Beaven v. U.S. Department of Justice

Full title: MARY ELLEN BEAVEN, ET AL., PLAINTIFFS, v. UNITED STATES DEPARTMENT OF…

Court: United States District Court, E.D. Kentucky, Central Division Lexington

Date published: Mar 30, 2007

CIVIL ACTION NO. 03-84-JBC (E.D. Ky. Mar. 30, 2007)

Opinion

CIVIL ACTION NO. 03-84-JBC.

March 30, 2007

MEMORANDUM OPINION AND ORDER

JENNIFER COFFMAN, District Judge

A bench trial was conducted before this court on February 27 and 28; March 1, 2, 6, 7, 8, 10, 13, 14, 15, 16, 21, 22, 23, and 24; April 24, 25, 26, 27, and 28; and May 3 and 9, 2006, to resolve the plaintiffs' claims arising under the Privacy Act and the Federal Tort Claims Act ("FTCA"). Also pending are the defendants' sealed motion to dismiss the plaintiffs' outrage claims for lack of jurisdiction (DE 289¹) and the plaintiffs' sealed motion to reconsider the imposition of an adverse inference against the defendants for the destruction of the file folder (DE 290²).

1 This motion is contained in the defendants' revised proposed findings of fact and conclusions of law.

2 This motion is contained in the plaintiffs' revised proposed findings of fact and conclusions of law.

In late March, 2001, an investigator at Federal Medical Center — Lexington ("FMC") left a folder containing sensitive employee information on a desk in an area of the prison where inmates were employed. The plaintiffs contend that they have been injured by the incident and by FMC management's response to it.

FMC is comprised of several buildings. The areas which are relevant to this case include Administration Building A, which is located at the front of the institution; the UNICOR building, which is at the rear of the institution and is a ten-to-twenty-minute walk from Building A; the SIS office, which is located in the basement of Building A; and Antaeus Unit, an inmate housing unit in which prison staff were located in an area called "staff alley."

After considering the evidence, the court finds as follows:

FINDINGS OF FACT AND CONCLUSIONS OF LAW

I. Background Information

1. In March 2001, Walter "Clint" Jones was the Special Investigative Agent ("SIA") at FMC. On March 7, 2001, during an inmate exit interview, an inmate informed Special Investigative Services ("SIS") staff technician Sherry Fyffe that inmates working in the customer service center ("CSC") at UNICOR³ were using computers in CSC for improper purposes. Based on that allegation, Warden Maryellen Thoms authorized an investigation.

3 UNICOR is the trade name of Federal Prison Industries, a wholly-owned government corporation established by Congress in 1934.

2. Jones, with the assistance of FMC Computer Administrator Paul Teeter, UNICOR computer manager Steve Pearce, and Associate Warden Anne Mary Carter, began investigating the computer-misuse charges and inspecting UNICOR computers for unauthorized software and modifications on March 7, 2001. The evidence discovered during the initial search of UNICOR confirmed the allegations of computer misuse by inmates, and two inmates were placed into the special housing unit ("SHU") on March 8, 2001. Warden Thoms instructed Jones and Teeter to continue the investigation of inmate computers, and the investigation revealed significant contraband on the computers.

3. Thoms eventually instructed Jones and Teeter to inspect all staff and inmate computers thoroughly in UNICOR. The investigation continued throughout the month, and UNICOR computer-security specialists from Washington, D.C., participated in the investigation.

4. Certain UNICOR staff members were placed on home duty as a result of the investigation. Awareness of the ongoing investigation heightened tension throughout UNICOR during that period.

5. On the night of Thursday, March 29, 2001, Jones, Teeter, and UNICOR computer expert George Phillips searched the UNICOR computers in both the CSC and Project Management areas of the building. Jones carried with him that night a green file folder ("the names list") containing (1) the FMC Employment Verification Data listing, containing every FMC employee's name, social security number ("SSN"), pay plan, series, grade and step, salary, entry on duty date, date of arrival at FMC, and date of birth ("DOB"); (2) the FMC Locator listing, containing each employee's name, home address, home telephone number, and working title; and (3) the FMC employee work telephone number directory.

6. Jones conducted the investigation at night, after regular work hours. He needed the names list only in the event that he needed to call a UNICOR computer administrator at home to obtain an administrator's password, which would be required to make changes to computers' configuration, and to obtain computer knowledge for the deletion of certain matter from the computers. In particular, Jones anticipated that he might need to contact Kevin Collins or Michael Huff.

7. In violation of Bureau of Prisons ("BOP") Program Statement 1237.11 and Institutional Supplement 1237.11A, neither the folder nor its contents was marked "LOU-Sensitive." The purpose of marking sensitive information as "LOU-Sensitive" was to ensure that persons in possession of such documents were conscious of their sensitive nature and cautious to protect them from disclosure. Failure to properly mark sensitive documents was common at FMC.

8. On the night of March 29, 2001, or the early morning of March 30, 2001, Jones sat at Susan Moore and Phillip Bibbs's desks. Jones periodically went to other areas of UNICOR, including downstairs, to consult with Teeter and Phillips. When he left whatever workstation he was using, he did not take the names list with him, but left it at the workstation.

9. Jones left the names list on Moore's desk when he left UNICOR early in the morning of March 30, 2001. He estimates the time at approximately 3:00 a.m.

10. The second floor of the UNICOR building contained the CSC Tele-service Center and the Project Management office. Tele-services was in the front of the building; Project Management was in the back. UNICOR opened at 7:30 a.m.

11. Inmates Terrell Harris and Bryant Jennings arrived at UNICOR between 7:30 a.m. and 7:40 a.m. on March 30, 2001. Inmates Charles Kinnard and Mark Geralds arrived between 9:50 a.m. and 10:00 a.m. that day.

12. Susan Moore was assigned a late shift, starting at 9:30 a.m., on March 30, 2001. When Moore actually reached her desk is disputed, and the court finds that she arrived at her workstation no earlier than approximately 9:50 a.m., consistent with the FMC policy allowing employees twenty minutes to reach their posts after entering the prison.

13. Before Moore arrived, Jennings observed Kinnard coming from the direction of Moore's desk. Jennings did not see whether Kinnard stopped at Moore's desk or how long he remained in the area. Jennings did see Kinnard in possession of a paper containing UNICOR staff member Terry Cecil's name, SSN, and DOB; that information was passed around UNICOR, but no other employee's information was similarly treated. Jennings did not specify when Kinnard had Cecil's information.

14. Geralds saw Kinnard stand at Moore's desk for two to three minutes. Geralds stated that he watched Kinnard shuffle through some papers on Moore's desk, but he did not see Kinnard pick anything up, copy any papers, or take any notes. Geralds could see something green on Moore's desk.

15. Geralds testified that Moore arrived at UNICOR approximately five minutes after he did and reached her desk approximately ten minutes after that.

16. Harris remembered seeing Kinnard look at paperwork on Moore's desk for a minute or two, but he did not see Kinnard move any papers or take anything from the desk.

17. Despite UNICOR policies prohibiting inmates from having unfettered access to the copy machine and staff desks, inmates were able to use the copier for personal purposes and had access to staff desks in order to complete their work assignments.

18. When Moore reached her workstation, she found the names list on her desk.

19. Moore picked up the folder and took it to Mark Barnes, who was the acting supervisor of Project Management that day.

20. Barnes and Moore reported the folder's discovery to James Jones, the acting manager of the Tele-services and Order Entry departments of UNICOR.

21. James Jones paged his supervisor, Associate Warden Anne Mary Carter, who was out that day to attend a retreat at the female prison camp, to tell her about the names list. Carter returned to FMC, and James Jones met her in the front of "A" building.

22. James Jones gave the folder to SIS Lieutenant Jackie Quinn while he was in "A" building.

23. James Jones, Carter, and Quinn met in the Warden's office. James Jones asked Carter to advise UNICOR staff what had happened. Instead, Carter returned to her office and summoned Moore and Barnes to meet her there to discuss the incident.

24. Carter instructed Moore and Barnes not to discuss the incident with other staff and asked them to prepare and submit memoranda explaining what had happened. Carter assured them that the folder had been properly secured. The meeting focused on the ongoing investigation, and Carter said that she wanted to meet with all CSC staff because of their frustration over the investigation. Moore informed Carter that she had spoken with one of the UNICOR staff members who had been placed on home duty.

25. Carter believed that the folder had not been compromised,⁴ because it had been found on a staff member's desk and because CSC policy prohibits inmates from having access to staff work areas without supervision. However, an investigation would have been necessary to ascertain with certainty whether disclosure had occurred. Based on her conclusion that the information had not been disclosed, Carter determined that the incident was not major and thus did not order a lockdown or shakedown.

4 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

26. UNICOR staff may conduct a lockdown or shakedown of all UNICOR inmates without express authorization. Testimony as to whether there was a comprehensive search on March 30, 2001, conflicts, and the court finds credible the testimony of Jennifer Todd and others that no thorough lockdown or shakedown occurred on that date. Instead, consistent with routine procedures, inmates were randomly pat-searched as they left the building for lunch and at the end of the day. During a pat-search, staff check primarily for contraband that could be used as a weapon. Contraband also includes other items that inmates are not authorized to possess, such as gambling slips or personal stationery. Inmates were permitted to have religious or educational materials, which were typically not examined in detail during a pat-search, and inmates could remove contraband paperwork from UNICOR by mixing it with such authorized materials.

27. Before lunch, Quinn notified Clint Jones⁵, who was at home, that the names list had been found and turned in by UNICOR staff. Jones, who was immediately concerned that the information had been viewed by unauthorized persons, instructed Quinn to inspect the folder and its contents for evidence of tampering — specifically whether the pages were bent or torn, whether staples had been removed and replaced, and whether any pages were missing.⁶

5 Future references to "Jones" pertain to Clint Jones and not to James Jones.

6 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

28. Jones then prepared a memorandum, dated March 30, 2001, explaining the circumstances surrounding his error, which he submitted to Associate Warden Belinda Snead. The memorandum states that the area in which the folder had been left was not enclosed and that items on Moore's desk could be accessible to inmates.

