holding that a well-known local attorney plausibly stated a DPPA claim because of likely connections with law enforcement officers as a result of the attorney's line of workSummary of this case from Karasov v. Caplan Law Firm, P.A.
Civil No. 13–2119 DWF/LIB.
Jonathan A. Strauss, Esq., Lorenz F. Fett, Jr., Esq., Mark H. Zitzewitz, Esq., Sonia L. Miller–Van Oort, Esq., and Kenneth H. Fukuda, Esq., Sapientia Law Group, counsel for Plaintiff. Jon K. Iverson, Esq., Susan M. Tindal, Esq., and Stephanie A. Angolkar, Esq., Iverson, Reuvers Condon, counsel for Defendants City of Baxter, City of Brainerd, City of Crosslake, City of Fridley, City of Little Falls, City of Pine River, City of St. Cloud, City of Staples, and City of Long Prairie. Erin E. Benson, Esq., Margaret A. Skelton, Esq., and Timothy A. Sullivan, Esq., Ratwik, Roszak & Maloney, PA, counsel for Defendants Cass County, Crow Wing County, Morrison County, Scott County, Wright County, and Aitkin County. Toni A. Beitz, Assistant County Attorney, Beth A. Stack, Assistant County Attorney, and Daniel D. Koczor, Assistant County Attorney, Hennepin County Attorney's Office, counsel for Defendant Hennepin County. Timothy S. Skarda, Assistant City Attorney, Minneapolis City Attorney's Office, counsel for Defendant City of Minneapolis. Kimberly R. Parker, Assistant County Attorney, and Robert B. Roche, Assistant County Attorney, Ramsey County Attorney's Office, counsel for Defendant Ramsey County. Leslie E. Beiers, Assistant County Attorney, and Nick D. Campanario, Assistant County Attorney, St. Louis County Attorney's Office, counsel for Defendant St. Louis County. Oliver J. Larson, Assistant Attorney General, Minnesota Attorney General's Office, counsel for Defendants Michael Campion and Ramona Dohman.
Jonathan A. Strauss, Esq., Lorenz F. Fett, Jr., Esq., Mark H. Zitzewitz, Esq., Sonia L. Miller–Van Oort, Esq., and Kenneth H. Fukuda, Esq., Sapientia Law Group, counsel for Plaintiff.
Jon K. Iverson, Esq., Susan M. Tindal, Esq., and Stephanie A. Angolkar, Esq., Iverson, Reuvers Condon, counsel for Defendants City of Baxter, City of Brainerd, City of Crosslake, City of Fridley, City of Little Falls, City of Pine River, City of St. Cloud, City of Staples, and City of Long Prairie.
Erin E. Benson, Esq., Margaret A. Skelton, Esq., and Timothy A. Sullivan, Esq., Ratwik, Roszak & Maloney, PA, counsel for Defendants Cass County, Crow Wing County, Morrison County, Scott County, Wright County, and Aitkin County.
Toni A. Beitz, Assistant County Attorney, Beth A. Stack, Assistant County Attorney, and Daniel D. Koczor, Assistant County Attorney, Hennepin County Attorney's Office, counsel for Defendant Hennepin County.
Timothy S. Skarda, Assistant City Attorney, Minneapolis City Attorney's Office, counsel for Defendant City of Minneapolis.
Kimberly R. Parker, Assistant County Attorney, and Robert B. Roche, Assistant County Attorney, Ramsey County Attorney's Office, counsel for Defendant Ramsey County.
Leslie E. Beiers, Assistant County Attorney, and Nick D. Campanario, Assistant County Attorney, St. Louis County Attorney's Office, counsel for Defendant St. Louis County.
Oliver J. Larson, Assistant Attorney General, Minnesota Attorney General's Office, counsel for Defendants Michael Campion and Ramona Dohman.
MEMORANDUM OPINION AND ORDER
DONOVAN W. FRANK, District Judge.
This matter is before the Court on the following motions: (1) Defendant Hennepin County's (“Hennepin County”) Motion to Dismiss and/or for Summary Judgment and/or to Sever with respect to Plaintiff Brook Mallak's (“Plaintiff”) Complaint relating primarily to violations of the Driver's Privacy Protection Act (“DPPA”) (Doc. No. 19); (2) Defendants City of Baxter, City of Brainerd, City of Crosslake, City of Fridley, City of Little Falls, City of Long Prairie, City of Pine River, City of St. Cloud, and City of Staples's (collectively, “City Defendants”) Motion to Dismiss (Doc. No. 43); (3) Defendants Aitkin County, Cass County, Crow Wing County, Morrison County, Scott County, and Wright County's (collectively, “County Defendants”) Motion to Dismiss and/or for Summary Judgment (Doc. No. 49); (4) Defendant Ramsey County's (“Ramsey County”) Motion to Dismiss or for Severance (Doc. No. 55); and (5) Defendants Commissioner Ramona Dohman and Commissioner Michael Campion's (collectively, “Commissioner Defendants”) Motion to Dismiss (Doc. No. 30). For the reasons set forth below, the Court denies in part and grants in part the motions.
Defendants Tinker & Larson, Inc. and Anoka County are no longer parties to this suit. (Doc. Nos. 80 & 88.)
The Department of Vehicle Services (“DVS”) is a division of the Minnesota Department of Public Safety (“DPS”). (Doc. No. 1, Compl. ¶ 53.) DPS maintains a database that contains the motor-vehicle records for Minnesota Drivers (“DVS Database”), which includes “names, dates of birth, driver's license numbers, addresses, driver's license photos, weights, heights, social security numbers, various health and disability information, and eye colors of Minnesota drivers.” (Id. ¶¶ 53–54.)
Plaintiff is a practicing attorney in Brainerd and Little Falls, Minnesota. (Id. ¶ 44.) Plaintiff alleges she has “well established” and “long-standing ties within the community.” (Id. ¶¶ 45–46, 51.) Plaintiff was a full-time public defender between 2003 and 2008 in Crow Wing and Aitkin Counties, who represented adult criminal defendants, juvenile delinquents, and parties in child welfare matters. (Id. ¶ 48.) Plaintiff has also served on Crow Wing County Drug and DWI Courts and a number of steering committees, has volunteered with high school students, and has taught as an adjunct teacher at Bemidji State University. (Id. ¶ 52.)
