance file that was indexed under the name of one of Baker's subordinates. The report was prepared in response to an administrative grievance filed against Baker by that subordinate. She sought (1) an injunction prohibiting dissemination of the report and requiring amendment or expungement of the report, and (2) damages and costs.
The district court granted the Navy's motion for summary judgment, finding that the Privacy Act did not grant access to the investigative report because it was not retrievable under Baker's name or other identifiers listed in 5 U.S.C. § 552a(a)(4). The district court concluded that, because the report was not accessible under the Privacy Act, Baker could not invoke the remedy of amendment under the Privacy Act. Baker appeals from the grant of summary judgment. We note jurisdiction under 28 U.S.C. § 1291 (1982) and affirm.
FACTUAL AND PROCEDURAL BACKGROUND
Baker is a civilian employee of the Navy, serving as a Supervisory Personnel Research Psychologist at the Navy Personnel Research and Development Center in San Diego, California. One of the researchers she supervised, Dr. Eugene Rocklyn, filed an administrative grievance against Baker based on her treatment of him. Lieutenant Commander Ken Davis was assigned to investigate Dr. Rocklyn's charges. Davis prepared a memorandum of his findings ("Davis report") and filed it in the employee grievance file under Rocklyn's name without indexing or cross-referencing it to Baker's name or file.
Baker contends that the Navy intentionally and willfully created the "grossly inaccurate and incomplete" report. Baker also claims that the Davis report was used as the basis for several adverse personnel actions including (1) demoting her from a supervisory to a nonsupervisory position, (2) issuing her a letter of reprimand, and (3) rating her performance as "marginal." However, all of these adverse actions were subsequently rescinded in a settlement of Baker's administrative complaints alleging employment discrimination and retaliation. The Navy restored her supervisory position, expunged the letter of reprimand from her file, and changed her performance rating from "marginal" to "outstanding."
On July 1, 1985, Baker submitted a request to receive a copy of the Davis report under the Freedom of Information Act, 5 U.S.C. § 552 (1982), and the Privacy Act. Baker eventually gained access to an edited version of the Davis report under the Freedom of Information Act on August 18, 1985. In early September 1985, Baker submitted a request to expunge the Davis report from Dr. Rocklyn's file under the Privacy Act. The Commanding Officer denied her request in a letter explaining that, because the record was not retrievable under her name, it was not a record covered by the Privacy Act. The Commanding Officer informed Baker of her right to submit a written rebuttal to the Davis report which could be appended to the report. Baker rejected the offer and to date has not filed a rebuttal, preferring to obtain amendment or expungement of the report. She fears that the continued existence of the Davis report, and its accessibility to Navy personnel and to Dr. Rocklyn, might result in future adverse employment decisions or professional humiliation.
On October 28, 1985, Baker filed suit against the Navy under the civil remedies provision of the Privacy Act, 5 U.S.C. § 552(g)(1). Baker proceeded pro se in the district court and on appeal. On April 29, 1986, the Navy filed a motion for summary judgment. The district court granted the Navy's motion on June 2, 1986, finding that the Davis report does not qualify as a record within a "system of records" under the Privacy Act because it is not retrievable under Baker's name or other personal identifier. The court further concluded that the Privacy Act remedies of amendment and expungement are inapplicable to a report that is not accessible under the Act. Baker filed a timely notice of appeal.
ISSUES PRESENTED
1. Whether a report that is not retrievable under a requester's name or other personal identifier is accessible to that requester under the Privacy Act.
2. Whether the amendment remedy under the Privacy Act applies to a report that is not accessible under the Privacy Act, but is otherwise accessible ( e.g., under the Freedom of Information Act).
STANDARD OF REVIEW
This court reviews a district court's grant of summary judgment de novo. Hewitt v. Grabicki, 794 F.2d 1373, 1376 (9th Cir. 1986). The evidence is viewed in the light most favorable to the party opposing the motion. Id. We affirm only if there is an absence of any genuine issue of material fact and if the moving party is entitled to judgment as a matter of law. Lew v. Kona Hosp., 754 F.2d 1420, 1423 (9th Cir. 1985). Because Baker has proceeded pro se, we construe her complaint liberally. See Boag v. MacDougall, 454 U.S. 364, 365, 102 S.Ct. 700, 701, 70 L.Ed.2d 551 (1982); Mann v. City of Tucson, 782 F.2d 790, 794 (9th Cir. 1986) (per curiam).
DISCUSSION [14] I. ACCESSIBILITY UNDER THE PRIVACY ACT
Baker contends that, because the Navy allegedly took adverse actions against her based on an inaccurate and incomplete report, the report is an accessible record under the Privacy Act. Consequently, she argues, she is entitled to the remedies under the Privacy Act. The case law and federal regulations, however, have given a more narrow reading to the scope of accessibility under the Privacy Act.