29. Carter informed Thoms of the incident late in the afternoon of March 30, 2001.

30. The Warden has discretion in determining how to discipline staff violations of prison policy. Incidents, allegations, or appearances of employee misconduct must be reported to the Office of Internal Affairs ("OIA"). Because there was no evidence that an inmate actually saw the information⁷, Thoms determined that the incident should be treated as a performance violation instead of a conduct violation, and the incident was therefore not reported to OIA.

7 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

31. Thoms did not initiate an investigation to rule out the possibility that there had been a disclosure. Thoms explained that no one filed a misconduct report to say that inmates had been going through information on Moore's desk and that the folder had been left accessible only for approximately two hours and staff had been present whenever inmates were there; Thoms did not think it was important to determine whether someone was actually watching Moore's desk the entire time.

32. Thoms and Carter's explanations for their decisions not to order an investigation and to treat Clint Jones's security breach as a performance issue are not consistent with FMC security practices and policies. The practice is to err on the side of caution, when a security breach occurs. For example, James Michael Miller testified that if a staff member breaks a key in a lock, the staff member must remain there until all the locks are changed; and Anthony Higgins testified that he received an immediate verbal reprimand when he left a folder where inmates could find it, even though it was constantly in his line of sight. Significantly, several of these plaintiffs, current and former prison employees, have been trained to understand the need for security and to recognize a security breach when one occurs. Several described Jones's actions as a serious security breach, requiring a far more serious response than what actually occurred. Several (including, for example, Jennifer Todd, whom the court finds credible) stated that, under FMC standards, they would have been fully investigated and disciplined — perhaps even fired — by prison officials for similar, or far lesser, security breaches. On this point, the court credits their testimony. The court also credits the testimony of Sherry Fyffe (who worked in the SIS office under Clint Jones and who received specialized training) that this file should have been marked so as to emphasize its sensitive nature and that failing so to mark it, taking it outside the secure confines of the SIS office, and leaving it so as to allow inmates access to it were serious security breaches and a violation of Clint Jones's training. The court also credits her testimony that Jones sometimes bragged, and he convinced her, that he had the prison's administrative officials "in his back pocket."

33. Carter contacted Associate Warden Belinda Snead about the situation; Snead agreed with Thoms and Carter that because there was no indication that inmates had viewed the information⁸, the incident was not major, did not warrant an investigation, and should be treated as a performance violation. Snead issued a letter of counseling to Clint Jones on April 2, 2001, treating the incident as an issue of performance rather than one of conduct.

8 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

34. Moore contacted Union Steward James Capley soon after March 30, 2001. Moore was concerned that she and Barnes had met with Carter without a Union representative; in particular, Moore was worried that she would be disciplined for having spoken to one of the staff members implicated by the evidence discovered in the ongoing investigation. During their discussion, Moore also informed Capley what had happened with the names list.

35. Capley told the Union president, Dwayne Pettit, about the file incident. Pettit asked Capley to speak to Thoms about the issue, because Pettit was out of town.

36. Capley met with Thoms soon after the incident.⁹ Capley requested that FMC management inform staff what had happened, but Thoms declined to discuss the issue with Capley rather than with Pettit.

9 Capley recalled their meeting occurred on or about Tuesday, April 10, 2001; Warden Thoms believed they met on Monday, April 2, 2001.

37. Thoms met with Pettit in mid-April and explained that she wished to deal directly with him on sensitive matters, including the names-list incident.

38. Capley and Pettit prepared an official grievance on behalf of all bargaining unit members, and they filed it with the Regional Director on April 19, 2001. In addition to allegations of violations of prison regulations, the grievance alleges that FMC management violated the Freedom of Information Act and the Privacy Act of 1974. The grievance alleges as follows:

On the evening of March 28th, 2001 (or March 29th, 2001), between the hours of 6:00 pm and 7:15 am, the SIA and/or his staff and/or Computer Services Manager and/or his staff, while conducting an internal staff investigation in the Customer Service Center of UNICOR left a green, "Limited Official Use" folder containing an alphabetical listing of all Federal Medical Center staffs names, addresses, phone numbers and social security numbers unsecured in the immediate work station area of 35 + inmates. The file was discovered by staff on their desk upon reporting to work at 9:30 am on March 30th, 2001. Staff immediately turned the file over to their supervisor.

PX 22. The grievance requested that the BOP (1) investigate the Warden and any staff involved in the violation and notify the Union of the nature of any violations discovered; (2) discipline staff found to be in violation and notify the Union of the action taken against them; (3) remove any SIS staff found responsible for any violations from their positions; (4) "[w]arn all staff immediately of the possible unauthorized disclosure of sensitive personal information in violation of the Privacy Act of 1974 and any of the above listed governing regulations;" (5) compensate for the next two years any losses experienced by staff caused by the potential Privacy Act violation; and (6) agree not to retaliate against any employee for participation in the grievance. Id.

39. A memorandum prepared by Scott Murchie, FMC-Lexington Human Resources Manager, on April 16, 2001, explains that the Union's focus was on what could have happened, as opposed to what actually happened. For example, he posited that if other staff had been fulfilling their duties before Moore arrived, inmates would not have had access to her desk, and if they had been discovered looking at information on her desk, they should have been disciplined. Murchie cautioned against acting on the possibility of information getting out and suggested waiting until there was evidence of disclosure before taking action: "Although the potential loss of sensitive information is great, unless and until we can prove the information was compromised, would it be premature to panic and issue an advisory as if it had?" Plaintiffs' Exhibit ("PX") 23. Despite the uncertainty about what occurred, FMC management elected against an investigation.

40. The grievance was denied by Regional Director Margaret Hambrick by letter dated May 4, 2001. The denial letter explained that in the absence of "specific proof that staff had their privacy compromised, . . . notification to staff of a possible compromise of sensitive personal information will not be done." PX 27. The denial letter further stated, "If you can provide specific proof that an employee's privacy has been compromised, the necessary action will be taken to ensure that employee is notified." Id. With regard to disciplining the responsible officials, Hambrick explained that discipline of management officials is in management's discretion and therefore not an appropriate subject for a grievance, and also that she understood that appropriate action had already been taken by management.

41. Capley sent a memorandum to Murchie on May 3, 2001, requesting BOP policies regarding the dissemination and protection of personnel information. Capley specified that the request was "being made due to an alleged violation of the Privacy Act of 1974." PX 26. Capley also reiterated the Union's concern that staff should be notified of the security breach and should be assured that they would be compensated for any losses suffered as a result. Murchie responded on May 7, 2001, referring Capley to a database containing all BOP policy documents and declining to address his request for notification.

42. On May 8, 2001, Capley requested from Thoms, pursuant to 5 U.S.C. §§ 552a(c)(1)(A), 552a(c)(3), an accounting of the date, nature, and purpose of any disclosure made of his personal information. Capley specified that the request arose out of an unauthorized disclosure of his personal information around March 28, 2001. William Stamper submitted an identical request on May 10, 2001.

43. Thoms responded to Capley's information request on May 21, 2001, denying his request for failure to provide "evidence that a disclosure under the Privacy Act occurred." PX 32. She explained that "there has been no evidence brought forth to support your assertion any information was disclosed, intentionally or otherwise. Should I become aware such information was disclosed, all necessary steps will be taken to notify you."¹⁰ Id.

10 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

44. The incident was referred to the Bureau of Prisons Office of Internal Affairs ("OIA") by the Union on May 9, 2001. As grounds for the referral, the Union stated that the Warden was unwilling to inform all staff of the possible compromise of their personal information and that FMC management was not pursuing an investigation.

45. In a memorandum to OIA Special Agent Lloyd Boyle on July 12, 2001, Thoms stated that Moore arrived at work at approximately 9:30 a.m. on March 30, 2001, and that the folder was potentially available to inmates for two hours.

46. On May 22, 2001, Kathy Harris, paralegal to BOP Regional Counsel William Burlington, reported to Mickey Pinner, Regional HR Manager, that disclosure must be proven to succeed in an action under the Privacy Act. Harris considered the fact that proof of disclosure was required to be "good news," and she noted that "[w]illful and intentional is a pretty high standard to meet." PX 53.

47. The Union notified Hambrick on May 29, 2001, that it would invoke arbitration on behalf of the bargaining unit, again citing the Privacy Act of 1974 as a basis for its action. The first issue raised in the notice is Thoms's failure to notify staff of the possible disclosure of their names, addresses, phone numbers, and SSN. The same six remedies were requested as in the April 19, 2001, formal grievance.

48. Pettit, on behalf of the Union, requested from Hambrick on June 1, 2001, an agency accounting of disclosures of personal information, based on "a willful violation of the Privacy Act of 1974." PX 35. Hambrick forwarded the letter to Thoms so that the issue could be handled at the local level.

49. Thoms responded to Pettit's June 1, 2001, letter on June 7, 2001. Thoms recognized Pettit's references to the Privacy Act, but she denied his request "as you have provided no evidence that a disclosure under the Privacy Act occurred." PX 36. She explained that a Privacy Act claim requires "proof first a disclosure actually occurred; the person(s) was harmed by the disclosure; and that the disclosure was `willful and intentional,'" and that they had no evidence to support their claim. Id. ¹¹

11 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

50. Thoms and Pettit met in mid-June to discuss settling the grievance, and Pettit insisted that all staff be notified of the incident.

51. Thoms presented a proposed memorandum to Pettit at a meeting in late June. Pettit was not satisfied that the memorandum sufficiently informed staff of what had happened, and the memorandum was never sent to staff. The proposed memorandum specified the date on which the incident occurred and the types of information contained in the folder. In addition to recommending that staff follow standard practices for protecting their financial information, the proposed memorandum specifically acknowledged the prevalence of identity theft and Thoms's sensitivity to that issue. The memorandum also apologized "for the confusion caused by the oversight which allowed this information to be unsecured for a number of hours." PX 38, 40.

52. The UNICOR investigation into unauthorized computer usage was concluded by June 26, 2001.

53. Thoms issued a memorandum for all FMC staff on September 17, 2001. The memorandum reads in its entirety:

This memorandum is to provide clarification to staff regarding a situation that occurred in the Customer Service area of UNICOR. Specifically, a file folder containing staff information and marked "LOU Sensitive", was found by a staff member on their desk in the UNICOR Customer Service area. Once the staff member became aware of the situation, notification was immediately made and the file was properly secured. At issue is whether inmates could have gained access to the aforementioned information.