Plaintiff requested an audit report from DPS in March 2013, at which time she learned that her driver's license information had been accessed by Minnesota municipal and state personnel approximately 190 times between 2003 and 2012. (Id. ¶¶ 1–2, 55–76, 120–123 & Ex. A.) Plaintiff alleges that she provided the following to DPS: her address, color photograph, social security number, date of birth, weight, height, and eye color. (Id. ¶ 173.) Plaintiff alleges that each of these searches was run by her name, rather than by her license plate number or driver's license number. (Id. ¶ 3.) Plaintiff further alleges that these accesses were done knowingly, and that she had committed no crimes that would have justified any of the accesses identified in her Complaint. (Id. ¶¶ 77–78.) Searches allegedly made by Defendants are summarized as follows:
TOTAL number of accesses
City of Baxter
City of Brainerd
City of Crosslake
Crow Wing County
City of Fridley
City of Little Falls
City of Long Prairie
City of Minneapolis
City of Pine River
City of St. Cloud
St. Louis County
City of Staples
Plaintiff brings her lawsuit against ten Minnesota counties and ten Minnesota cities (including, City Defendants, County Defendants, Hennepin County, Ramsey County and Anoka County). (Id. ¶¶ 12–32.) Plaintiff also brings suit against the following: “Entity Does,” which are various unknown municipalities (id. ¶ 33); Jane and John Does, who are law enforcement supervisors, officers, or employees of municipal entities or other federal, state, county, or municipal entities in Minnesota (in their individual capacities) (id. ¶ 35); Commissioner Michael Campion and Commissioner Ramona Dohman, Commissioners of DPS (in their individual capacities) (id. ¶¶ 38–39); and “DPS Does,” who are officers, supervisors, employees, independent contractors or agents of the Minnesota Department of Public Safety (in their individual capacities) (id. ¶ 42).
With respect to the Commissioner Defendants, Plaintiff alleges that they directed the creation of the DVS Database that includes the driver's license records and also directed its maintenance and updating. (Id. ¶¶ 80–81.) She also alleges that they knowingly directed the provision of access to that database, that they should have known the data was being accessed on multiple occasions, and that any unauthorized access could have been prevented, but was not. (Id. ¶¶ 82–85.) Plaintiff alleges that, as a result, the Commissioner Defendants “knowingly authorized, directed, ratified, approved, acquiesced in, committed or participated in the disclosure of protected data.” (Id. ¶ 86; see also id. ¶¶ 94–95.) Plaintiff alleges that the Commissioners failed to create effective monitoring of the system and did not implement adequate training for the system. (Id. ¶¶ 99–100.) Finally, Plaintiff alleges that the Commissioner Defendants knew of impermissible accesses by law enforcement officers, and knew law enforcement officers were viewing private data contained in the database. (Id. ¶¶ 104–07.)
In her Complaint, Plaintiff asserts the following claims: (1) violation of the DPPA against all Defendants; (2) violation of 42 U.S.C. § 1983 against individual Defendants (excluding supervisors); (3) violation of 42 U.S.C. § 1983 against all City Defendants, County Defendants, Entity Does and supervisors; (4) violation of 42 U.S.C. § 1983 against Commissioner Defendants and DPS Does; (5) violation of 42 U.S.C. § 1983 against Commissioner Dohman and seeking prospective relief; and (6) state law invasion of privacy against all Defendants. (Id. ¶¶ 172–268.) Defendants now move to dismiss based on the statute of limitations, failure to state a claim under the DPPA, failure to state a claim under § 1983, and failure to state a claim for invasion of privacy.
I. Legal Standard
In deciding a motion to dismiss pursuant to Rule 12(b)(6), a court assumes all facts in the complaint to be true and construes all reasonable inferences from those facts in the light most favorable to the complainant. Morton v. Becker, 793 F.2d 185, 187 (8th Cir.1986). In doing so, however, a court need not accept as true wholly conclusory allegations, Hanten v. Sch. Dist. of Riverview Gardens, 183 F.3d 799, 805 (8th Cir.1999), or legal conclusions drawn by the pleader from the facts alleged. Westcott v. City of Omaha, 901 F.2d 1486, 1488 (8th Cir.1990). A court may consider the complaint, matters of public record, orders, materials embraced by the complaint, and exhibits attached to the complaint in deciding a motion to dismiss under Rule 12(b)(6). Porous Media Corp. v. Pall Corp., 186 F.3d 1077, 1079 (8th Cir.1999).
To survive a motion to dismiss, a complaint must contain “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). Although a complaint need not contain “detailed factual allegations,” it must contain facts with enough specificity “to raise a right to relief above the speculative level.” Id. at 555, 127 S.Ct. 1955. As the United States Supreme Court recently reiterated, “[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements,” will not pass muster under Twombly. Ashcroft v. Iqbal, 556 U.S. 662, 663, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (citing Twombly, 550 U.S. at 555, 127 S.Ct. 1955 ). In sum, this standard “calls for enough fact[s] to raise a reasonable expectation that discovery will reveal evidence of [the claim].” Twombly, 550 U.S. at 556, 127 S.Ct. 1955.
II. The DPPA
A. Background and Framework of the DPPA
The DPPA, 18 U.S.C. §§ 2721 –2725, regulates the disclosure of personal information contained in records accessible through state departments of motor vehicles (“DMVs”). Maracich v. Spears, ––– U.S. ––––, 133 S.Ct. 2191, 2195, 186 L.Ed.2d 275 (2013). Congress enacted the DPPA in 1994 to address privacy concerns with respect to personal information contained in motor vehicles records, including concerns relating to threatening or criminal use of that information. See Gordon v. Softech Int'l, Inc., 726 F.3d 42, 45 (2d Cir.2013) (citing congressional record); Senne v. Vill. of Palatine, Ill., 695 F.3d 597, 607 (7th Cir.2012) (same). Under the DPPA, a “State department of motor vehicles, and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity ... personal information ... about any individual obtained by the department in connection with a motor vehicle record” except as allowed under 18 U.S.C. § 2721(b). 18 U.S.C. § 2721(a). It is also unlawful for “any person knowingly to obtain or disclose personal information, from a motor vehicle record, for any use not permitted under section 2721(b) of this title.” 18 U.S.C. § 2722(a).
