Opinion
Civil No. 13-1309 (JRT/LIB)
03-31-2014
CANDACE GULSVIG, MEL GULSVIG, and JOHN SCHMOLL, all individually and on behalf of all others similarly situated, Plaintiffs, v. MILLE LACS COUNTY; MICHAEL CAMPION, in his individual capacity as Commissioner of the Minnesota Department of Public Safety; MONA DOHMAN, in her individual capacity as Commissioner of the Minnesota Department of Public Safety; MIKKI JO PETERICK, in her individual capacity as an employee of Mille Lacs County; JOHN AND JANE DOES, acting in their individual capacity as supervisors in Mille Lacs County; and JOHN AND JANE DOE EMPLOYEES OF THE MINNESOTA DEPARTMENT OF PUBLIC SAFETY, in their individual capacities as officers, supervisors, staff, employees, independent contractors or agents of the Minnesota Department of Public Safety, Defendants.
Lorenz F. Fett, Jr., SAPIENTIA LAW GROUP, 12 South Sixth Street, Suite 1242, Minneapolis, MN 55402; and Susan M. Holden, SIEBEN GROSE VON HOLTUM & CAREY, LTD, 901 Marquette Avenue, Suite 500, Minneapolis, MN 55402, for plaintiffs. Oliver J. Larson, Assistant Attorney General, MINNESOTA ATTORNEY GENERAL'S OFFICE, 445 Minnesota Street, Suite 1800, St. Paul, MN 55101, for defendants Michael Campion and Mona Dohman.
MEMORANDUM OPINION
AND ORDER GRANTING
DEFENDANTS CAMPION AND
DOHMAN'S MOTION TO
DISMISS
Lorenz F. Fett, Jr., SAPIENTIA LAW GROUP, 12 South Sixth Street, Suite 1242, Minneapolis, MN 55402; and Susan M. Holden, SIEBEN GROSE VON HOLTUM & CAREY, LTD, 901 Marquette Avenue, Suite 500, Minneapolis, MN 55402, for plaintiffs.
Oliver J. Larson, Assistant Attorney General, MINNESOTA ATTORNEY GENERAL'S OFFICE, 445 Minnesota Street, Suite 1800, St. Paul, MN 55101, for defendants Michael Campion and Mona Dohman.
This putative class action involves a Mille Lacs County employee's alleged misuse of private driver's license information and seeks to hold state officials liable for the alleged harm to the people who are the subject of the information. Plaintiffs allege that an employee of Mille Lacs County improperly accessed the drivers' license information of over 370 individuals and bring this action against the employee, Mille Lacs County, the current and former commissioners of the Minnesota Department of Public Safety ("DPS"), and John and Jane Doe state and county employees, alleging violations of the Drivers Privacy Protection Act ("DPPA" or "the Act") and the Fourth and Fourteenth Amendment of the U.S. Constitution. The current and former commissioners of the Minnesota DPS, Michael Campion and Mona Dohman, move to dismiss all counts against them, arguing that Plaintiffs fail to state a claim for relief. The Court concludes the Commissioners cannot be held liable under the DPPA based on Plaintiffs' allegations here and that the personal information at issue is not so intimate or extremely personal so as to be protected by a constitutional right to privacy, and will thus grant the motion to dismiss.
BACKGROUND
I. PARTIES AND COMPLAINT
Plaintiffs are residents of Minnesota who allege that an employee of Mille Lacs County improperly accessed the drivers' license information of over 370 individuals, including their own. (Compl. ¶¶ 4-6, 22, May 31, 2013, Docket No. 1.) They allege that the employee had access to a state database of motor vehicle records maintained by DPS ("the Database") containing "personal information" and "highly restricted personal information" including name, date of birth, driver's license number, address, photo, weight, height, eye color, and "perhaps . . . medical and disability information." (Id. ¶¶ 18-19.)
Plaintiffs allege that the employee, Mikki Jo Peterick, was employed by Mille Lacs County Family Services and was authorized by Mille Lacs County to use the Database, but that from January 2009 through November 2012 Peterick acquired the private data of approximately 379 individuals without authorization. (Id. ¶¶ 16-17, 22.) The County sent out letters to these individuals notifying them of the "unauthorized access of . . . private information by an employee of Mille Lacs County Community & Veterans Services." (Id. ¶ 25 (citing id., Ex. A).)