Under the Privacy Act, each agency maintaining a "system of records" must "maintain all records which are used by the agency in making any determination about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in the determination." 5 U.S.C. § 552a(e)(5). The Act permits individuals to obtain access to records pertaining to them that are within a "system of records" maintained by a federal agency. 5 U.S.C. § 552a(d)(1); Exner v. Federal Bureau of Investigation, 612 F.2d 1202, 1203-04 (9th Cir. 1980). In addition, an individual is permitted "to request amendment of a record pertaining to him" from an agency that maintains a "system of records." 5 U.S.C. § 552a(d)(2); see also England v. Commissioner, 798 F.2d 350, 351 (9th Cir. 1986). The statute defines a "system of records" as "a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual." 5 U.S.C. § 552a(a)(5).
The Office of Management and Budget promulgated guidelines pursuant to § 6 of the Privacy Act, Pub.L. No. 93-579, 88 Stat. 1896 (1974) (uncodified in the United States Code). See Office of Management and Budget Guidelines to the Privacy Act, 40 Fed.Reg. 28,949 (1975); Supplementary Guidelines, 40 Fed.Reg. 56,741 (1975) [hereinafter OMB Guidelines]. The guidelines note that the access provision of the Privacy Act, 5 U.S.C. § 552a(d)(1), applies only to records contained in a "system of records" as defined in § 552a(a)(5). OMB Guidelines, 40 Fed.Reg. at 28,957. The guidelines further observe that the statutory language suggests that
Congress did not intend to require that an individual be given access to information which the agency does not retrieve by reference to his or her name or some other identifying particular. . . . If an individual is named in a record about someone else . . . and the agency only retrieves the portion pertaining to him by reference to the other person's name . . . the agency is not required to grant him access. Indeed, if this were not the case, it would be necessary to establish elaborate cross-references among records, thereby increasing the potential for privacy abuses.
Id. The guidelines offer an example that parallels the facts in this case:
A reference to Joan Doe in a record about James Smith in the same file. This is . . . a record within a system but Joan Doe would not have to be granted access unless the agency had devised and used an indexing capability to gain access to her record in James Smith's file.
Id. (emphasis added).
Although the OMB guidelines do not bind the courts, Zeller v. United States, 467 F. Supp. 487, 497 n. 12 (E.D.N.Y. 1979), the courts look to them for guidance. See, e.g., Exner, 612 F.2d at 1208-09 (Pregerson, J., concurring); Albright v. United States, 631 F.2d 915, 919-20 n. 5 (D.C.Cir. 1980) (stating that OMB guidelines to the Privacy Act "are owed the deference usually accorded interpretation of a statute by the agency charged with its administration").
Additional support for the OMB interpretation is found in the regulations promulgated by the Navy to implement the Privacy Act. 32 C.F.R. §§ 701.1-701.118 (1986). Section 701.103(a) restricts access to records pertaining to an individual that are part of a "system of records." A "system of records" is defined as
A group of records from which information "is", as opposed to "can be", retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The capability to retrieve information by personal identifiers alone does not subject a system of records to 5 U.S.C. § 552a.
32 C.F.R. § 701.103(n) (1986). We accord this interpretation similar deference. Cf. Blevins v. Plummer, 613 F.2d 767, 768 (9th Cir. 1980) (per curiam) (following Air Force regulations implementing the Privacy Act).
The legislative history of the Privacy Act indicates that Congress was primarily concerned with the potential misuse of personally identifiable information stored in computers. See S.Rep. No. 1183, 93d Cong., 2d Sess. 1-2 (1974), reprinted in 1974 U.S. Code Cong. Ad.News 6916, 6916-17. Congress therefore designed the Act to grant individuals access to those records that federal agencies could retrieve through their computer systems via personal identifiers. See Privacy Act, § 2, Pub.L. No. 93-579, 88 Stat. 1896 (1974) (uncodified in the United States Code), reprinted in 5 U.S.C. § 552a note (congressional findings and statement of purpose). As a result, the definition of "system of records" makes coverage under the Act dependent upon the method of retrieval of a record rather than its substantive content. Privacy Protection Study Commission, Personal Privacy in an Information Society 503-04 (1977) [hereinafter Privacy Commission]; Ehlke, The Privacy Act After a Decade, 18 J. Marshall L.Rev. 829, 831 (1985).
This narrow reach of accessibility has been criticized for undermining the congressional purpose of giving individuals access to records an agency maintains on them, and for effecting a "wholesale exclusion from the Act's scope of records that are not accessed by name" or other personal identifier. Privacy Commission, supra, at 503-04; see Unt v. Aerospace Corp., 765 F.2d 1440, 1450-52 (9th Cir. 1985) (Ferguson, J., dissenting). In fact, the Privacy Commission, in response to the congressional mandate to examine the Act and submit recommendations to the President and Congress, see 5 U.S.C. § 552a note, considered as "essential" the abandonment of the "system of records" term for a broader term that would not limit access to records retrievable only by individual identifiers. Privacy Commission, supra, at 503-04, 533.