This file was left unattended for approximately 1 ½ hours in an area in which inmates worked. There is no evidence which shows inmates accessed this file.¹² The file was inadvertently left in the area sometime during the early morning hours and was found by the staff member at approximately 9:00 am upon their arrival to their work station. Although inmates were in the area between 7:30 am and 9:00 am, they were monitored by staff in Customer Service. Additionally, inmates at this institution are notified they are not allowed to access any information from any staff member's desk without the permission of the staff member.

As a matter of standard practice, I urge all staff to carefully review their monthly credit card bills for suspicious activity, review credit reports yearly to ensure no accounts are opened without their knowledge or permission, and take care in controlling sensitive or personal information on the job, especially around inmates.

I want to reiterate to you we have yet to receive any documentation that inmates accessed the file in question. Should you become aware of any situation that would lead you to believe otherwise,¹³ I urge you to contact me immediately so we can investigate the situation. However, I trust our standard practice of inmate supervision allowed this information to remain secure while on a staff member's desk. Again, I want to stress my commitment to investigate allegations made against inmates who may have unlawfully accessed this information and, should such allegations prove founded, staff will be assisted by Bureau of Prisons attorneys at this location, in the filing of Administrative Tort Claims.¹⁴

12 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

13 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

14 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

PX 44. The memorandum is factually incorrect or misleading in several respects: First, the memorandum falsely states that the file folder was marked "LOU Sensitive." Second, the file was unattended for more than one-and-one-half hours. Third, it was discovered at least forty-five minutes after the time claimed in the memorandum. Thoms was aware of the true facts; she knew from Clint Jones that the folder had been left unattended since at least 3:45 a.m. on March 30, 2001, and Moore had been clear that she did not discover the folder until 9:30 that morning. Even assuming Thoms's one-and-one-half-hour calculation is a result of considering only the time during which inmates were present in UNICOR, her claim that Moore arrived at 9:00 was knowingly false. The memorandum is also vague, in that it does not reveal when — March 30, 2001 — the information was left out or what information — addresses, phone numbers, SSN, DOB, work extension, etc. — was contained in the folder, nor does it make clear that the information related to all FMC staff as opposed to only UNICOR staff.

54. Immediately after receiving Warden Thoms's memorandum, Steve Logan e-mailed Thoms to express his concerns with the situation. Logan asked:

1. What was the date when the file folder marked "LOU Sensitive" was found in UNICOR?

2. Why was a file folder containing staff information in UNICOR?

3. Were any BOP policies or laws violated by transporting the "LOU Sensitive" file containing staff information to UNICOR?

4. What security measures have you taken to protect my sensitive information?

5. Will my sensitive information ever be taken inside the prison for any reason?

6. What is the policy or regulation that requires me to have my current address and phone number on file?

7. The sixth sentence of your memorandum states no evidence has been obtained indicating inmates accessed the file. Do you have evidence that an inmate did not access the file?

8. Was any staff member disciplined for this breach of security?

PX 45. Logan concluded, "I consider this a serious breach of security and look forward to your answers. I know you will support me in protecting my family." Id.

55. Thoms responded to Logan's e-mail on September 21, 2001. Thoms first explained routine ways in which sensitive information is used inside FMC, then stated that she could not disclose any details about the names list incident because of involved individuals' privacy interests. With regard to FMC security policies, she referred Logan to the computerized database. Thoms directed Logan to contact the onsite attorneys if he experienced any damages, and she informed him that they would help him fill out the appropriate paperwork. At trial, Logan testified that he considered Thoms's reply non-responsive and evasive. The court agrees with his assessment.

56. Logan responded the same day. Logan revealed that he had learned that the incident had occurred six months earlier, and he expressed his horror that Thoms withheld the information from loyal employees. He emphasized that "I HAVE BEEN DAMAGED and plan to take you up on your suggestion to contact attorneys." PX 48. Logan subsequently met with Thoms, who insisted that she had addressed his concerns; Logan thereafter met with BOP attorney Joe Tang and obtained an administrative tort claim form.

57. Logan e-mailed Tang on September 24, 2001, stating, "As a result of the negligence of an agent acting for Warden Thoms, I have been rendered susceptible to injury or harm. The result of this failure to follow policy forces me to pull my credit reports. This damage control will cost money." PX 180. Logan requested a meeting to begin the process of filing an administrative tort claim. Tang responded the following day.

58. Paul Gannoe, a caseworker for then-United States Representative Ernie Fletcher, contacted Kathleen Hawk Sawyer, BOP Director, on October 30, 2001, to express concern over the incident. Gannoe's letter states his understanding that the names list "contained personal information on at least some staff members." PX 51. Gannoe asked a series of questions that he felt were not addressed in the September 17, 2001, memorandum:

Have the staff responsible for the loss of control of this folder been reprimanded, or have they had any disciplinary action taken against them? Would disciplinary action even be appropriate in this situation? Have the people whoso [sic] names were contained in this folder been informed in a manner other than the memorandum to all staff so that they could be even more alert to their credit reports? Should the folder even have been in the office where it was left unattended? Is there any evidence that would either support or contradict the assumption that the information was not seen by an inmate? Will the bureau be responsible for any damages that employees may incur to their credit if the information is used in a way that could cause an employee harm? How sure is the Bureau that the file was left unattended for only one and one half hours?

Id. The letter was forwarded to Thoms to be handled on a local level.

59. Thoms responded on November 5, 2001, explaining that she reached her conclusions based on reviewing the available information and on the fact that no incident reports were filed. She stated that employees who felt their confidential information had been accessed by an inmate could file a tort claim form, and if an investigation proved that damages had been incurred as a result of the incident, the employee would be compensated.

60. Arbitration was conducted on October 30, 2001, and a decision and award was issued on November 21, 2001. The BOP's position at arbitration was that, because there was no proof that any staff information was actually compromised, the grievance should be denied. The Union maintained that the Collective-Bargaining Agreement ("CBA") was violated when the information was taken outside a secure area and was left unsecured in an area accessible to inmates. The arbitrator found that inmates in UNICOR worked "with limited supervision and had routine access to file folder information housed in the office in file cabinets as well as on staff person's desks." PX 54. The arbitrator stated that appropriate action had been taken against the responsible management staff member. The arbitrator confirmed that the information was not subject to any check-in/check-out procedure. The arbitrator agreed with the Union that the CBA was violated, and that proof of misuse resulting in harm was unnecessary to support a violation. The arbitrator found that the September 17, 2001, memorandum did not sufficiently notify staff of the risk created by the security breach, and that management's culpability was increased by the delay in notifying staff of the incident and accepting responsibility for failing to adequately protect sensitive information. The arbitration award required management to inform all staff of the date and time when the folder was left out, specify the information contained in the folder, warn staff of the possible ways in which their information could be used, describe a more inclusive listing of protective measures that staff should take, emphasize that the potential for harm from use of the information would not expire, clarify to whom potential damages should be reported, and detail the types of assistance that would be available to any harmed employee. The award also required that FMC adopt a written policy for the handling of sensitive staff information.

61. After the arbitration award was issued, Murchie received a promotion to the BOP Central Offices in Washington, D.C. While preparing for his move, Murchie came across the names list, which he had obtained from SIS pending the arbitration. He consulted Thoms, who instructed him to destroy it. Thoms and Murchie explained that he destroyed the folder because (1) the incident was treated as a performance violation rather than a conduct violation, (2) the Union had not requested to inspect the folder, and (3) the information contained in the folder could be re-created. Murchie stated that the lack of "LOU Sensitive" marking was not the reason he destroyed the folder. Clint Jones claims that he had properly marked the folder as "LOU Sensitive" before he gave it to Murchie. Murchie, however, denied that the folder was so marked, either when he received it from Jones or when he destroyed it. The court credits Murchie and disbelieves Jones, and the court concludes that the folder was not marked "LOU-Sensitive" at any time before its destruction.

62. Jones had given the folder to Murchie prior to the arbitration so that it could be produced if requested. Jones subsequently asked Murchie to return the folder to be secured in the SIS safe "in case a staff member files a tort claim," to enable management to determine whether the staff member was in fact listed. PX 55. Clint Jones learned that the folder had been destroyed on December 6, 2001.

63. In compliance with the arbitration award, Thoms sent a second memorandum to all staff on December 17, 2001. The memorandum states that the folder was discovered at 9:15 a.m. on March 30, 2001, it was marked "LOU Sensitive," and it contained staff members' names, home addresses, telephone numbers, and SSN. The memorandum specifies ways in which personal information could be misused and provides the names and telephone numbers of national credit reporting agencies to facilitate staff members' efforts to protect their credit. The memorandum re-emphasizes Thoms's commitment to investigate any allegations of fraudulent use of information and refers staff to the BOP attorneys for filing administrative tort claims.

The December 17, 2001, memorandum, like the September 17, 2001, memorandum, contains inaccuracies. Although Moore's shift did not begin until 9:30 a.m. on March 30, 2001, the memorandum states that the folder was unattended only "until about 9:15 a.m." that day. PX 56. The memorandum also incorrectly states that the folder was marked "LOU Sensitive." The memorandum is not clear that all staff members' information was contained in the folder, stating only that it was a "file folder containing staff information" and it contained "the names of staff members, home addresses, phone numbers, and social security numbers." Id. The memorandum also neglects to provide a full list of the data contained in the folder. Finally, the memorandum stresses the Warden's "commitment to investigate allegations made against inmates who may have unlawfully accessed this information" despite the fact that the Warden had previously authorized the destruction of the file folder.

64. Plaintiffs' counsel Douglas McSwain filed administrative tort claims on behalf of seventy-eight staff members on March 1, 2002. The claims were denied on August 26, 2002, based on the claimants' failure to produce evidence that inmates actually saw and used the information.¹⁵

15 See infra ¶ 81, discussion of adverse inference, for analysis of the effectiveness of the sanction imposed against the defendants for destroying the names list.