The DPPA defines “personal information” as “information that identifies an individual,” and includes a person's “photograph, social security number, driver identification number, name, address (but not the 5–digit zip code), telephone number, and medical or disability information....” 18 U.S.C. § 2725(3). “Person” means “an individual, organization or entity, but does not include a State or agency thereof[.]” 18 U.S.C. § 2725(2). The Attorney General can bring a claim against a State department of motor vehicles with a “policy or practice of substantial noncompliance” and can seek civil penalties. 18 U.S.C. § 2723(b).
There are multiple exceptions for which disclosure of driver's license information is permitted. See 18 U.S.C. § 2721(b)(1)-(14) (emphasis added). These exceptions generally relate to various governmental and business purposes, such as “use by any government agency, including any court or law enforcement agency, in carrying out its functions,” as well as provisions relating to the resale and disclosure of information by authorized recipients for permitted purposes. See 18 U.S.C. § 2721(b) & (c). The exceptions are intended to be broadly applied. See Kost v. Hunt, 983 F.Supp.2d 1121, 1133–34, Civ. No. 13–583, 2013 WL 6048921, at *12 (D.Minn. Nov. 15, 2013) (Ericksen, J.).
With respect to remedies, the DPPA provides for:
(1) actual damages, but not less than liquidated damages in the amount of $2,500;
(2) punitive damages upon proof of willful or reckless disregard of the law;
(3) reasonable attorneys' fees and other litigation costs reasonably incurred; and
(4) such other preliminary and equitable relief as the court determines to be appropriate.
18 U.S.C. § 2724(b). The DPPA also allows for criminal fines against an individual who “knowingly violates this chapter[,]” 18 U.S.C. § 2723(a), as well as civil penalties for noncompliance by a “State Department of Motor Vehicles.” 18 U.S.C. § 2723(b).
B. Statute of Limitations
The DPPA does not include a statute of limitations provision. However, the parties agree that the general four-year statute of limitations provided for by 28 U.S.C. § 1658(a) applies in this case. (See, e.g., Doc. No. 41, at 8; Doc. No. 46, at 18.) However, the parties dispute when this four-year period began to run. Plaintiffs argue that the “discovery rule” applies to DPPA claims and that the cause of action does not begin to accrue until the plaintiff has “discovered” it. See Merck & Co. v. Reynolds, 559 U.S. 633, 644, 130 S.Ct. 1784, 176 L.Ed.2d 582 (2010). In this case, application of the discovery rule would mean the clock started running in March 2013 when Plaintiff requested and received an audit report from DPS and, at that time, discovered that her records had been accessed. (Compl. ¶¶ 120–23.) Defendants argue that the “standard rule” applies. (See, e.g., Doc. No. 22, at 12–13.) Under the standard rule, “a claim accrues when the plaintiff has a complete and present cause of action.” Gabelli v. S.E.C., ––– U.S. ––––, 133 S.Ct. 1216, 1220, 185 L.Ed.2d 297 (2013) (internal quotations and citations omitted). In this case, under the standard rule, the clock would have started running at the time the records were actually accessed. See id. As noted in Rasmusson v. Chisago County, neither the Supreme Court nor the Eighth Circuit has addressed the issue of whether the discovery or standard rule should apply in DPPA cases. Rasmusson v. Chisago Cnty., 991 F.Supp.2d 1065, 1079–80, Civ. No. 12–632, 2014 WL 107067, at *11 (D.Minn. Jan. 10, 2014) (Nelson, J.). However, a number of district courts in this circuit and other circuits have held that the standard rule applies in DPPA cases, and therefore a cause of action accrues at the time information is improperly accessed. Id. at 1080–83, 2014 WL 107067 at *12–14 (holding that a DPPA cause of action accrues at the time of an improper access of information and that the discovery rule does not apply); see also Potocnik v. Anoka Cnty., Civ. No. 13–1103, 2014 WL 683980, at *2 (D.Minn. Feb. 21, 2014) (Doty, J.) (holding that the standard rule applies to claims under the DPPA); McDonough v. Al's Auto Sales, Inc., Civ. No. 13–1889, 2014 WL 683998, at *2 (D.Minn. Feb. 21, 2014) (Doty, J.) (same); Bass v. Anoka Cnty., 998 F.Supp.2d 813, 819–20, Civ. No. 13–860, 2014 WL 683969, at *2 (D.Minn. Feb. 21, 2014) (Doty, J.) (same); Kost, 983 F.Supp.2d at 1126–29, 2013 WL 6048921, at *5–8 (same); Smythe v. City of Onamia, Civ. No. 12–3149, 2013 WL 2443849, at *6 n. 3 (D.Minn. June 5, 2013) (Montgomery, J.) (excluding an instance of record retrieval as “well outside the statute of limitations” based on a four-year limit); see also, e.g., Haney v. Recall Ctr., 282 F.R.D. 436, 438 (W.D.Ark.2012) (redefining the DPPA-related class to exclude class members whose lookups occurred more than four years prior to the date of filing); Roberts v. Source for Pub. Data, Civ. No. 08–4167, 2009 WL 3837502, at *7 (W.D.Mo. Nov. 17, 2009) (excluding class members whose suits would be barred by the four-year statute of limitations); Hurst v. State Farm Mut. Auto. Ins. Co., Civ. No. 10–1001, 2012 WL 426018, at *9 (D.Del. Feb. 9, 2012) (stating that the four-year statute of limitations applies to DPPA cases).
Moreover, in so holding, decisions in this district have thoroughly analyzed the relevant case law, the text and structure of the relevant statute of limitations, the nature of DPPA claims, and legislative history in coming to their decisions. See, e.g., Rasmusson, 991 F.Supp.2d at 1079–83, 2014 WL 107067, at *11–14 (holding that the standard rule applies in light of case precedent, the text and structure of § 1658, and the nature of the substantive area covered by the DPPA); see also Kost, 983 F.Supp.2d at 1126–30, 2013 WL 6048921, at *5–9 (same). The Court finds these cases to be persuasive and adopts their analyses. The Court additionally addresses two issues brought by Plaintiff below.