Based on these allegations, Plaintiffs bring this lawsuit against Peterick, Mille Lacs County and John/Jane Doe supervisors in the County, and the current and former Commissioners of DPS, Mona Dohman and Michael Campion ("Commissioner Defendants"), in their individual capacities. (Id. ¶¶ 7-13.) The instant motion involves only the Commissioner Defendants. Against these Defendants, Plaintiffs allege violations of the DPPA and bring claims for violations of their statutory and constitutional rights under 42 U.S.C. § 1983. Plaintiffs seek monetary damages and, against only current Commissioner Dohman, injunctive relief under 42 U.S.C. § 1983. (Id. at 8-13, 18-21.)
Plaintiffs' claims against the Commissioner Defendants center on their management and oversight of the Database. Plaintiffs allege that the Commissioner Defendants "failed to put into place systems and/or procedures to ensure Plaintiffs' and Class Members' Private Data would be protected and would not be subject to misuse," and that they "could have taken appropriate security safeguards in regard to Plaintiffs' and class members' Private Data, but failed to do so," despite the fact that "[m]any viable methods were and are available to prevent this illegal accessing of private information." (Id. ¶¶ 35, 40.)
II. DPPA ALLEGATIONS
The Drivers' Privacy Protection Act, 18 U.S.C. §§ 2721, et seq., provides a private right of action to a person whose driver's license information is misused. 18 U.S.C. §§ 2724(a). Plaintiffs seek to hold the Commissioner Defendants liable under this section of the statute. On this count, plaintiffs allege that Peterick knowingly obtained, disclosed, or used Plaintiffs' and Class Members' private motor vehicle record data for a purpose not permitted under the DPPA and that the Commissioner Defendants "knew or should have known and/or recklessly disregarded that Peterick was making these illegal accesses." (Compl. ¶¶ 51, 54.) Plaintiffs furthermore allege that the Commissioner Defendants "knowingly authorized, directed, ratified, approved, acquiesced in, committed or participated in obtaining, disclosing or using of Plaintiffs' and Class Members' private personal information by Peterick," and that these actions "constitute knowing disclosures of the personal information of Plaintiffs and Class Members under the DPPA." (Id. ¶¶ 56-57.)
The Complaint includes allegations suggesting that the Commissioner Defendants should have been aware that the Database was frequently misused by local law enforcement officers: Plaintiffs allege that both Commissioner Defendants "have been involved with law enforcement for many years." (Id. ¶ 58.) Specifically, they allege that current Commissioner Dohman "has been a law enforcement officer for thirty years, having formerly served as police chief of the City of Maple Grove from 2001 until her appointment as DPS Commissioner in March 2011," and that before she was Maple Grove's Chief of Police "she was an investigator, patrol officer, sergeant and captain of the Maple Grove Police Department." (Id. ¶¶ 59-60.) Plaintiffs further allege that "[i]n other lawsuits and potential lawsuits, DPS audits have revealed that numerous officers on the Maple Grove Police Department in particular have made impermissible accesses, including during Dohman's tenure as Maple Grove Police Chief," and "Plaintiffs' counsel has been informed by those familiar with the problems of police departments that misuse of private information is the main complaint of most chiefs and police human resources personnel." (Id. ¶¶ 62-63.)
With regard to former Commissioner Campion, Plaintiffs allege that he "served from July 2004 until March 2011," and that before becoming Commissioner he was "supervisor of the Bureau of Criminal Apprehension ("BCA"), which also maintains a driver's license database." (Id. ¶ 64.) According to Plaintiffs, "[i]t was during his tenure that the DPS Database was largely developed in its current format." (Id. ¶ 66.)