65. McSwain requested an accounting of the disclosure of the names list on March 20, 2002. BOP Regional Counsel Bill Burlington denied the request, stating that the only known disclosure of the information was intra-agency and therefore exempt from the Privacy Act accounting requirement. Burlington informed McSwain that the file had been "destroyed in accordance with routine procedures in the Human Resource Office at FMC Lexington." PX 82. Thoms admitted in her deposition, however, that the destruction of the folder was not routine. McSwain's appeal of the determination was denied.

66. On March 18, 2002, Senior Officer Specialist Matthew Smeeks was inspecting Antaeus Unit when he discovered on Kinnard's bunk a portfolio containing an address list. The address list was handwritten on the cardboard back of a legal pad, and one of the entries on the list was "Marion Johnson." Because the unit secretary's name was Marion Johnson¹⁶, Smeeks confiscated the portfolio and asked Marion Johnson whether her address was the same as the one on Kinnard's list — 104 Hermitage, Lexington, KY 40512. Johnson's address is 104 Heritage, and she lives in Nicholasville, Kentucky. There is no 104 Hermitage in Lexington, Kentucky. Neither Kinnard's official authorized telephone list nor his visitor list contains an entry for a "Marion Johnson." Marion Johnson's telephone number is listed in the local telephone directory under "M. Johnson," one of several such listings. Marion Johnson's address is not listed in that directory.

16 Marion Johnson subsequently married, and her last name is now Jackson. For clarity, the court will refer to her as Marion Johnson.

67. When Jones questioned the inmate, Kinnard claimed that the "Marion Johnson" on his handwritten list was not the secretary in Antaeus unit. Jones claimed that, because Marion Johnson lived in Nicholasville and not Lexington, he did not initially have enough information to conclude that Kinnard had Marion Johnson's address, and Kinnard was not disciplined at that time.

68. Jones avoided Marion Johnson's inquiries about his investigation of the incident. At trial, Jones denied that Marion Johnson came to see him about the investigation. The court, however, credits the testimony of Marion Johnson, and discredits Jones's claim. The court's credibility determination is bolstered by the testimony of Angela Straley, who was an SIS Technician when the Marion Johnson incident occurred. Straley recalled that, although Jones typically pursued staff investigations with passion, he avoided Johnson, even telling his staff to tell Johnson that he had gone to the restroom if she came to see him.

69. Kinnard was subsequently, on March 22, 2002, placed in the SHU, because further investigation of Kinnard's telephone list led to the discovery that he had been having inappropriate telephone conversations with an FMC employee. SIS Lieutenant Cody Younce confirmed that Kinnard was not put in the SHU because of the "Marion Johnson" listing. During the investigation into Kinnard's relationship with the other staff member, Kinnard admitted that the "Marion Johnson" listed in his portfolio was the Antaeus unit secretary; Kinnard claimed that he and Marion Johnson had a personal relationship, and that she had given him permission to write down her address after he overheard her giving it to someone over the telephone. Jones took the result of his investigation to the Warden. No misconduct investigation against Marion Johnson, however, was ever authorized by the Warden.

70. Johnson contacted Pettit, and Pettit submitted a memorandum to OIA on March 28, 2002, explaining the events to that point.

71. The OIA referred the matter to Snead for a local investigation of Jones's failure to follow policy. Boyle instructed Snead to include the results of the investigation of FMC's monthly report. No response was sent until nearly two years later.

72. Mark Bryant received telephone calls from Wal-Mart and J.C. Penney at work on July 19, 2003, to verify his employment and credit application information. Bryant informed the credit services that he did not apply for credit, and the applications were disregarded. Bryant's operations lieutenant had given Bryant's extension to the credit companies. Bryant received a third telephone call at home that evening from Radio Shack Credit Services, and he learned that the application had been submitted at a store in Myrtle Beach, South Carolina. When Bryant stated that he was in Danville, Kentucky, he was connected to the clerk at the store, who told him that the individual in the store had a Kentucky driver's license with his own picture but with Mark Bryant's name, address, and SSN as the license number. The clerk informed Bryant that the applicant claimed to work for BOP and gave him the correct work telephone number and extension. The store clerk tried but was unable to detain the applicant until the police arrived, and the police did not apprehend him.

73. Bryant submitted a memorandum explaining the incident to SIS Lieutenant Robert Wenzler.

74. There were nine attempts to fraudulently obtain credit in Bryant's name.

75. On September 24, 2004, Geralds told Bryant that he had seen Kinnard with the names list after March 30, 2001, and that he saw Kinnard (who Geralds believed was a sophisticated computer user) use the information at a computer station. At trial, Geralds denied making those statements. The court credits Bryant's testimony and discredits Geralds's denial; in addition to finding Bryant credible in general, the court finds that Bryant's testimony is supported by a memorandum he created contemporaneously to document the encounter.

76. Erika Stewart received three greeting cards from former inmate John Lynch. The cards were each sent to her at FMC. She first received a "Seasons Greetings" card postmarked December 17, 2003, and signed "John." Stewart submitted a memorandum to SIS. Stewart then received a Valentine's Day card, which she also reported to SIS. Finally, Stewart received a card on her birthday. The handwritten message inside the card indicates that the sender had driven by her farm but claimed that he would not stop unless she told him to do so; the sender also gave her his telephone number. Unit Manager Kenny Coleman saw Stewart's distressed reaction to the card and came to her assistance. Stewart stated her suspicion that John Lynch was sending the cards, and Coleman accompanied her to the SIS office. SIS staff refused to take any action without knowing who was sending the cards, so Coleman and Stewart retrieved Lynch's file and confirmed his identity by matching the telephone number given on the card to his mother's telephone number from his telephone list. Coleman and Stewart took the telephone list to SIS and Tang's office; Tang suggested they call Lynch's probation officer. Lynch's probation officer, in reaction to the allegations, made an unannounced visit to Lynch's residence that night; Lynch admitted sending the cards, but he was not disciplined by the probation officer.

77. SIS told Stewart that it had contacted the FBI, but that the FBI could not do anything.

78. Stewart obtained information about Lynch's car from the Kentucky State Police, and she notified local law enforcement agencies of the situation. Stewart's nine-year-old neighbor said that he recognized Lynch's picture and that Lynch had been there.

79. Between November 2001 and February 2002, Lynch was housed in a cell on Antaeus unit with Kinnard. Lynch was also the orderly on Antaeus unit and, as such, was responsible for cleaning staff offices.

80. Other staff members took measures to protect themselves personally and financially as they gradually learned what had happened with the names list and to their co-workers. Examples of protective measures taken by staff include ordering a credit report, placing a fraud alert on credit reports, purchasing credit protection services, updating home security systems, and moving from one residence to another.

II. The Privacy Act Claim

81. Violation of the Privacy Act: Disclosure

The plaintiffs allege that the defendants violated the Privacy Act, 5 U.S.C. § 552a(b), which provides:

No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains. . . .

There are several exceptions to the disclosure prohibition not applicable to this discussion, and the parties do not dispute that the names list was covered by this provision.

In determining whether the folder was actually disclosed, the court must resolve the plaintiffs' renewed motion for an adverse inference against the defendants based on the defendants' destruction of the names list. The plaintiffs request inferences that (1) inspection of the destroyed file would have indicated that inmates actually accessed, viewed, or possessed the folder and its contents, and (2) inmate witnesses would have been able to confirm that another inmate possessed the folder. An adverse inference is justified only where (1) the defendant had an obligation to preserve the evidence; (2) the material was destroyed with a culpable state of mind; and (3) the evidence was relevant to a claim or defense. Holt v. The Northwestern Mut. Life Ins. Co., 2005 WL 3262420, at *3 (W.D. Mich. Nov. 30, 2005).

"The obligation to preserve evidence arises when the party has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation." Fujitsu Ltd. v. Federal Express Corp., 247 F.3d 423, 436 (2d Cir. 2001); see also Silvestri v. General Motors Corp., 271 F.3d 583, 591 (4th Cir. 2001) (duty to preserve "extends to that period before the litigation when a party reasonably should know that the evidence may be relevant to anticipated litigation"); Kronisch v. United States, 150 F.3d 112, 126 (2d Cir. 1998) (obligation to preserve may apply "when a party should have known that the evidence may be relevant to future litigation").

Immediately after the folder was discovered on March 30, 2001, SIS Lieutenant Jackie Quinn was instructed to inspect the folder for tampering and to prepare a memorandum explaining her observations. The Union grievance was filed on April 19, 2001, and specifically claims that the incident violated FOIA and the Privacy Act. The Regional Director cited the need for proof of disclosure as the basis for denying the grievance on May 4, 2001. Murchie and Thoms received requests for an accounting, based on the Privacy Act, in early May 2001; the requests were denied for failure to provide "evidence that a disclosure under the Privacy Act occurred." In its notice invoking arbitration on May 29, 2001, the Union again cited the Privacy Act. A letter sent to the Regional Director on June 1, 2001, requesting an accounting based on the Privacy Act was forwarded to Thoms, and she again responded that no accounting would be given because staff had failed to provide any proof of disclosure.

The Warden's September 17, 2001, memorandum to all staff members contemplated that they would file administrative tort claims, and Steve Logan in fact followed up on the memorandum and made clear to Thoms that he felt he had been damaged and would file an administrative tort claim. Logan also challenged management's reliance on the employees' duty to produce evidence of disclosure, asking whether there was any proof that inmates did not see the information. The letter from Congressman Fletcher's caseworker should have alerted Thoms that FMC staff had concerns that had not been addressed within the institution, and in her response she specifically mentions the availability of tort claims.

The names list and folder were destroyed sometime between November 21, 2001, and December 6, 2001. HR Manager Scott Murchie destroyed the folder with authorization from Thoms. Both Murchie and Thoms knew, or at least should have known, that the evidence would likely be relevant to future litigation, as both were on notice that there was a potential for litigation under both the Privacy Act and the FTCA. Management emphasized the need for proof of disclosure from the outset, and they were aware that the appearance of the folder and its contents were material to that issue. The destruction of the folder in November or December 2001 was therefore in violation of their obligation to preserve the evidence.