Plaintiff argues that where a statute is silent as to whether the discovery or standard rule applies, courts apply the discovery rule. (See Doc. No. 41, at 8.) However, the discovery rule does not apply automatically. See Gabelli, 133 S.Ct. at 1220–21 (the discovery rule is an exception that is standard in fraud cases); Gross v. Max, 906 F.Supp.2d 802, 810–11 (N.D.Ind.2012) (for § 1658 and other federal statutes: “the discovery rule does not automatically apply to every federal statute”; “whether the discovery rule applies in any given case depends on the particular language of the statute of limitations at issue and the type of injury the plaintiff has suffered”; and “some types of injuries—fraud, concealment, latent disease, and medical malpractice—simply ‘cry out’ for the application of the discovery rule.”); TRW Inc. v. Andrews, 534 U.S. 19, 20, 122 S.Ct. 441, 151 L.Ed.2d 339 (2001) ( “[E]quity tolls the statute of limitations in cases of fraud or concealment, but does not establish a general presumption across all contexts.”); Kost, 983 F.Supp.2d at 1127, 2013 WL 6048921, at *6 (“Gabelli should be read as seriously undermining, if not rendering obsolete, earlier statements by the lower courts that the discovery rule operates as a default” and holding the discovery rule does not apply for DPPA claims).
In Rasmusson, the court held that in the case of DPPA claims, the structure and text of § 1658 show that Congress implicitly excluded the discovery rule, and thus any presumption that the discovery rule applies fails. Rasmusson, 991 F.Supp.2d at 1080–81, 2014 WL 107067, at *12–13. Specifically, § 1658 includes a section with a general statute of limitations and a section that references the discovery rule for claims involving only “fraud, deceit, manipulation, or contrivance in contravention of a regulatory requirement.” Id. This demonstrates Congress's implied intent to exclude the discovery rule for claims under the general statute of limitations provision. Id.; see also TRW, 534 U.S. at 27–28, 122 S.Ct. 441 (holding that Congress implicitly excluded a general discovery rule for the Fair Credit Reporting Act, which has a two-year limitations period and also includes an exception to apply the discovery rule where “a defendant has materially and willfully misrepresented any information.”). Moreover, § 1658's provision relating to the discovery rule was added in 2002 without any changes to the rest of the statute, which also supports the view that Congress considered the discovery rule and chose not to include it in the subsection for general claims. Rasmusson, 991 F.Supp.2d at 1081–82, 2014 WL 107067, at *13.
Plaintiff argues that 28 U.S.C. § 1658 does not implicitly exclude the discovery rule because it includes the term “accrues,” which Plaintiff contends is the same as silence on the issue of the discovery rule. (See, e.g., Doc. No. 41, at 12–13.) The Court disagrees. The Supreme Court has expressly held that “in common parlance a right accrues when it comes into existence.” U.S. v. Lindsay, 346 U.S. 568, 569, 74 S.Ct. 287, 98 L.Ed. 300 (1954) ; see also Gabelli, 133 S.Ct. at 1220 (citing Lindsay, 346 U.S. at 569, 74 S.Ct. 287 ) (construing “accrue” with respect to claims under the residential Lead–Based Paint Hazard Reduction Act to mean when a right comes into existence); Black's Law Dictionary (7th ed.) (“accrue” means “[t]o come into existence as an enforceable claim or right; to arise”). Thus, “accrues” is not silent, as Plaintiff contends, but instead indicates the use of the standard rule.
See supra note 3 (regarding § 1658's implicit exclusion of the discovery rule).
Plaintiff also argues that this is the type of case that compels application of the discovery rule in the interest of fairness. However, this case is not a case that “cries out” for the discovery rule, such as a case relating to fraud, concealment, latent injury, or certain medical malpractice scenarios. See Gabelli, 133 S.Ct. at 1217 (the discovery rule applies “where a defendant's deceptive conduct may prevent a plaintiff from even knowing that he or she has been defrauded”) (emphasis in original); Gross, 906 F.Supp.2d at 810–11 (the discovery rule can be applicable where the injury is “unknown and inherently unknowable,” such as in the medical malpractice or product liability context; the injury is not just difficult to discover, but is “nearly impossible” to discover).
Here, while Plaintiff alleges that Defendants exercised “secrecy” and that Plaintiff could not have known about her injury, this is the extent of Plaintiff's allegations. These allegations do not constitute specific facts regarding fraud, concealment or latent injury and do not rise to the level of being “inherently unknowable.” See, e.g., Rasmusson, 991 F.Supp.2d at 1081–82, 2014 WL 107067, at *13 (no deceptive conduct or concealment was alleged). Here, Plaintiff could have contacted DVS at any time, and thus could have learned of any lookups of her driver's license information. If the information regarding the lookups can be accessed at any time, it is incapable of being concealed or “secret.” Merely being unknown is insufficient, the information must also be unknowable. Gross, 906 F.Supp.2d at 810–11. While it is not necessarily easy or “fair” for Plaintiff to have to inquire as to Defendants' accesses of her records, the fact remains that Plaintiff was capable of obtaining that information and of knowing of her alleged injury.
Considering the DPPA-related cases that have declined to apply the discovery rule, their detailed reasoning, and the additional reasons set forth above, the Court agrees that the standard rule applies to the statute of limitations in the context of DPPA cases. As a result, claims related to accesses before August 5, 2009, are properly dismissed as follows:
1. Plaintiff's DPPA claim against Hennepin County for the single lookup in 2006.
2. Plaintiff's DPPA claim against Ramsey County for the single lookup in 2006.
3. Twenty-five of the forty-two alleged accesses by City Defendants Baxter, Brainerd, Crosslake, Fridley, Little Falls, Long Prairie, Pine River, St. Cloud, and Staples, specifically:
a. Baxter (2 lookups);
b. Brainerd (3 lookups);
c. Crosslake (2 lookups) (this constitutes all lookups by this Defendant, and therefore Plaintiff's DPPA claim against the City of Crosslake is dismissed in its entirety);
d. Fridley (1 lookup);
e. Little Falls (15 lookups);
f. Long Prairie (1 lookup) (this constitutes all lookups by this Defendant, and therefore Plaintiff's DPPA claim against the City of Long Prairie is dismissed in its entirety); and
g. Pine River (1 lookup) (this constitutes all lookups by this Defendant, and therefore Plaintiff's DPPA claim against the City of Pine River is dismissed in its entirety).
4. Fifty-two of the 100 alleged accesses by County Defendants Aitkin, Cass, Crow Wing, Scott, and Wright, specifically:
a. Aitkin (2 lookups);
b. Cass (1 lookup);
c. Crow Wing (42 lookups); and
d. Scott (7 lookups) (this constitutes all lookups by this Defendant, and therefore Plaintiff's DPPA claim against Scott County is dismissed in its entirety).