Plaintiffs allege with regard to both Commissioner Defendants that:
On information and belief, misuse of the DPS Database has been well-known to the Commissioner Defendants. At a hearing at which Commissioner Dohman testified, the testimony of the Legislative Auditor revealed that at least 50% of law enforcement officers are misusing the DPS Database by accessing, disclosing, and/or using the driver license personal information for an impermissible purpose.(Id. ¶¶ 67-68.) Finally, Plaintiffs allege that "Commissioner Dohman has been unresponsive to the need to protect private information until the Legislative Auditor's report focused public attention on the matter, requiring some response. (Id. ¶ 69.)
On information and belief, the Commissioner Defendants knew this, and knowingly disclosed the information in part by (a) failing to safeguard and monitor the database despite knowing of its rampant misuse, (b) willfully refusing to correct the misuses, or (c) both failing to monitor and refusing to correct the abuse and misuse of the system. Commissioner Dohman's practices and procedures that result in knowing disclosure of private information are directly contrary to the policy of the State of Minnesota.
III. SECTION 1983 ALLEGATIONS
In addition to violation of the DPPA, Plaintiffs bring a cause of action against the Commissioner Defendants under 42 U.S.C. § 1983 for violation of Plaintiffs' Fourth and Fourteenth Amendment privacy rights, seeking money damages. In support of their § 1983 claim, Plaintiffs allege that the Commissioner Defendants "were responsible for creating, maintaining, and providing access to the database that included Plaintiffs' and Class Members' Private Data and for hiring and supervising employees who were creating, maintaining, and providing access to the said database," that they "had the ability to determine if unauthorized access was being made and to prevent such unauthorized access to the database," but "failed to prevent unauthorized access to the database." (Comp. ¶¶ 109-111.) Specifically with regard to Peterick's alleged misuse, Plaintiffs allege that the Commissioner Defendants "allowed unauthorized access of Plaintiffs' and over 370 class members' Private Data" and "sanctioned the constitutional violations by Defendant Peterick through their failure to remedy the policy, custom and practice of allowing unfettered and unauthorized access to the database." (Id. ¶¶ 114-115.) Plaintiffs furthermore allege that the Commissioner Defendants "have been grossly negligent in supervising subordinates responsible for implementing a database that prevents unauthorized access to private, personal information . . . [and] responsible for proper use of the DVS database, . . . failed to monitor and prevent unauthorized access to private, personal information even though they knew or should have known that such unconstitutional acts were occurring," and "acting under the color of state law, were deliberately indifferent to Plaintiffs' and Class Members' constitutionally recognized and federal statutory rights to be free from illegal searches, invasions of privacy and the unauthorized accessing of their private driver's license information." (Id. ¶¶ 116-119.)
Count V incorporates these allegations and seeks prospective injunctive relief against current Commissioner Dohman under § 1983, alleging that:
[P]rospective injunctive relief is warranted permanently enjoining Commissioner Dohman from allowing the unfettered and unauthorized access by users of the DVS Database to view private information in violation of federal law and further requiring her to set in place policies, procedures and/or practices prohibiting the unlawful accessing, viewing, collecting, storing, disclosing and disseminating of private data in the future, as well as a mechanism to audit or monitor compliance with these procedures.(Id. ¶ 129.) The Complaint additionally includes class allegations. (Id. ¶¶ 131-157.)
IV. MOTION TO DISMISS
The Commissioner Defendants move to dismiss all counts against them for failure to state a claim. (Mot. to Dismiss, Aug. 15, 2013, Docket No. 12.) None of the other defendants have moved to dismiss, but instead have filed answers to the Complaint. (Answer to Compl. by Mille Lacs County, July 3, 2013, Docket No. 5; Answer to Compl. by Mikki Jo Peterick, July 3, 2013, Docket No. 7.) Thus, this Order focuses on whether the Commissioner Defendants can be held liable under either the DPPA or Section 1983 for Peterick's alleged improper use of the Database. The Court concludes that Plaintiffs fail to sufficiently allege liability by the Commissioner Defendants under the DPPA or Section 1983 and will grant the motion to dismiss.