Before trial, the court declined to impose an adverse inference, finding that although the defendants had an obligation to preserve the folder, the plaintiffs had, at that point, failed to establish that the defendants destroyed the folder with the requisite intent. Intentional destruction is destruction for the purpose of rendering the evidence useless to the other party. United States v. Boxley, 373 F.3d 759, 762 (6th Cir. 2004) ( quoting Nationwide Mut. Fire Ins. Co. v. Ford Motor Co., 174 F.3d 801, 804 (6th Cir. 1999)). With the benefit of the proof adduced at trial, the court is now persuaded that the defendants did destroy the folder for the purpose of rendering it useless to plaintiffs, and the court so finds.

The destruction of the rosters was not routine, as there was no procedure regulating their production and destruction until after the fact. That Murchie sought Thoms's authorization indicates that he at least contemplated that the folder should not be destroyed, particularly in light of the fact that he obtained it solely for the purpose of arbitration; SIS expected that it would be returned to them once arbitration was concluded. While no one actually requested to inspect the folder, neither did management offer to show it to any staff member or Union representative before eliminating the option altogether.

"When evidence is destroyed in bad faith . . . that fact alone is sufficient to demonstrate relevance." Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 220 (S.D.N.Y. 2003). Bad faith is "an intent to obstruct the opposing party's case." Byrnie v. Town of Cromwell, Bd. of Educ., 243 F.3d 93, 109 (2d Cir. 2001). Because FMC management destroyed the folder intentionally and in bad faith, the court need not address relevance beyond finding that the requirement is satisfied by the intentional destruction, and thus an adverse inference is available.¹⁷

17 It should be noted, however, that relevance is a low hurdle, which the plaintiffs could easily cross here. A party required to prove relevance in the context of an adverse inference must present "sufficient evidence from which a reasonable trier of fact could infer that `the destroyed [or unavailable] evidence would have been of the nature alleged by the party affected by its destruction.'" Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 109 (2d Cir. 2002). To prevent the party responsible for the destruction from profiting from its wrongful conduct, the standard of proof imposed on the party seeking the sanction is low. Id. The court in this case could readily infer from the events that followed the discovery of the folder that it would have supported the plaintiffs' claim that inmates viewed it.

District courts have an inherent power to impose an adverse inference for spoliation of evidence. Hodge v. Wal-Mart Stores, Inc., 360 F.3d 446, 449 (4th Cir. 2004). A non-rebuttable inference that spoliated evidence was unfavorable to the spoliator may be imposed when the spoliation was intentional. Id., at 450; Welsh v. United States, 844 F.2d 1239, 1247-48 (6th Cir. 1988) (applying Kentucky law in FTCA suit and finding rebuttable presumption applicable to negligent spoliation); Vick v. Texas Employment Comm'n, 514 F.2d 734, 737 (5th Cir. 1975) (adverse inference applicable to bad-faith destruction). The strength of the inference is determined on a case-by-case basis, considering (1) the degree of fault, (2) the degree of prejudice, and (3) the effectiveness of lesser sanctions. Welsh, 844 F.2d at 1247; Trigon Ins. Co. v. United States, 204 F.R.D. 277, 288 (E.D. Va. 2001).

The defendants destroyed the file folder for the purpose of undermining the plaintiffs' ability to prove that disclosure of the information actually occurred, and the plaintiffs' case has been severely compromised as a result, requiring them to rely solely on the circumstantial, and at times equivocal, testimony of inmates to establish disclosure.¹⁸ The lesser sanction imposed by the court — prohibiting the defendants from eliciting testimony about the appearance of the folder — proved insufficient to level the evidentiary playing field and was therefore manifestly unjust in light of the defendants' intentional conduct. For example, although SIS Lieutenant Jackie Quinn was not allowed to testify as to what her inspection of the folder revealed, Clint Jones was allowed to testify what he told her to look for when she conducted her inspection. Thoms, Carter, and Snead all testified to their conclusion that no one had tampered with the folder. Not having been given the opportunity to examine the folder themselves, the plaintiffs were simply unable to contradict that testimony, all because the defendants deliberately destroyed the evidence.

18 The impact is illustrated by the court's initial ruling on the defendants' motion for summary judgment, dismissing those claims for lack of proof of disclosure, although the court reversed its ruling on reconsideration, because the Jolivette tape provided at least some direct evidence of disclosure. The crippling effect of the folder's absence was evident even earlier, when the plaintiffs' FTCA claims were denied administratively for lack of proof that the information was actually disclosed.

The court will therefore infer that the appearance of the file folder would have been unfavorable to the defendants, in that its inspection would have provided proof that disclosure to an inmate actually occurred.¹⁹ The inference is conclusive as to disclosure, and the defendants' conduct therefore constitutes a violation of the Privacy Act.

19 The court declines to infer that other inmates would have been able to identify the folder as having been in Kinnard's possession, because such an inference is not necessary given the inference that it was disclosed in some fashion.

The court also finds that the plaintiffs have established disclosure by a preponderance of the evidence, wholly apart from the adverse inference. Prison officials went to great lengths to thwart the plaintiffs' efforts to discover the extent of the security breach — they delayed notice to all employees despite the gravity of the situation, and when such notice was given by Warden Thoms, it was in untruthful, vague, and misleading memoranda; Warden Thoms ordered that the folder be destroyed while simultaneously demanding that the plaintiffs prove disclosure, the only circumstantial evidence of which was the folder's appearance; prison officials misrepresented that the folder was marked "LOU-Sensitive" from the beginning of this incident in late March of 2001 until the late stages of this litigation; prison officials did not report this security breach to OIA, and they did not timely respond to the OIA's inquiry based upon the Union's having reported it to OIA. The court does not credit Clint Jones's testimony that he marked the file "LOU-Sensitive" after this incident occurred but before the arbitration hearing. The court also finds not credible those witnesses who say they observed no evidence of tampering when they examined the folder before its destruction, based upon their demeanor while testifying and upon their attempts to silence the plaintiffs and to thwart the investigation. Based upon this credibility assessment, the court finds that the officials who inspected the folder found evidence that an inmate had tampered with it. This finding is conclusive as to disclosure, and the defendants' conduct therefore constitutes a violation of the Privacy Act.

Thus, whether by use of the adverse inference or not, the court finds that disclosure occurred.

82. Intent or Willfulness

Under the Privacy Act, intent or willfulness is a standard "somewhat greater than gross negligence." Mount v. USPS, 79 F.3d 531, 533 (6^th Cir. 1996) (citation omitted). "An agency acts intentionally or willfully `either by committing the act without grounds for believing it to be lawful, or flagrantly disregarding others' rights under the Privacy Act.'" Id. ( quoting Wilborn v. Dept. Health and Human Servs., 49 F.3d 597, 602 (9th Cir. 1995)).

On behalf of the plaintiffs, Dr. Alan Westin, a Privacy Act expert, testified that the information was handled in reckless disregard of the Privacy Act and relevant guidelines. Dr. Westin's conclusion was based on twelve factors, but the court need examine only Clint Jones's physical treatment of the information in resolving this issue.

Regardless of the various purposes for which Clint Jones might have possessed confidential information about FMC staff, the only reason he gave for taking the names folder with him to UNICOR on the night of March 29, 2001, and into the morning of March 30, 2001, was so that he could, if necessary, call UNICOR computer administrators to obtain passwords that would enable him to change the configuration of a computer. All prison employees are aware of the risks involved with their job. Jones in particular, as SIS, was aware of the security guidelines and the importance of maintaining the confidentiality of sensitive information. Jones's conscious decision to ignore the risks associated with bringing unmarked confidential information into an area to which inmates have access was in flagrant disregard for FMC employees' right to protect that information from improper disclosure. Although leaving the folder unsecured on Moore's desk was inadvertent, Jones's failure to account for the potential for human error and minimize the potential harm from such possible errors demonstrates flagrant disregard for the plaintiffs' rights under the Privacy Act

83. Actual Damages Proximate Causation

The court credits the plaintiffs' testimony, and the court accepts as true their statements, regarding their experiences and efforts to protect themselves. Aided by the testimony of the parties' respective experts, the court concludes that (1) the adverse financial events and instances of harassment that occurred were not the result of the file folder being left unattended in UNICOR, but that (2) the efforts taken by the plaintiffs to protect their personal and financial security were caused by the file folder being left unattended in UNICOR. The court will proceed to address, first, the financial events and harassment, and will then discuss the protective measures.

a. Financial Events and Harassment

Although the court credits Dr. Westin's testimony and opinions insofar as they address whether the defendants' conduct was in disregard of the plaintiffs' interest in maintaining the security of their personal information, his testimony carries little weight with regard to whether the criminal acts perpetrated against, and damages incurred by, the plaintiffs were caused by the disclosure of the folder.

The defendants' expert, Steve Reger, is an expert in preventing, investigating, and detecting instances of identity theft. In Reger's opinion, the plaintiffs' experiences were not the result of disclosure of the file folder. For each plaintiff who experienced some concrete form of criminal harm, Reger assigned the harm to one of eight categories. For each category and each claim, he considered the information that a criminal would have needed to cause the harm and concluded that none of the incidents were caused by the alleged disclosure of the names list. The court credits Reger's testimony as it relates to the causation of the identifiable instances of harm, which are discussed below by subject matter.

1. Account Takeovers

Reger testified that to effectuate an account takeover, a thief must have a means of accessing the account — for example, the account number, expiration date, security code, and pin number — and, for bank accounts, the name of the institution. Reger stated that the account holder's social security number, date of birth, name, address, and telephone number would be of minimal value. However, it is possible in certain circumstances to obtain a credit report with full account numbers with the appropriate information.

Based on the types and locations of the fraudulent charges made on the plaintiffs' accounts, the pattern of attempted account takeovers, and the information that would have been necessary to take over the accounts, Reger concluded that the events were not related to the disclosure. The court agrees that the plaintiffs have not proven by a preponderance of the evidence that the alleged account takeovers were caused by the disclosure.

2. Identity Thefts

Based on the pattern of the incidents and the alternate sources for the necessary information, Reger concluded that the alleged identity thefts were not caused by the disclosure.

Reger found Bryant's situation to be the only "true" identity theft, but he could not identify anything to definitively connect the credit issues with the disclosure. The court cannot conclude, by a preponderance of the evidence, that the incidents were a result of the disclosure. The fact that the store clerk called Bryant at his work extension is not compelling, because Bryant had provided that number and extension on his fraud-alert statement in April 2002, and the store clerk could have called that number in compliance with the fraud-alert statement and not according to the potential thief's instruction. Bryant's information was also available from other credit applications he had recently made.