C. DPPA Claims Generally
To state a claim under the DPPA, a plaintiff must allege that: (1) a defendant knowingly obtained, disclosed or used personal information; (2) from a motor vehicle record; (3) for a purpose not permitted. 18 U.S.C. § 2724(a) ; Taylor v. Acxiom Corp., 612 F.3d 325, 335 (5th Cir.2010). It is the plaintiff's burden to prove these three elements. Smythe, 2013 WL 2443849, at *4 (citing rulings from the Eleventh, Fourth, and Ninth Circuits on this issue).
Defendants argue that Plaintiff has failed to state claims under the DPPA because Plaintiff has only alleged that the driver's license data was “viewed,” which fails to constitute a violation under the statute. Specifically, Defendants argue that “accessing” or “viewing” information does not constitute “obtaining,” “disclosing,” or “using” information as required under the DPPA. Plaintiff argues that any release of driver's license record information that is not for a “permissible purpose” provides a valid basis for a claim.First, as other courts have done, this Court looks to the definition of the term “obtain.” As noted in Kost, the dictionary definition of the term “obtain” reflects a process of acquisition or possession. 983 F.Supp.2d at 1131, 2013 WL 6048921, at *10 (citing Merriam–Webster's Collegiate Dictionary (10th ed.2001) (“to gain or attain”), and Shorter Oxford English Dictionary (6th ed.2007) (“come into the possession or enjoyment of; secure or gain as the result of request or effort, acquire, get”)). Based on these definitions, what actually qualifies as “obtaining” depends on the specific circumstances and allegations involved. See Kost, 983 F.Supp.2d at 1131, 2013 WL 6048921, at *10 (discussing instances where data could be considered “obtained”). Thus, whether an individual “obtained” information involves a fact-specific analysis.
Each Defendant incorporates the arguments of all other Defendants; therefore the Court will address each argument with respect to all Defendants.
Additionally, based on these definitions and the nature of the data at issue, physical possession is not required for “obtainment.” As stated by another court in this district, “information itself is not tangible so the Court sees no reason why its possession or acquisition would need to be.” Nelson v. Jesson, Civ. No. 13–340, 2013 WL 5888235, at *2 (D.Minn. Nov. 1, 2013). For example, in the case of a driver's record, a person could view an address or social security number, remember that information, and then use that information for the very purposes the DPPA seeks to address, such as stalking or identity theft. In such a case, the data would not have been printed or written down, but would have been obtained. By viewing an address or other information someone “could use or transmit [the information] to others, even though he did not possess the information in any physical sense. This potential for misuse or dissemination of personal information is precisely what the statute intends to constrain.” Id. at *3. Even considering the City Defendants' claims that a deprivation must occur to meet the statutory elements of a DPPA claim, here, the viewing of otherwise private data does “deprive” an individual of, or cause the individual to “part with,” his or her information and the privacy of that information—privacy the individual would have expected and can never have back.
The cases and similar statutes cited by Defendants on this issue do not conflict with this view of “obtaining.” For example, Ramsey County claims that if Congress had wanted to create liability for “accessing” or “viewing” data, it could have done so explicitly, as it did in the areas of cybercrime, child pornography, and income tax return privacy. (Doc. No. 57, at 12) (citing 18 U.S.C. § 2252A(a)(5)(a) (which makes it a crime to knowingly access with intent to view child pornography), and 26 U.S.C. § 7431(a)(1) and (2) (which create a civil cause of action against one who inspects or discloses tax return information)).
Moreover, Congress's failure to define “obtain” does not render the term ambiguous under Gregory. Gregory v. Ashcroft, 501 U.S. 452, 460–64, 111 S.Ct. 2395, 115 L.Ed.2d 410 (1991) (holding that courts should assess ambiguities by examining whether Congress made it “unmistakably clear in the language of the statute” what interpretation was intended). The DPPA can be understood by examination of its ordinary meaning and by applying common sense. A common sense understanding of the type of data at issue in DPPA cases is that once the information is viewed, it may be “possessed” or “obtained.” The Court is not “reading into a statute provisions that do not exist” as argued by the Defendants, but instead is giving the term “obtain” (which is included in the statute) its ordinary meaning.See, e.g., Nelson, 2013 WL 5888235, at *2–3.
Defendants warn that Plaintiff's interpretation “of the DPPA would make a federal case out of the most passive ways that a pervasive state-created database is accessed” and would impede the broad or “unfettered access” the DPPA was designed to ensure. (See, e.g., Doc. No. 46, at 6.) However, the final element of a claim under the DPPA—that an action be “for a purpose not permitted”—necessarily prevents such a result. Thus, the requirement of a “permitted purpose” for lawful access does not impede Defendants' otherwise broad access to DVS Databases. Searches and views of information by law enforcement officials are generally permitted and are not restricted; where accesses occur within the scope of the fourteen, statutory, permissible uses, such accesses are not likely to be challenged. 18 U.S.C. § 2721(b).
Given this limiting language—that access be for “a purpose not permitted”—the Court agrees with Defendants and other courts in this district that to state a claim under the DPPA, a plaintiff must allege that the information was obtained “for a purpose not permitted.” See, e.g., Smythe, 2013 WL 2443849, at *6 (holding that even though simply retrieving records may be a violation, it must be without a permitted purpose); Kost, 983 F.Supp.2d at 1133, 2013 WL 6048921, at *11 (“The plain language of the [statute] ... makes it clear that the personal information must be knowingly obtained ‘for a purpose not permitted.’ ”); Kiminski v. Hunt, Civ. No. 13–185, 2013 WL 6872425, at *6 (D.Minn. Sept. 20, 2013) (Ericksen, J.). This is also consistent with the Eighth Circuit's determination that, with respect to the DPPA, “[t]he proper focus for courts is not the manner in which the information was acquired, but the use to which it is eventually put.” Cook v. ACS State & Local Solutions, Inc., 663 F.3d 989, 994 (8th Cir.2011). In so holding, the Eighth Circuit declined to establish a temporal limit regarding “stockpiled” DPPA data (thereby focusing on manner of acquisition) and instead affirmed that the focus of a DPPA claim is whether the information was obtained for a permissible purpose. Id. at 995.