ANALYSIS
I. STANDARD OF REVIEW
In reviewing a motion to dismiss brought under Federal Rule of Civil Procedure 12(b)(6), the Court considers all facts alleged in the complaint as true to determine if the complaint states a "'claim to relief that is plausible on its face.'" See, e.g., Braden v. Wal-Mart Stores, Inc., 588 F.3d 585, 594 (8th Cir. 2009) (quoting Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009)). To survive a motion to dismiss, a complaint must provide more than "'labels and conclusions' or 'a formulaic recitation of the elements of a cause of action.'" Iqbal, 556 U.S. at 678 (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007)). "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Id. "Where a complaint pleads facts that are merely consistent with a defendant's liability, it stops short of the line between possibility and plausibility," and therefore must be dismissed. Id. (internal quotation marks omitted). Rule 12(b)(6) also authorizes the Court to dismiss a claim on the basis of a dispositive legal issue. Neitzke v. Williams, 490 U.S. 319, 326-27 (1989).
II. DRIVER'S PRIVACY PROTECTION ACT
A. The Act
The Driver's Privacy Protection Act, Pub. L. No. 103-322, Title XXX, §§ 300001 et seq. (1994), codified at 18 U.S.C. §§ 2721 et seq., prohibits the disclosure of personal information obtained by motor vehicle departments in connection with a motor vehicle record unless disclosed for one of the permissible purposes under the Act. 18 U.S.C. § 2721(a) (prohibition for state employees); id. § 2722(a) (prohibition for any person); id. § 2721(b) (listing permissible purposes). "Congress enacted the DPPA . . . in response to safety concerns about the ease with which individuals could obtain this information from the state, as well as concerns about direct marketers who used this information for commercial purposes without drivers' consent." Cook v. ACS State & Local Solutions, Inc., 663 F.3d 989, 992 (8th Cir. 2011).
The Act defines "motor vehicle record" as "any record that pertains to a motor vehicle operator's permit, motor vehicle title, motor vehicle registration, or identification card issued by a department of motor vehicles," 18 U.S.C. § 2725(1), and defines "personal information" as "information that identifies an individual, including an individual's photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information," but not "information on vehicular accidents, driving violations, and driver's status" id. § 2725(3). The Act provides a cause of action for a person whose information was accessed impermissibly under the Act:
A person who knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a purpose not permitted under this chapter shall be liable to the individual to whom the information pertains, who may bring a civil action in a United States district court.Id. § 2724(a). Under this section, a court may award actual damages, punitive damages upon proof of willful or reckless disregard of the law, preliminary and equitable relief, and attorneys' fees. Id. § 2724(b). A "person" who may be sued under this section "means an individual, organization or entity, but does not include a State or agency thereof." Id. § 2725(2).
B. Allegations Against Commissioner Defendants Under the DPPA
Plaintiffs claim that the Commissioner Defendants violated the DPPA by 'disclosing' Plaintiffs' information through the Database to state and local employees, including Peterick, who then used the information for an impermissible purpose. They argue that the Commissioners' knowing release of information to those who subsequently misused it was an actionable disclosure under the DPPA. (Mem. in Opp'n to Mot. to Dismiss at 9, Sept. 27, 2013, Docket No. 16.)
The Court concludes that Plaintiffs' allegations against the Commissioner Defendants fail to state a claim under the DPPA because Plaintiffs fail to adequately allege that any disclosure by the Commissioner Defendants was "for a purpose not permitted" under the Act. See 18 U.S.C. § 2724(a). Plaintiffs do not allege that the Commissioner Defendants themselves personally accessed the information for an improper purpose, but rather that the Commissioner Defendants created, maintained, and inadequately monitored the Database, through which others then accessed Plaintiffs' information for purposes not permitted under the Act. (See Mem. in Opp'n to Mot. to Dismiss at 8 ("The sole questions are whether the disclosure is made knowingly and whether an impermissible use is made of the disclosed information.").)
Because this Order concerns only the allegations against the Commissioner Defendants, the Court will assume, without deciding, that Plaintiffs sufficiently pled that Peterick accessed their information for a purpose not permitted under the Act. (Compl. ¶ 51.)