3. Harassment

Reger identified four cases involving harassment; an additional plaintiff — Kathleen Spanyer — experienced harassment between the date of Reger's report and trial. As the instances of harassment are not financial crimes, Reger is not an expert in their cause. The court finds, however, that the plaintiffs have not proven by a preponderance of the evidence that they are related to the disclosure.

Despite the suspicious circumstances surrounding Erika Stewart's receipt of greeting cards from former inmate John Lynch, the court cannot find by a preponderance of the evidence that the incidents were caused by the alleged disclosure. Although Ms. Stewart's address is not published, even an unlisted address can be discovered through various other sources. The fact that the inmate lived on Antaeus Unit at FMC is also significant, because there was testimony that staff members on Antaeus unit celebrated birthdays and, although the court believes Ms. Stewart's testimony that her birthday was never celebrated on her actual birthday, the court finds that the person who sent the card to her via U.S. mail may have surmised the approximate time of her birthday and would not have known to a certainty when his card would arrive at FMC.

Since January 17, 2006, someone has scratched "hi" and a vertical line on Ms. Spanyer's front door, observed her home from the street and through a window, left open her garage keypad cover, entered her back yard and moved items, short-circuited the electricity in her home, and left in her rear storm door an illegal gambling slip and a note indicating that the person could enter her property without her knowledge, and indeed had done so. There is no indication that the person harassing Ms. Spanyer is a former inmate or received her address from an FMC inmate; there is no evidence that the incidents were caused by the breach of security in UNICOR.

4. Internet Fraud

Reger concluded that the instances of internet fraud were not caused by the disclosure. The court agrees that the plaintiffs have not proven such causation by a preponderance of the evidence. The names list did not divulge information regarding the plaintiffs' internet screen names, e-mail addresses, passwords, or account information. As with the account takeovers and identity thefts, the information necessary to perpetrate the frauds was available from other sources and was not necessarily found in the folder.

5. Undeterminable

Michael Napier reported that a Blockbuster account was opened in his name and connected to his address in September 2005. As with the other fraudulent account claims, the court cannot conclude by a preponderance of the evidence that there is a connection between the account and the names roster.

Denise Sheets reported that she discovered unknown addresses in Georgia and Florida that were associated with her social security number. Reger suggested that the mistake was due to human or electronic error. Significantly, some of the entries appeared prior to 1999 and therefore could not have been associated with the exposure of the folder. The court agrees with Reger's assessment.

6. Application Fraud

Reger speculated that the fraudulent application reported by Tammy Underwood was likely the result of a thief's fabricating an identity and social security number which happened to belong to Ms. Underwood, in an attempt to obtain credit. As with the other credit-related complaints, the court cannot conclude by a preponderance of the evidence that Ms. Underwood's experience is related to the disclosure of the names list.

7. Bank Error

Angela Carpenter's bank returned one of her checks as "account closed," when her account had not in fact been closed. Reger attributes the confusion to bank error; the court agrees, insofar as there is no evidence that the incident was related to the disclosure.

8. Property Crime

As with harassment, Reger is not an expert in determining the causation of property crimes. The court, however, finds that the property crime was not caused by the alleged disclosure.

Someone shot through a window in David Couch's truck while it was parked at his apartment complex the night of February 16, 2002; Couch also testified that he received between ten and twelve telephone calls from pay telephones each night for about a month both before and after the shooting. The plaintiffs have not shown a connection between that incident and the disclosure of the names list. Couch's parking spot at his apartment was not associated with his unit, and the names list did not contain information about the plaintiffs' automobiles; the information necessary to commit the crime against Couch must have been obtained from somewhere other than the file folder. The court therefore finds that, under the preponderance-of-the-evidence standard, no causal link has been proven between this incident and the disclosure.

9. Marion Johnson's Address

In addition to the eight categories identified by Reger, the court also recognizes separately the fact that inmate Charles Kinnard possessed the approximate address of Antaeus secretary Marion Johnson. The court credits and believes Johnson's testimony that she never gave her personal information to inmates, including Kinnard, and that she did not have a personal relationship or friendship with Kinnard. The court also finds that Kinnard's address list was not referring to a different Marion Johnson. Because Kinnard is the inmate who allegedly saw and even possessed the names list, Johnson's case presents the strongest proof of a causal link. Nevertheless, the court cannot find the necessary link by a preponderance of the evidence, because other sources for the information cannot be ruled out. For example, given the arrangement of staff offices on Antaeus and inmates' access to "staff alley," Kinnard could have overheard Johnson giving her information to someone else; alternatively, Kinnard could have conducted (or had someone else conduct) research to ascertain her address.

b. Protective Measures

While the court cannot find that the specific instances discussed generally and individually above were connected to the disclosure, the court does conclude by a preponderance of the evidence that the protective measures taken by the plaintiffs to secure themselves both financially and physically are causally linked to the defendants' conduct. If the unmarked folder had not been left out in UNICOR, the plaintiffs would not have felt compelled to purchase credit reports, place fraud alerts on their accounts, increase security at their homes, and take other actions to protect themselves from the potential consequences of inmates' gaining access to their personal information.²⁰ III. FTCA ²¹ — Invasion of Privacy Claim

20 See infra, ¶ 90, for a discussion of the availability of recovery for costs incurred in preventing harm from an unauthorized disclosure under the Privacy Act.

21 See infra, ¶ 89, for list of plaintiffs who fulfilled FTCA jurisdictional requirements.

84. Intrusion Upon Seclusion

The common law and Kentucky courts recognize four theories of the tort of invasion of privacy: (1) intrusion upon seclusion; (2) appropriation of name or likeness; (3) publicity given to private life; and (4) false light. McCall v. Courier-Journal Louisville Times Co., 623 S.W.2d 882, 887 (Ky. 1981) (adopting Restatement (Second) of Torts § 652A (1976)). The plaintiffs relied on the "intrusion upon seclusion" theory of the tort, which is premised upon a defendant's "intentional intrusion, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns." Smith v. Bob Smith Chevrolet, Inc., 275 F. Supp. 2d 808, 822 (W.D. Ky. 2003) ( quoting Restatement (Second) of Torts § 652B (1977)).

The Restatement elaborates on the types of intrusions encompassed by the cause of action, including forcible entry into an area in which the plaintiff has isolated himself, eavesdropping, or "some other form of investigation or examination into his private concerns, as by opening his private and personal mail, searching his safe or wallet, [or] examining his private bank account." Restatement (Second) of Torts § 625B, cmt. b (1977) ( quoted in Johns v. Firstar Bank, 2006 WL 741107, at *3 (Ky.App. March 24, 2006)). "The disclosure of information held in confidence cannot be considered an intrusion under this section." Johns, 2006 WL 741107, at *3. Rather, "[t]his form of the tort concerns a prying into secreted information by physical force or other means. This section seems to assume the intrusion is made by an outside force into those personal areas normally withheld from public view." Id. See also Ghassomians v. Ashland Indep. Sch. Dist., 55 F. Supp. 2d 675, 693 (E.D. Ky. 1998) (no substantial intrusion upon seclusion where defendant read plaintiff's diary but had not come into possession of diary through wrongful conduct). Disclosure of private information is distinct from an intentional intrusion into private matters.

The court finds that the defendants did not commit this tort against the plaintiffs when they left the names list unattended and disclosed it to inmates. Like the defendant in Johns, neither Clint Jones nor any other FMC employee pried into the secret information as contemplated for an intrusion upon seclusion.

85. Publicity Given to Private Life

The plaintiffs might alternatively have proceeded based upon the "publication of private matters" subdivision of the invasion-of-privacy tort. Under that section,

[o]ne who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that

(a) would be highly offensive to a reasonable person, and

(b) is not of legitimate concern to the public.

Ghassomians, 55 F. Supp. at 693 ( quoting Restatement (Second) of Torts § 652D (1976)). Publicity in this context is given when "the information was passed along in a way substantially certain to become general knowledge either through dissemination to the public at large or to a multitude of persons. Id. ( citing Restatement (Second) of Torts § 652D cmt. a.). "Consequently, a communication to a single person or small group of persons does not constitute publicity while publication to a crowd or through the mass media does." Id. Thus there had been no such publicity where the defendant came into possession of the plaintiff's private diary, read it, and gave copies of certain portions to one other person. Id. The Ghassomians court specifically considered whether to deem the publicity requirement satisfied by a simple disclosure, but it declined to do so where the information was not obtained in a tortious manner. Id. at n. 13.

The Restatement recognizes various methods of giving publicity to private information, including publication in a newspaper or magazine, inclusion on a handbill distributed to many people, communication in a news broadcast, or inclusion of a statement in an address to a large audience. Restatement (Second) of Torts § 652D, cmt. a. Like the publicity found not to be actionable in Ghassomians and the examples provided in the Restatement, Clint Jones did not actually communicate the information contained in the names list to anyone when he left the folder unattended on Moore's desk. Furthermore, even if the failure to keep the folder secure could be considered communication, the information was not transmitted to a group of sufficient size to constitute publicity in this context. The court therefore concludes that no publicity was given to the plaintiffs' personal information when Clint Jones left the names folder unsecured in UNICOR.

IV. FTCA — Tort of Outrage

86. Jurisdiction

The FTCA is a waiver of the court's sovereign immunity, and 28 U.S.C. § 2680 limits that waiver. Smith v. Snyder, 2006 WL 379516, at *4 (E.D. Ky. Feb. 15, 2006). Jurisdiction is therefore proper only where the allegedly tortious conduct is not encompassed by one of the provisions of § 2680. Carlyle v. United States, Dept. of the Army, 674 F.2d 554, 556 (6th Cir. 1982) ( cited by Sharp v. United States, 401 F.3d 440, 443 n. 1 (6th Cir. 2005)). The United States does not waive its immunity from tort claims arising out of conduct "based upon the exercise or performance or the failure to exercise or perform a discretionary function or duty on the part of a federal agency or an employee of the Government, whether or not the discretion involved be abused." 28 U.S.C. § 2680(a). "[I]f a `federal statute, regulation, or policy specifically prescribes a course of action for an employee to follow,'" the discretionary-function exception cannot apply, because `the employee has no rightful option but to adhere to the directive.'" United States v. Gaubert, 409 U.S. 315, 322 (1991) ( quoting Berkovitz v. United States, 486 U.S. 531, 536 (1988)).