Plaintiff will also have to show that those who accessed her data did so for an impermissible purpose. See Kiminski, 2013 WL 6872425, at *6. Here, Plaintiff's allegations sufficiently address all elements of her claims. See infra Section II.D.
Thus, whether Defendants' accesses of Plaintiff's driver's license record in this case supports a valid DPPA claim depends on the specific allegations in the Complaint and whether the information was obtained for a permitted purpose.
This view of the DPPA does not displace Minnesota law with respect to driver's license information. The Supreme Court has already determined that the DPPA is constitutional. Reno v. Condon, 528 U.S. 141, 120 S.Ct. 666, 145 L.Ed.2d 587 (2000). Additionally, the rule of lenity does not apply because the DPPA is not criminal and no “grievous ambiguity” exists. See Maracich, 133 S.Ct. at 2209.
These Defendants include Entity Does and Jane and John Does.
In light of the Court's analysis above relating to “obtaining” and “permitted purposes,” the Court now examines whether Plaintiff has adequately stated a claim against the City and County Defendants (the Court addresses the Commissioners separately, below) under the DPPA. Plaintiff alleges that a number of people “impermissibly accessed [her] Private Data.” (Compl. ¶¶ 56–76.) Plaintiff attaches a chart showing approximately 190 accesses between the years 2003 and 2012 by various Defendants. (Id. ¶ 3, Ex. A.) The chart shows the location of each lookup, identified by “County name Sheriff,” and the exact time and date of each lookup. This sufficiently alleges that Plaintiff's information was knowingly obtained per the Court's analysis above.
As discussed above, the DPPA claims against Hennepin County, Ramsey County, and certain other City and County Defendants are properly dismissed on statute of limitations grounds.
Plaintiff further alleges that in each of these instances, her driver's license information was obtained based on searches “made by name, not license plate number.” (Id. ¶ 3.) Again, she alleges approximately 190 accesses. (Id. ¶ 3, Ex. A.) She also alleges that misuse of state databases has been established by a state report and hearing, and various magazine articles. (Id. ¶¶ 141–44, 162.) She alleges that she had not committed any crimes that would have otherwise potentially justified such accesses. (Id. ¶ 78.) Additionally, Plaintiff alleges that she is a well-known attorney in her area with strong ties to the community. (Id. ¶¶ 44–52.) Finally, the detailed audit reveals searches for Plaintiff's information conducted at about three and four o'clock in the morning. (See id. ¶¶ 3, 78 & Ex. A.) At this stage, these facts taken together sufficiently state a plausible claim that Plaintiff's records were not accessed for a “permitted” purpose. In sum, Plaintiff puts forth sufficient allegations, when considered cumulatively, to “raise a reasonable expectation that discovery will reveal evidence of [a DPPA claim].” Twombly, 550 U.S. at 556, 127 S.Ct. 1955.
These facts distinguish this case from other cases in this district. For example, the court in Kost found that Plaintiff had not adequately stated a claim against one Defendant because Plaintiff alleged no facts “that make an improper purpose for access plausible.” Kost, 983 F.Supp.2d at 1135, 2013 WL 6048921, at *14 (emphasis added). But, in that case, the plaintiff's information was searched by driver's license number; a search by driver's license number (as opposed to a search by name) reasonably implicates a number of legitimate law enforcement concerns. (See Kost v. Hunt, Civ. No. 13–583, Doc. Nos. 1 & 9; see also Doc. No. 69, at 19.) In Kost, the Court also considered allegations that the searches might have been driven by publicity, but found that the timeline of events made such an allegation implausible. See Kost, 983 F.Supp.2d at 1135–36, 2013 WL 6048921, at *14. There are no similar dispositive facts in this case.
The fact that the Court in Smythe focused on the detailed history between the plaintiff and the individual who accessed her records does not change this result. See Smythe, 2013 WL 2443849, at *6–7. Here, the Court finds that Plaintiff has pled sufficient facts to state a DPPA claim.
Moreover, Plaintiffs in other cases in this district have only generally alleged that the defendants' activities failed to fall within permitted exceptions and that the sheer number of accesses created a reasonable inference of a violation. See, e.g., Potocnik, 2014 WL 683980, at *3. This Court agrees that access-volume alone is not enough. Here, however, Plaintiff alleges more than these other cases; thus, the Court finds that Plaintiff has adequately stated a claim. Thus, Plaintiff has sufficiently stated a claim against the remaining City and County Defendants for alleged violations of the DPPA. Plaintiff's allegations amount to more than a merely conclusory statement that those Defendants conducted an “impermissible” search. While the allegations are certainly sparse, narrowly drawn discovery should be allowed to address this issue. The Court finds that, at this early stage, dismissal would be premature.
Consequently, the Court finds that this case is distinguishable from Mitchell v. Aitkin Cnty., Civ. No. 13–2167, 2014 WL 835129 (D.Minn. Feb. 27, 2014). Specifically, the Court finds the facts presented by Plaintiff sufficiently establish a plausible inference or reflect an “outward manifestation” of an impermissible purpose to state a claim at this early stage. This finding requires neither an inference as to “what went on in a particular officer's mind” nor an impermissible burden shift to defendants in DPPA cases. See id. at *5–9.
E. DPPA and Damages
Defendants argue that Plaintiff's claims should be dismissed because Plaintiff has failed to allege any “actual damages” per the DPPA which reads: “The court may award—(1) actual damages, but not less than liquidated damages in the amount of $2,500....” 18 U.S.C. § 2724(b). As articulated in Kost, the DPPA does not require a showing of entitlement to actual or liquidated damages as a prerequisite to state a valid claim upon which relief can be granted. Also, the DPPA's remedies provision includes a number of potential remedies that are discretionary for the court (“the court may award”), and a plaintiff can later choose which damages she seeks to prove at trial. Kost, 983 F.Supp.2d at 1130–32, 2013 WL 6048921, at *9–10. Thus, at this stage, dismissal based on failure to plead actual damages is both premature and inappropriate. The Court declines to dismiss the DPPA claims on this basis at this time.