However, the DPPA provides a cause of action against the "person who knowingly . . . discloses" personal information "for a purpose not permitted" under the Act. 18 U.S.C. § 2724(a). Here, assuming that the Commissioners' management and oversight of the Database can be considered a disclosure, Plaintiffs have not pled that such disclosure was for an impermissible purpose. Even if they had, the management and offering of the Database to state and local government officials would likely fall into the stated permissible purpose of "use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions." 18 U.S.C. § 2721(b)(1). The misuse Plaintiffs allege here was by Peterick, not the Commissioner Defendants, and the text of the statute limits liability to those who disclose, use, access, or obtain information themselves for an impermissible purpose, not those who provide access to information that is subsequently used for an impermissible purpose.
The parties do not dispute this point. The Seventh Circuit's opinion in Senne v. Village of Palatine, Illinois, 695 F.3d 597 (7th Cir. 2012) cert. denied, 133 S. Ct. 2850 (2013), suggests that disbursement by a state department to local agencies is a disclosure under the Act. Id. at 602 ("The initial disclosure by the Illinois DMV to the police department, or some other agency through which the police department obtained its record, is governed by subsections (a) and (b) [of the section of the DPPA prohibiting disclosures by state agencies] . . . ."). However, the Court need not resolve whether a database can be considered a disclosure under the Act because it concludes that Plaintiffs have failed to plead that any disclosure by the Commissioner Defendants was for an impermissible purpose.
Other courts have consistently interpreted the DPPA similarly, holding that it does not "impose liability on one who indirectly facilitates another's access of a motor vehicle record by maintaining an electronic database." Bass v. Anoka Cnty., Civ. No. 13-860, 2014 WL 683969, at *3 (D. Minn. Feb. 21, 2014) (emphasis in original); Nelson v. Jesson, Civ. No. 13-340, 2013 WL 5888235, at *3 (D. Minn. Nov. 1, 2013) ("It is not enough that they disclosed information to Schlener and he acted with an impermissible purpose, the Commissioners themselves must have acted with such a purpose. This is the only possible interpretation, given the plain language of the statute." (emphasis in original)); Kiminski v. Hunt, Civ. Nos. 13-185, 13-389, 13-208, 13-358, 13-286, 2013 WL 6872425, at *9 (D. Minn. Sept. 20, 2013) ("Under the plain language of the statute, the person who obtains, discloses, or uses the information must do so for an impermissible purpose. If the person discloses the information for a permissible purpose, the plain language of the provision does not make the person liable for a subsequent misuse by the recipient." (emphasis in original)); see also Roth v. Guzman, 650 F.3d 603, 607, 612 (6th Cir. 2011) (suggesting that the DPPA does not impose liability on a state official in his individual capacity when personal information disclosed for a purportedly permissible purpose was actually obtained for an impermissible one, and finding that such a reading of the statute was not clearly established at the time the state sold information to a private company after the company requested the records for use in the "normal course of business"); cf. Cook, 663 F.3d at 996 ("Bulk obtainment of driver information for a permissible purpose does not violate the DPPA. Plaintiffs cannot establish a violation of the DPPA if all the defendants have done is obtain driver information in bulk for potential use under a permissible purpose.").
This interpretation is more plausible than that which would be required in order to hold the Commissioner Defendants liable based on Plaintiffs' allegations. First, as the Sixth Circuit in Roth observed,
[i]f no distinction is made between the use for which the defendants disclosed the information, and the undisclosed use for which it was obtained, subsequently misused or impermissibly redisclosed by the recipient, the DPPA becomes essentially a strict liability statute. Every subsequent misuse could be traced back to a violation by the state official.650 F.3d at 611 (emphasis in original). Similarly, under the Plaintiffs' theory, any misuse of information from the Database would trigger personal liability for top state officials. Nothing in the text of the statute suggests such expansive liability; rather, the Act specifically exempts states and state agencies from liability, 18 U.S.C. § 2725(2), suggesting that Congress did not intend liability under the Act to extend so far. Secondly, Plaintiffs' allegations frequently use language of negligence. (See, e.g., Compl. ¶¶ 33, 35 (alleging that Commissioner Defendants' "lax enforcement" or "lax policies" allowed for intrusions like Peterick's and that Commissioner Defendants have "failed to put into place systems and/or procedures" to prevent information from being misused).) But the Act's mens rea requirement is "knowingly," not negligence, 18 U.S.C. § 2724(a) (emphasis added), and nothing in the Act suggests that the Act imposes a reasonable duty of care to safeguard information subject to the Act. Thus, the Court declines to interpret the DPPA as suggested by the Plaintiffs and instead finds that Plaintiffs fail to state a claim for violation of the DPPA because they do not allege that the Commissioner Defendants disclosed Plaintiffs' information for an impermissible purpose.