Even if there is no mandatory rule, the exception applies only when the judgment exercised involved considerations of social, economic, or political policy. Id. at 322-23. However, where a regulation allows discretion, "the very existence of the regulation creates a strong presumption that a discretionary act authorized by the regulation involves consideration of the same policies which led to the promulgation of the regulations." Id. at 324. Internal guidelines typically reflect the policy considerations from which the controlling law arose. Id. "When established governmental policy, as expressed or implied by statute, regulation, or agency guidelines, allows a Government agent to exercise discretion, it must be presumed that the agent's acts are grounded in policy when exercising that discretion." Id. a. Allowing Inmates to Access Folder

The defendants concede that Clint Jones's enabling inmates to view the names folder constitutes a violation of the mandatory obligations imposed by the Privacy Act.

b. Failure to Mark

The defendants do not contest that the failure to mark the names list or the folder "LOU-Sensitive" violated Program Statement 1237.11 and Institutional Supplement 1237.11A. The court also finds that Jones's possession of the rosters, which contain the information of staff members of higher ranking than Jones, was in violation of mandatory policy, as was transporting them without properly marking them.

c. Delay in Notification

The plaintiffs contend that the defendants' failure to respond promptly to the requests for accountings under the Privacy Act, 5 U.S.C. § 552a(c), renders the discretionary exception to FTCA liability inapplicable. The accounting provision of the Privacy Act provides that

[e]ach agency, with respect to each system of records under its control, shall —

(1) . . . keep an accurate accounting of

(A) the date, nature, and purpose of each disclosure of a record to any person or to another agency made under subsection (b) of this section; and

(B) the name and address of the person or agency to whom the disclosure is made;

. . . .

(3) . . . make the accounting made under paragraph (1) of this subsection available to the individual named in the record at his request.

(emphasis added). Section 552a(b) enumerates circumstances under which the agency is authorized to make a disclosure.

The plaintiffs' complaint is that the defendants failed to make an accounting of the alleged unauthorized disclosure, and the accounting requirement of the Privacy Act, § 552a(c), is therefore inapplicable. In the absence of any law or policy requiring the defendants to provide the plaintiffs with an accounting pertaining to the UNICOR incident, FMC management had discretion to determine information with which staff should be provided.

The court presumes, and the plaintiffs have not shown otherwise, that the defendants' decision not to immediately notify staff of the situation and not to provide them with requested information was made in light of BOP policy considerations such as maintaining the security of the institution and protecting individuals' privacy interests. Therefore, the court is without jurisdiction to determine whether the defendants' failure to provide immediate notification of the incident was tortious.

d. Failure to Investigate

The plaintiffs do not dispute that the initial decision whether to investigate the circumstances surrounding the folder's potential compromise was within the Warden's discretion, and the court finds that no mandatory rule or guideline mandates that an investigation ensue whenever sensitive information is left unattended. The court further finds that the decision was motivated by policy considerations that are protected by the discretionary-function exception. Thoms, Carter, and Snead consistently explained that they did not initiate an investigation or order a lockdown or shakedown, report the incident to OIA, or treat the incident as a conduct violation for several reasons: because UNICOR policy restricted inmates from accessing staff desks; despite Moore's late arrival, other staff were present in the area and were responsible for supervising inmates; no misconduct reports were filed as to the inmates' behavior that day; the folder did not appear to have been tampered with²²; and they did not want to compromise the ongoing UNICOR investigation. Investigative decisions are informed by concerns for institutional security, confidentiality of ongoing investigations, and efficient allocation of institutional resources. Even if the decision was an abuse of discretion, the court will not disturb it.

22 The court observes that the impact that the folder's appearance had on the decisions immediately following the discovery of the folder highlights its obvious importance to the issues involved in this case.

Management is not required to investigate a staff performance issue, and OIA Chief John Dignam confirmed that the Warden has discretion to classify an incident as performance or conduct. The decision to treat Jones's error as a performance issue was based on considerations of his employment record, his working conditions at the time, and the perception that no inmates had actually accessed the folder. Disciplinary measures are within the Warden's discretion, and such discretion is necessary to allow the Warden to measure and balance considerations such as staff competency, continuity, confidence, security, and morale.

Dignam testified that SIS or BOP involvement in investigating external harm to an employee is dependent on the quality of proof the employee has to confirm that a particular inmate is involved. Unless the staff member can provide specific proof that an identifiable inmate is responsible, the BOP cannot participate. Dignam thus opined that the December 17, 2001, memorandum promised an investigation only if such specific proof was presented. Whether individual situations — for example, Mark Bryant, Marion Johnson, and Erika Stewart — warranted an investigation under that standard and what type of investigation to pursue was a matter of discretion informed by consideration for minimizing disruptions, maintaining normal operations, and preventing panic, and the court will not second-guess the BOP's decision.

The Union reported Clint Jones to the OIA in March 2002 based on his handling of the Marion Johnson incident, and Lloyd Boyle authorized a "classification 3" investigation for failure to follow policy on March 29, 2002. "Classification 3" pertains to "allegations of misconduct . . . which ordinarily have less impact on institutional operations." PX 112. The Warden is required to prepare and submit to OIA a monthly report summarizing the subject of all "classification 3" investigations. There is no institutional discretion whether to follow up on an OIA-authorized investigation, and an update should be submitted within 120 days of the initiation. FMC did not inform OIA of the results of its inquiry until January 2004 — 22 months after an investigation was authorized. Dignam stated that the delay was unusual, but that, considering that FMC had opted to treat Jones's investigation of the Marion Johnson incident as a performance issue and thus no further investigation was necessary, the failure to report the result to OIA was not significant. Although the obligation to report to OIA was not discretionary, FMC's decision to treat the incident as a performance issue was within its discretion and, as discussed, was made with a view toward important institutional policy consideration.

Thus, in relation to FMC's investigatory response to the allegations arising out of the March 30, 2001, incident, the court has jurisdiction to consider the outrageousness of only the failure to follow up with the OIA-authorized investigation of Clint Jones's inquiry into the Marion Johnson incident.

e. Misstatements in Notice

The United States maintains that it has the discretion to choose what information to seek in the course of an investigation and the manner in which it conveys that information. The plaintiffs contend that, even if the defendants had discretion concerning the form of the notification given to staff, the government does not have the discretion to lie, and its failure to give accurate information is therefore not subject to the discretionary-function exception.

Prior to the issuance of the arbitration award on November 21, 2001, FMC management had no obligation to provide staff with notice of the file-folder incident because, as discussed above, there is no accounting requirement under the Privacy Act applicable to unauthorized disclosures. Nonetheless, the plaintiffs argue that, once the defendants made the choice to give notice, they had an obligation to do so accurately.

Because the issuance of the September 17, 2001, memorandum was a discretionary act, the court presumes that the manner in which that discretion was exercised — the choice of the information in and wording of the memorandum — was consistent with the policies justifying the grant of discretion. Furthermore, 28 U.S.C. § 2680(h) precludes a tort suit against the federal government for misrepresentations. Therefore, although the September 17, 2001, memorandum was both inaccurate and misleading, as detailed above, the discretionary-function exception to the FTCA deprives the court of jurisdiction to consider whether the government's action constitutes tortious conduct.

FMC management was required by the arbitration award to issue the December 17, 2001, memorandum. Consistent with the requirements of the arbitration award, the December 17, 2001, memorandum stated the date and time when the folder was left out, detailed the information contained in the folder, specified ways in which such information could be misused, enhanced the list of suggested protective measures, emphasized the enduring nature of the risk, and clarified the manner in which harm should be reported and what types of assistance would available. Therefore, to the extent the second memorandum was not issued as an exercise of discretion, the defendants acted in compliance with the ruling. Any misstatements contained in the memorandum were not only discretionary, but are also rendered not actionable by the misrepresentation exception, 28 U.S.C. § 2680(h), to the FTCA.

f. Destruction of Folder

There is no binding federal statute or rule that prescribes the BOP's election to maintain or destroy evidence relevant to potential litigation. As discussed above, a party is obligated to preserve evidence once it is or should be aware that litigation may arise, but that duty is imposed pursuant to the courts' inherent power to dictate the course of litigation. See Hodge, 360 F.3d at 449. The availability of sanctions in the face of spoliation encourages preservation of evidence, but the policy does not prescribe a course of conduct for federal agencies and employees in possession of evidence. See Black Hills Aviation v. United States, 34 F.3d 968, 976-77 (10th Cir. 1994) (decision to dispose of debris from military tanker crash protected by discretionary-function exception, precluding court from imposing spoliation sanction); Carter v. Bell Helicopter Textron, Inc., 52 F. Supp. 2d 1108, 1116-17 (D. Ariz. 1999) (manner in which investigation was conducted and wreckage was released necessarily required exercise of discretion).

Nor does 18 U.S.C. § 1512(c), criminalizing corrupt destruction of records "with the intent to impair the object's integrity or availability for use in an official proceeding," satisfy the plaintiffs' quest for a mandatory regulation that would render the defendants' destruction of the folder outside the discretionary-function exception. That statute, although it applies even when there is no official proceeding pending or about to be instituted at the time the evidence is destroyed, applies to criminal, but not civil, proceedings. 185 A.L.R. Fed. 1, Construction and Application of Federal Witness Tampering Statute" (2003); Senate Report No. 97-532 (Aug. 19, 1982) (purpose of law "is to strengthen existing legal protections for victims and witnesses of federal crimes"). Therefore, because there was no indication of an intention to hinder a federal criminal proceeding, the statute is inapplicable.