III. § 1983 Claims
A § 1983 claim imposes liability on anyone who, under color of state law, deprives a person of rights secured by either the Constitution or federal laws. 42 U.S.C. § 1983 ; West v. Atkins, 487 U.S. 42, 48, 108 S.Ct. 2250, 101 L.Ed.2d 40 (1988). While it is well-settled that § 1983 provides a remedy for violations of statutory as well as constitutional rights, § 1983 does not provide a remedy for all federal laws, but only for federally protected rights. Blessing v. Freestone, 520 U.S. 329, 340, 117 S.Ct. 1353, 137 L.Ed.2d 569 (1997) (citations omitted). Section 1983 is not itself a source of substantive rights, but is the procedural vehicle through which to vindicate federal rights elsewhere conferred. Albright v. Oliver, 510 U.S. 266, 271, 114 S.Ct. 807, 127 L.Ed.2d 114 (1994).
A. Statutory Claims Based on the DPPA
Congressional establishment of a comprehensive remedial scheme forecloses use of § 1983 as a remedy for violation of federal statutes. Alsbrook v. City of Maumelle, 184 F.3d 999, 1011 (8th Cir.1999) (citations omitted). Further, there is a presumption that “Congress intended that the enforcement mechanism provided in the statute be exclusive.” Id. Courts have so held with respect to a number of different federal statutory schemes. See, e.g., id. (holding that the ADA's comprehensive remedial scheme bars a § 1983 claim); DeYoung v. Patten, 898 F.2d 628, 634–35 (8th Cir.1990) (same with respect to the Federal Communications Act).
Courts apply a two-step process to determine whether a claim under § 1983 is available. Blessing, 520 U.S. at 340–41, 117 S.Ct. 1353. The first step requires a plaintiff to establish that a statutory scheme creates specifically articulable individual rights. Id. at 340, 117 S.Ct. 1353. Second, even if a federally protected right has been established, this is merely a rebuttable presumption; a defendant can then show that Congress has specifically foreclosed such a remedy, either explicitly in the statute or implicitly, “by creating a comprehensive enforcement scheme that is incompatible with individual enforcement under § 1983.” Id. at 341, 117 S.Ct. 1353.
Plaintiff first argues that the DPPA itself confers rights separately enforceable under § 1983. Plaintiff relies primarily on Collier v. Dickinson, in which the Eleventh Circuit held that the DPPA creates a statutory right to privacy enforceable under § 1983. 477 F.3d 1306, 1311 (11th Cir.2007). Plaintiff further argues that there is no conflict between the DPPA and a § 1983 claim because Plaintiff is “merely pursuing an alternative form of relief.” The Court disagrees.
These issues have been addressed in a number of decisions in this district, as well as in other district courts. Various courts have held that, irrespective of whether a plaintiff is able to demonstrate that the DPPA confers a federally protected right in accordance with the “Blessing test,” Congress intended to create a comprehensive enforcement scheme through the DPPA and to thereby preclude a remedy under § 1983. See, e.g., Rasmusson, 991 F.Supp.2d at 1072–74, 2014 WL 107067, at *4–6 (holding that the comprehensive nature of the DPPA's remedial scheme, along with an analysis of various circuit court decisions, “indicate Congress's intent to foreclose a remedy under § 1983 ” and dismissing the plaintiff's § 1983 claim based on an underlying DPPA violation as a result); Nelson, 2013 WL 5888235, at *5–7 (holding that the “DPPA's remedial scheme, which is both comprehensive and more restrictive than § 1983, expresses Congress's intent to preclude other means of enforcement” and dismissing the plaintiff's § 1983 claim based on an underlying DPPA violation as a result); Kiminski, 2013 WL 6872425, at *10–14 (same); Bass, 998 F.Supp.2d at 823–24, 2014 WL 683969, at *6–7 (same and citing Kiminski ); Roberts v. Source for Pub. Data, 606 F.Supp.2d 1042, 1046 (W.D.Mo.2008) (same); Kraege v. Busalacchi, 687 F.Supp.2d 834, 840–41 (W.D.Wis.2009) (same). Here too, the Court adopts the reasoning of Rasmusson and Kiminski on these issues.
In rendering their decisions, courts in this district have also considered the City of Rancho Palos Verdes, Cal. v. Abrams, 544 U.S. 113, 125 S.Ct. 1453, 161 L.Ed.2d 316 (2005), which held that a statute that includes “an express, private means of redress” ordinarily indicates “that Congress did not intend to leave open a more expansive remedy under § 1983.” See, e.g., Kiminski, 2013 WL 6872425, at *12 (quoting Rancho Palos Verdes, 544 U.S. at 121, 125 S.Ct. 1453 ). Courts in this district have also determined that the DPPA provides a more restrictive private cause of action than that permitted by § 1983, given the available remedies, relevant limitation periods, and potential defendants for claims asserted under each statute. See, e.g., Kiminski, 2013 WL 6872425, at *12–14 (comparing the remedies provided under 18 U.S.C. § 2724(b) and 18 U.S.C. § 2723 in light of Rancho Palos Verdes ). The courts in this district have thus determined that the DPPA “does not leave open the door for a § 1983 action.” See id. at *12.
Courts have allowed redress under § 1983 where the statutes at issue failed to provide an adequate private remedy through which aggrieved parties could seek redress. See Rancho Palos Verdes, 544 U.S. at 121–22, 125 S.Ct. 1453 (citing Blessing, 520 U.S. at 348, 117 S.Ct. 1353 (finding a § 1983 claim was available because Title IV–D contains “no private remedy—either judicial or administrative—through which aggrieved persons can seek redress”); Livadas v. Bradshaw, 512 U.S. 107, 133–34, 114 S.Ct. 2068, 129 L.Ed.2d 93 (1994) (there was a “complete absence of provision for relief from governmental interference” in the statute); Golden State Transit Corp. v. Los Angeles, 493 U.S. 103, 108–09, 110 S.Ct. 444, 107 L.Ed.2d 420 (1989) (“There is ... no comprehensive enforcement scheme for preventing state interference with federally protected labor rights that would foreclose the § 1983 remedy”); Wilder v. Va. Hosp. Assn., 496 U.S. 498, 521, 110 S.Ct. 2510, 110 L.Ed.2d 455 (1990) (the statute “contains no ... provision for private judicial or administrative enforcement”); Wright v. Roanoke Redev. & Hous. Auth., 479 U.S. 418, 427, 107 S.Ct. 766, 93 L.Ed.2d 781 (1987) (same); accord Middlesex Cnty. Sewerage Auth. v. Nat'l Sea Clammers Ass'n., 453 U.S. 1, 19–20, 101 S.Ct. 2615, 69 L.Ed.2d 435 (1981) (finding a § 1983 remedy unavailable because the statute provided a private remedy and was more restrictive); Smith v. Robinson, 468 U.S. 992, 1012, 104 S.Ct. 3457, 82 L.Ed.2d 746 (1984) (same)).