The parties devote significant attention in their briefs to the issue addressed in this quote from Roth: whether or not the "knowingly" requirement under § 2724(a) applies only to the obtaining, disclosure, or use of personal information, or whether a person must also know that the purpose is not one listed as "permitted" under the Act in order to be liable. See, e.g., Senne v. Vill. of Palatine, Ill., 695 F.3d 597, 603 (7th Cir. 2012) ("Voluntary action, not knowledge of illegality or potential consequences, is sufficient to satisfy the mens rea element of the DPPA."); Pichler v. UNITE, 542 F.3d 380, 396-97 (3d Cir. 2008) (holding that "knowingly" applies only to the act (i.e. the disclosure or access), but that the DPPA does not require that a defendant knew that action was done for a purpose not permitted under the Act). Because the Court concludes that Plaintiffs have failed to adequately plead that the Commissioner Defendants made any disclosure for an impermissible purpose at all, the issue presented by this motion does not rest on whether the Commissioner Defendants knew that any disclosure was for an impermissible purpose. Cf. Roth, 650 F.3d at 610 ("[w]ithout agreeing or disagreeing with Pichler, we find that it does not address the question presented in this case," because "[i]t is one thing to say that a defendant's ignorance that his own conduct violates the law is not a defense, but it is another, we think, to conclude that a defendant is liable for a knowing disclosure made for a permissible purpose any time the purpose was misrepresented or the information was later misused or improperly redisclosed by the requester or any other entity").
Plaintiffs argue, citing the Second Circuit's opinion in Gordon v. Softech International, Inc., 726 F.3d 42 (2d Cir. 2013), that the Act can be interpreted as imposing a reasonable duty of care on holders of personal information. (See Mem. in Opp'n to Mot. to Dismiss at 18-22 ("[T]he Second Circuit held that a jury could find that [a buyer of DMV information] failed to exercise reasonable care in releasing the information to the end user. The same rationale controls here. The Commissioners exercised no care in releasing the information . . . .").) In Gordon, the court considered an action against a driver who paid an online private investigation service to find the personal information of another driver based on his license plate number and used the information to harass the driver after a road rage incident. 726 F.3d at 46-48. The harassed driver sued the private investigative company and the company, Softech, that provided the information to the investigator. Id. Softech is a data broker that collects information from various databases for the purpose of reselling such information to consumers (and sometimes law enforcement agencies). Id. at 46. Softech's agreement with the private investigator company stated that the company would use the information in a manner permitted by law. Id. The court rejected the plaintiff's argument that the DPPA made Softech strictly liable for misuses of his information by downstream recipients, but found that the private investigator was not entitled to summary judgment because it provided the information to the harassing driver under the auspices of use for "insurance other," even though that use is only permissible for certain entities, of which the driver was not one. Id. at 50-53. The court furthermore concluded "that the DPPA imposes a duty on resellers to exercise reasonable care in responding to requests for personal information drawn from motor vehicle records." Id. at 53. The court's reasoning operated under the facts in that case - a reseller disclosing to an end-user - which are distinct from those here - a state DPS Database being available to state and county law enforcement employees. Given this difference and the plain language of the statute, the Court declines to read a reasonable duty of care into the statute, particularly with regard to the Commissioner Defendants here.
III. SECTION 1983 CLAIMS
Defendants also move to dismiss the claims against them under 42 U.S.C. § 1983 for alleged violations of Plaintiffs' statutory and constitutional rights. Plaintiffs seek monetary and injunctive relief under Section 1983 for the alleged violations of both their statutory rights under the DPPA and their constitutional right to privacy under the Fourth and Fourteenth Amendments. (Compl. ¶¶ 112, 119.) Defendants make several arguments against these claims: first, that the DPPA is not enforceable via § 1983 because Congress implicitly foreclosed the section's use for vindication of rights under the DPPA; second, that the data and information allegedly misused here are not sufficiently intimate to warrant Fourth Amendment protection; and finally, that even if a constitutional right exists, it was not clearly established at the time of the alleged violation so Defendants are entitled to qualified immunity.