Congress has not responded to the criticisms of the restrictive scope of accessibility in the Act. The OMB guidelines, federal regulations, and existing case law provide overwhelming support for using a record's method of retrievability to determine the scope of accessibility. See, e.g., Cuccaro v. Secretary of Labor, 770 F.2d 355, 360 (3d Cir. 1985); Thomas v. United States Dep't of Energy, 719 F.2d 342, 345-46 (10th Cir. 1983); Boyd v. Secretary of the Navy, 709 F.2d 684, 686 (11th Cir. 1983), cert. denied, 464 U.S. 1043, 104 S.Ct. 709, 79 L.Ed.2d 173 (1984); Kalmin v. Department of the Navy, 605 F. Supp. 1492, 1495 (D.D.C. 1985); Grachow v. United States Customs Serv., 504 F. Supp. 632, 636 (D.D.C. 1980); Savarese v. United States Dep't of Health, Educ. Welfare, 479 F. Supp. 304, 307 (N.D.Ga. 1979), aff'd, 620 F.2d 298 (5th Cir. 1980), cert. denied, 449 U.S. 1078, 101 S.Ct. 858, 66 L.Ed.2d 801 (1981). Therefore, we decline to adopt Baker's contention that an alleged adverse impact from a record that pertains to her, but is not retrievable under her name, renders the record accessible under the Privacy Act. Accordingly, she is unable to sustain her claim of a right to amend or expunge the Davis report on the ground that it is accessible under the Privacy Act.
II. AMENDMENT OF RECORDS INACCESSIBLE UNDER THE PRIVACY ACT, BUT OTHERWISE ACCESSIBLE
The district court agreed with the Navy's argument that "[s]ince the report cannot be accessed by plaintiff's identifiers, the Privacy Act does not apply and the report cannot be amended or expunged." The district court's analysis, therefore, presupposes that an amendment to a record that is inaccessible under the Privacy Act cannot be made even if the record is otherwise accessible (as in this case, under the Freedom of Information Act). The district court's conclusion appears to be supported by the statutory language. The subsections that grant access to records ( § 552a(d)(1)), permit requests for amendment ( § 552a(d)(2)), and require that records used in making determinations about individuals are maintained in a reasonably accurate and complete manner ( § 552a(e)(5)), all apply to an agency that "maintains a system of records." The statutory language therefore suggests that the scope of accessibility and the scope of amendment are coextensive. The Privacy Commission corroborates that the statutory language requires this conclusion. Privacy Commission, supra, at 503-04 (stating that if records are not accessed by name, none of the Act's protections apply); see also Clarkson v. IRS, 678 F.2d 1368, 1377 (11th Cir. 1982) ("[T]he language of subsection (e)(5) cannot be read to apply to records not incorporated within an agency's system of records."); Ehlke, supra, at 842 ("Only records that are retrievable and are actually retrieved from a system of records are covered by the Act.").
One of Congress's underlying concerns in narrowly defining a system of records appears to have been efficiency. See OMB Guidelines, 40 Fed.Reg. at 28,957 (expressing concern over the need for "elaborate cross-references among records"). Congress was aware of the potential burden on agencies if access to records were not circumscribed in some manner. Privacy Commission, supra, at 503. But Baker raises a competing concern. She argues that the narrowness of the statutory definition provides an easy method for circumventing the Privacy Act: agencies can simply neglect to index a particular file pertaining to an employee under that employee's name. The argument is a cogent one and the potential for abuse that Baker pinpoints is real. See, e.g., Privacy Commission, supra, at 504 n. 7 (recounting incident in which an agency rearranged personnel records by Civil Service grade instead of personal identifiers to circumvent the Act's requirements); Unt, 765 F.2d at 1452 (Ferguson, J., dissenting) (observing that if the Act is applied woodenly, it offers no protection if personal data is misfiled or filed with other data). However, Baker failed to set forth any evidence to support an allegation of evasive tactics by the Navy that would substantiate such a theory and preclude summary judgment. See Kalmin, 605 F. Supp. at 1495 n. 5 (stating that it is impermissible to file records without identifiers in order to evade requests under the Privacy Act, but requiring evidence to support allegations of evasion rather than relying on inferences).
CONCLUSION
We affirm the district court's grant of summary judgment. Congress intended to provide the remedies of amendment or expungement only for records that are accessible under the Privacy Act because they are individually keyed to the requester. Therefore, an individual's ability to obtain access to a record under the Freedom of Information Act, or because of personal knowledge of its existence in a certain file, will not provide that individual with access to the record or to any remedies under the Privacy Act.
AFFIRMED