In the absence of a mandate to retain the folder, the court finds that FMC's decision to destroy the folder was an exercise of its discretion regarding whether and how to investigate the incident. Thoms and Murchie gave these reasons that the folder was destroyed: there was no need for further investigation as to Jones, as the incident had been dealt with as a performance issue; the information contained in the folder could be re-created from computer databases; no tort claim had been filed; and destruction of the folder would safeguard against any further compromise of the information. The court does not question whether the decision constitutes an abuse of their discretion with regard to implementing BOP policy concerns for efficiency and security, and the court therefore lacks jurisdiction to consider whether the destruction of the folder constitutes outrageous conduct under the tort standard.

To the extent the court lacks jurisdiction over the defendants' conduct under the FTCA, as discussed above, the plaintiffs' outrage claim will be dismissed for lack of subject-matter jurisdiction. The court therefore considers only those actions taken by the defendants which did not constitute an exercise of discretion — Jones's improper access to the information, the failure to properly mark the documents or the folder, the transportation of the folder without taking appropriate security precautions, leaving the folder unsecured in UNICOR, and FMC's failing to timely report to OIA the result of FMC's inquiry into Jones's handling of the Marion Johnson incident.

87. Causation Severe Emotional Distress

Liability for intentional torts exists only where the defendant's conduct is the "cause in fact" of the plaintiff's harm. Restatement (Second) of Torts, § 870, cmt. I. The causal link is satisfied where "(a) [the defendant's] conduct is a substantial factor in bringing about the harm, and (b) there is no rule of law relieving the actor from liability. . . ." Restatement (Second) of Torts, § 431; see also Capital Holding Corp. v. Bailey, 873 S.W.2d 187, 193 (Ky. 1994) (both indirect and direct harm compensable if negligence "was a substantial factor resulting in the harm").

Liability attaches "only where the distress inflicted is so severe that no reasonable man could be expected to endure it. The intensity and duration of the distress are factors to be considered in determining its severity." Restatement (Second) of Torts, § 46, cmt. j. The outrageousness of the defendants' conduct is evidence of the existence of distress, but severity must be proved. Id. Furthermore, "[t]he distress must be reasonable and justified under the circumstance, . . . unless it results from a peculiar susceptibility to such distress of which the actor had knowledge." Id.

The court does not have jurisdiction to consider the mental and emotional damages — such as feelings of helplessness and abandonment — insofar as they are attributable to the defendants' discretionary decisions, including delayed notification, failure to investigate, and destruction of the folder. Furthermore, the court finds that emotional damages suffered as a result of alleged criminal activity or harassment were not related to the defendants' outrageous conduct, because, as discussed above, those instances were not caused by the disclosure of the folder.

The defendants' inattention to policies regarding the distribution and handling of sensitive information caused emotional distress to the plaintiffs. All of the plaintiffs reasonably fear that they will be the victims of identity theft or other criminal mischief as a result of the disclosure. The fact that Jones left the folder where inmates could find it has caused, and will continue to cause, distress for the plaintiffs about their personal and financial security and that of their families. However, to the extent any of the plaintiffs' distress was caused by that act, and not by the BOP's responsive actions, the court finds that the plaintiffs' damages are adequately compensated by the award under the Privacy Act, and the plaintiffs' outrage claim is therefore dismissed as moot.²³

23 Mark Bryant and Erika Stewart's situations, due to their heightened emotional distress, deserve further explanation. Bryant experienced extreme emotional distress after repeated attempts were made to fraudulently obtain credit in his name and after FMC management failed to assist him in resolving the matter; Stewart's pre-existing post-traumatic stress syndrome was aggravated by her receipt of greeting cards from a former inmate and by FMC management's response to her situation. Neither the attempted identity theft nor the greeting cards was connected to the names list, and emotional damages connected to those occurrences are therefore not compensable. To the extent their emotional damages were caused by FMC's response to their respective situations (or various other discretionary conduct as discussed with respect to jurisdiction), the court does not have jurisdiction to adjudicate the claim.

V. CONCLUSIONS

88. This court has jurisdiction over the Privacy Act claim pursuant to 5 U.S.C. § 552a(g)(1).

89. This court has jurisdiction over the FTCA claims pursuant to 28 U.S.C. §§ 1346(b) and 2675(a), with the exceptions as noted with respect to the outrage claim pursuant to the discretionary-function exception, 28 U.S.C. § 2680(a). Jurisdiction under the FTCA requires exhaustion of administrative remedies through the pursuit of an administrative tort claim, which prerequisite has been met by plaintiffs Dennis Barrows, Teresa Begley, Christina Benson, Steven Brixey, Charlton Brown, Mark Bryant, James Capley, Angela Carpenter, Donna Carter, Brady Charles, David Couch, Lisa Creta, Daniel Cullip, Thomas Delzevis, Gary Dicks, Carmen Donato, Joyce Fitzpatrick, Judy Garrett, Tim Hamby, Peter Hanzel, Joyce Hatfield, Myron Hatfield, Sarita Havens, Deanna Hicks, Kevin Hicks, Debra Huey, Elizabeth Joerendt, Dwayne Johnson, Todd Large, Daniel Lee, Steve Logan, Jean Lucas, Teresa Meece, Bryan Miller, James Miller, Susan Moore, Ralph Mott, Gregory Murphy, Michael Napier, Dwayne Pettit, Daryl Piersawl, Sr., Harold Pritchett, Sr., Margaret Romeril, Tara Rose, Denise Sheets, Roy Sires, Daniel Smith, Ray Smith, William Stamper, Tammy Strode, James Tomlin, Tammy Underwood, Diane Walker, Mark Walker, Joseph Watt, Tracy Wells, Charles Workman, Lisa Coleman, Donna Shepherd, Erika Stewart, Delores Marsh, Mark Simmons, Rita Simmons, Sheila Geiger, Tara Halbert, Marion Johnson, Nicole Johnson, Charles Trautwein, Earl Watson, Rebecca Woosley, and Bonitta Zewicke.

90. The defendants assert that the damages claimed by the plaintiffs in relation to the Privacy Act claim are not compensable because the plaintiffs' own apprehension, as opposed to the disclosure of the names list, caused them. The civil remedy provision of the Privacy Act permits recovery for failure to comply with the statute "in such a way as to have an adverse effect on an individual." 5 U.S.C. § 552a(g)(1)(D). Waivers of sovereign immunity "must be construed strictly in favor of the sovereign, and not enlarge[d] . . . beyond what the language requires." United States v. Nordic Village, Inc., 503 U.S. 30, 34 (1992) (citation omitted) (alterations in original). Applying that principle, one court of appeals has found that contemporaneous transmission of protected information to millions of recipients constitutes only one violation. Tomasello v. Rubin, 167 F.3d 612, 618 (D.C. Cir. 1999).

In an action for damages, the doctrine of mitigation precludes recovery for harm that could have been avoided through reasonable effort. See BP Exploration Oil Co. v. Maintenance Servs., Inc., 313 F.3d 936, 943 (6th Cir. 2002) (applying Ohio law). Accompanying the victim's obligation to mitigate is the plaintiff's right to recover reasonable expenses incurred to avoid potential harm from the defendant's conduct. Comdyne I, Inc. v. Corbin, 908 F.2d 1142, 1149-50 (3d Cir. 1990). Even where a defendant's wrongful conduct does not result in the anticipated harm, the plaintiff may recover for prophylactic measures. Friends for All Children, Inc. v. Lockheed Aircraft Corp., 746 F.2d 816 (D.C. Cir. 1984) (recognizing cause of action for diagnostic examinations without proof of actual injury). Although the doctrine of mitigation has not yet been explicitly applied to Privacy Act claims, the court finds it appropriate to do so. Discussing the Privacy Act, the Supreme Court has referred to the traditional tort notion that recovery is conditioned on "proof of some harm for which damages can reasonably be assessed," Doe v. Chao, 540 U.S. 614, 621 (2004), and it is reasonable that traditional tort principles of damages should also apply to actions under the statute.

The court therefore finds that the defendants' hypertechnical construction of the civil-remedy provision is excessively narrow, and holds that an individual whose information is disclosed in violation of the Privacy Act may recover for costs incurred to prevent harm from that disclosure. Even if carefully monitoring one's financial information is prudent, the plaintiffs in this case all testified that they took specific actions to protect themselves from the types of harm, both physical and financial, that could result from inmates' viewing their personal information. The court therefore concludes that the plaintiffs' out-of-pocket expenses to protect themselves from potential harm were caused by the instant Privacy Act violation.

91. The plaintiffs have satisfied the elements necessary to prevail on their Privacy Act claim. The court therefore awards each plaintiff an amount equal to the greater of actual damages sustained as a result of the Privacy Act violation or $1,000.00. See 5 U.S.C. § 552a(g)(4).

92. The plaintiffs have not established an invasion of privacy.

93. To the extent the court has jurisdiction to consider the plaintiffs' outrage claim, the claim is dismissed as moot, as any damages are adequately compensated by the Privacy Act award. Accordingly,

IT IS ORDERED that the defendants' motion to dismiss the plaintiffs' outrage claim for lack of subject matter jurisdiction (DE 289) is GRANTED IN PART and DENIED IN PART. The motion is DENIED as to (1) Jones's improper access to the information; (2) failure to properly mark the documents or the folder; (3) transportation of the folder without required security precautions; (4) leaving the folder unsecured in UNICOR; and (5) failure to timely report to OIA the result of its inquiry into Jones's handling of the Marion Johnson incident. The motion is GRANTED in all other respects.

IT IS FURTHER ORDERED that the plaintiffs' motion to reconsider the court's September 29, 2005, order regarding evidentiary sanctions against the defendant (DE 290) is GRANTED, and the court will impose against the defendants the adverse inference that the folder would have proven that it had been accessed by inmates.

IT IS FURTHER ORDERED that the court finds in favor of the plaintiffs on their Privacy Act claim, the court finds for the defendants on the plaintiffs' FTCA Invasion of Privacy claim, and the plaintiffs' FTCA Outrage claim is DISMISSED for lack of jurisdiction and as moot.

The plaintiffs shall file a motion for entry of judgment, detailing the monetary award to which each plaintiff is entitled, not later than 30 days from the date of entry of this memorandum opinion and order. Pursuant to 5 U.S.C. § 552a(g)(2)(B), the plaintiffs shall file a motion for reasonable attorney's fees and costs within 30 days of the date of entry of judgment. Response and reply times for both motions shall be governed by the Local Rules.