A. Statutory Rights
The Commissioner Defendants argue that Congress, in passing the DPPA, intended to foreclose the use of Section 1983 to enforce statutory rights protected in the Act. Courts are divided on this question. Compare Collier v. Dickinson, 477 F.3d 1306, 1310-11 (11th Cir. 2007) (DPPA did not foreclose enforcement via § 1983); Arrington v. Richardson, 660 F. Supp. 2d 1024, 1037 (N.D. Iowa 2009) ("The court finds that Defendants have not met their burden of proving that Congress has withdrawn § 1983 as a remedy for the violation of a federal right found in the DPPA. Although Arrington's § 1983 claim may be redundant, the court finds she is not barred from pursing the claim in this case." (internal citation omitted)), with Kraege v. Busalacchi, 687 F. Supp. 2d 834, 840 (W.D. Wis. 2009) ("Because the Act has a more restrictive private remedy, I conclude that plaintiffs' § 1983 claim to enforce their rights under the Act is barred."); Roberts v. Source for Pub. Data, 606 F. Supp. 2d 1042, 1046 (W.D. Mo. 2008) ("[T]he DPPA provides for multiple avenues of enforcement. . . . Given this comprehensive remedial scheme, the Court must presume that Congress intended that the enforcement scheme it created in the DPPA would be the exclusive remedy for violations, precluding resort to § 1983 by Plaintiffs.").
However, the Court need not resolve this issue at this time. Because the Court finds that Plaintiffs have failed to state a claim against the Commissioner Defendants under the Act, no statutory right exists against these Defendants upon which to base a Section 1983 cause of action. Cf. Wiles v. Ascom Transp. Sys., Inc., 478 F. App'x 283, 295 (6th Cir. 2012) (concluding plaintiffs failed to state a claim under 42 U.S.C. § 1983 for violation of DPPA statutory rights because "[w]e have already considered Plaintiffs' DPPA claims and found no DPPA violation"). Thus, the Court concludes that Plaintiffs fail to state a claim against the Commissioner Defendants under Section 1983 for violation of the DPPA.
B. Constitutional Rights
In addition to statutory rights, Plaintiffs seek relief under 42 U.S.C. § 1983 for alleged violation of their constitutional right to privacy. The Supreme Court has recognized that the "individual interest in avoiding disclosure of personal matters" may sometimes rise to the level of a constitutional right. See Whalen v. Roe, 429 U.S. 589, 603-04 (1977) (holding New York's requirement of keeping a database of patients prescribed with Schedule II drugs did not amount to an invasion of "any right or liberty protected by the Fourteenth Amendment"). Courts have generally found such a right to privacy in limited circumstances, as "the personal rights found in the guarantee of personal privacy must be limited to those which are 'fundamental' or 'implicit within the concept of ordered liberty.'" Cooksey v. Boyer, 289 F.3d 513, 516 (8th Cir. 2002) (alterations omitted) (quoting Paul v. Davis, 424 U.S. 693, 713 (1976)). Specifically, the Eighth Circuit has limited the scope of such a right:
[W]e hold that to violate Appellant's constitutional right of privacy the information disclosed must be either a shocking degradation or an egregious humiliation of her to further some specific state interest, or a flagrant breech of a pledge of confidentiality which was instrumental in obtaining the personal information.Alexander v. Peffer, 993 F.2d 1348, 1350 (8th Cir. 1993). To determine whether a particular disclosure satisfies this exacting standard, courts should "examine the nature of the material opened to public view to assess whether the person had a legitimate expectation that the information would remain confidential while in the state's possession." Eagle v. Morgan, 88 F.3d 620, 625 (8th Cir. 1996). As the Eighth Circuit noted, "courts have traditionally been reluctant to expand this branch of privacy beyond those categories of data which, by any estimation, must be considered extremely personal." Id. (collecting cases finding right to privacy for shared spousal information, certain financial records, the naked body, medical records, but not criminal records or even false rumors of a crime); see also Cooksey, 289 F.3d at 516 (mayor's disclosure of chief of police's mental health treatment to town board was not "shockingly degrading or egregiously humiliating" so as to amount to a constitutional violation of privacy).
Plaintiffs claim that the information at issue here - address, photograph, date of birth, weight, height, eye color, and driving record - fall into this narrow category of constitutionally protected information. (See Compl. ¶¶ 19-20.) However, Courts have repeatedly found that this type of information - that which is typically available in a motor vehicle record - is not the kind of intimate or extremely personal information that gives rise to constitutional protection. See, e.g., Collier, 477 F.3d at 1308 (no constitutional violation to release personal information provided to state DMV to mass marketers); Wiles, 478 F. App'x at 295 (no constitutional privacy violation for bulk sale of information covered by DPPA); Bass, 2014 WL 683969 at *5 (no reasonable expectation of privacy in driver's license information); Jesson, 2013 WL 5888235 at *4 ("disclosure of Nelson's motor-vehicle records" was not either a "shocking degradation" or an "egregious humiliation"); Lancaster v. City of Pleasanton, Civ. No. 12-05267, 2013 WL 3593852, at *2 (N.D. Cal. July 12, 2013) (information obtained from DMV did not give rise to constitutional violation based on theory of "informational privacy"); Best v. Berard, 837 F. Supp. 2d 933, 938 (N.D. Ill. 2011) (no "constitutionally protected privacy interest" in driver's license number).
Plaintiffs also allege that the records "perhaps" include medical and disability information. (Compl. ¶ 19.) Plaintiffs did not expand upon this speculative allegation in their briefing or at oral argument and, without more, the Court finds that this allegation fails to meet the plausibility standards set out by Iqbal, 556 U.S. at 678 ("A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged."), given that there is no basis for this allegation and Plaintiffs themselves allege it without any certainty.
--------
Plaintiffs argue that the information at issue is constitutionally protected because, in addition to standard drivers' license information, the information includes social security numbers, which they claim fall into this limited category of constitutionally protected information. See In re Crawford, 194 F.3d 954, 958 (9th Cir. 1999) ("[T]he indiscriminate public disclosure of SSNs, especially when accompanied by names and addresses, may implicate the constitutional right to informational privacy." (footnote omitted)); Arakawa v. Sakata, 133 F. Supp. 2d 1223, 1229 (D. Haw. 2001) ("[T]he court concludes that there is a constitutional right to privacy in the information released about Plaintiff in this case, specifically his SSN."). Even if the Court were to accept this argument, Plaintiffs admitted in oral argument that they did not allege in the Complaint that any social security numbers were accessed, so the potential for social security numbers to fall within the scope of constitutionally protected information does not suffice to state a claim for a constitutional privacy violation.
Thus, even if the Commissioner Defendants could be held liable for their oversight activities related to the Database, Plaintiffs fail to allege that the information therein is protected by the Fourth and Fourteenth Amendments, so their claims for monetary and injunctive relief under 42 U.S.C. § 1983 must be dismissed. Because the Court concludes that Plaintiffs do not have a constitutionally protected privacy interest in the information they allege was improperly accessed, the Court need not consider whether, for the purposes of qualified immunity from monetary damages, any constitutional rights were clearly established at the time of the alleged violation. See Pearson v. Callahan, 555 U.S. 223, 236 (2009) ("The judges of the district courts and the courts of appeals should be permitted to exercise their sound discretion in deciding which of the two prongs of the qualified immunity analysis should be addressed first in light of the circumstances in the particular case at hand.").
ORDER
Based on the foregoing, and all the files, records, and proceedings herein, IT IS HEREBY ORDERED that Defendants Michael Campion and Mona Dohman's motion to dismiss [Docket No. 12] is GRANTED. Plaintiffs' claims against Defendants Campion and Dohman are DISMISSED with prejudice. DATED: March 31, 2014
at Minneapolis, Minnesota.
___________________
JOHN R. TUNHEIM
United States District Judge