A DPPA claim is subject to a four-year statute of limitations, but the parties agree that a § 1983 claim in this case would be subject to a six-year statute of limitations. (See, e.g., Doc. No. 22, at 21; Doc. No. 41, at 17.)
The DPPA expressly excludes civil suits against states and state agencies (except a narrow set of remedies brought by the Attorney General against the State Department of Motor Vehicles).
Courts in this district have also distinguished the case heavily relied upon by Plaintiff—Collier. See, e.g., Rasmusson, 991 F.Supp.2d at 1073–74, 2014 WL 107067, at *5–6 (holding that Collier and a similar case failed to address the DPPA's restrictive remedy and restrictive statute of limitations and declining to apply those cases).
Thus, this Court agrees that the DPPA is a comprehensive remedial scheme that precludes a DPPA-based claim under § 1983, and the Court dismisses Plaintiff's § 1983 claims based on an underlying DPPA violation.
B. Constitutional Claims
Plaintiff also brings a claim under § 1983 on the ground that the access of her driver's record violates her constitutional right to privacy. Certain private information is entitled to constitutional protection; however, “not every disclosure of personal information will implicate the constitutional right to privacy.” Cooksey v. Boyer, 289 F.3d 513, 515–16 (8th Cir.2002). “[T]o violate the constitutional right of privacy the information disclosed must either be a shocking degradation or an egregious humiliation ..., or a flagrant breach of a pledge of confidentiality which was instrumental in obtaining the personal information.” Id. at 516 (internal citations and quotations omitted). Courts also “examine the nature of the material opened to public view to assess whether the person had a legitimate expectation that the information would remain confidential while in the state's possession.” Eagle v. Morgan, 88 F.3d 620, 625 (8th Cir.1996) ; see also Cooksey, 289 F.3d at 516.
Plaintiff alleges that Defendants violated her right to privacy under the Fourth and Fourteenth Amendments. “Similar to the Fourteenth Amendment standards, a search occurs under the Fourth Amendment when the government violates a subjective expectation of privacy that society recognizes as reasonable.” Rasmusson, 991 F.Supp.2d at 1075, 2014 WL 107067, at *6 (quotations and citations omitted). Because the Court finds no reasonable expectation of privacy in the type of data at issue in this case, the Court analyzes violations under both Amendments together in this section.
First, Plaintiff argues that, according to the Supreme Court's recent decision in Maracich, a right to privacy exists with respect to Plaintiff's private personal information found in her driver's record. However, neither Maracich nor any other case is so clear on this issue. Maracich did not directly address the issue of whether a constitutional right to privacy in driver's license records exists, but instead addressed whether an attorney's solicitation of clients constitutes a “permissible purpose” under the DPPA. Maracich, 133 S.Ct. at 2195–96. While the Supreme Court recognized the importance of the information available through motor vehicle databases, it did not hold that this information is constitutionally protected; Maracich is therefore not controlling here. See id.
Second, Plaintiff alleges that the information at issue includes a person's “address, color photograph, date of birth, weight, height and eye color, and in some instances, [his or her] medical and/or disability information.” (Compl. ¶ 67 (emphasis added).) No case has yet found that a constitutional right to privacy exists under the Fourth or Fourteenth Amendment for the type of information typically found in driver's licenses and protected by the DPPA (address, color photograph, date of birth, weight, height, and eye color). Condon v. Reno, 155 F.3d 453, 464 (4th Cir.1998)rev'd on other grounds by Reno v. Condon, 528 U.S. 141, 120 S.Ct. 666, 145 L.Ed.2d 587 (2000) (“Of particular importance here, neither the Supreme Court nor this Court has ever found a constitutional right to privacy with respect to the type of information found in motor vehicle records.”); Pryor v. Reno, 171 F.3d 1281 (11th Cir.1999)rev'd on other grounds by Reno v. Pryor, 528 U.S. 1111, 120 S.Ct. 929, 145 L.Ed.2d 807 (2000). Courts in this district have agreed. See, e.g., Rasmusson, 991 F.Supp.2d at 1074, 2014 WL 107067, at *6 ; Kiminski, 2013 WL 6872425, at *14 ; McDonough, 2014 WL 683998, at *4–6. Certainly, that this information is readily and regularly disclosed anywhere one presents a driver's license shows there is no reasonable expectation of privacy in such information. See, e.g., Kiminski, 2013 WL 6872425, at *14. The Court adopts the reasoning of the courts in this district in that regard. See id.
Plaintiff focuses her argument on the fact that the above-mentioned cases “failed to acknowledge more is contained in a motor vehicle record than just one's address, height, weight, and photograph” (Doc. No. 41, at 20); Plaintiff maintains that social security numbers (“SSNs”) and other sensitive health records have long been established to be “intimate personal information” that are constitutionally protected. The Court disagrees.
The Court notes that it is not even clear whether Plaintiff has adequately alleged access of her SSN as she alleges that she provided her SSN to DPS, but never alleges it was accessed or viewed. However, even giving Plaintiff the benefit of the doubt on this issue, the Court still finds Plaintiff has not stated a claim based on a constitutional right to privacy in her SSN here.
The question of whether there is a constitutional right to privacy in SSNs is unsettled, and has not been resolved by the Eighth Circuit. Some courts have held that disclosure of SSNs without permission violates the constitutional right of privacy. See Arakawa v. Sakata, 133 F.Supp.2d 1223, 1229 (D.Hawai'i 2001) (considering “the voluminous and largely ambiguous case law on the subject” of privacy rights in confidential information and concluding that the public disclosure of motorists' social security numbers violated constitutional privacy rights). Other courts have roundly rejected the contention that there is such a constitutional right to privacy. Cassano v. Carb, 436 F.3d 74, 75 (2d Cir.2006) (holding that “the Constitution does not provide a right to privacy in one's SSN”); McElrath v. Califano, 615 F.2d 434, 441 (7th Cir.1980) (holding that disclosure of social security number as a condition of eligibility for government financial assistance did not violate plaintiff's right to privacy) (citations omitted). And, while these courts have primarily only addressed the release of social security numbers to official agencies (rather than individuals acting outside of their official capacity or actions by the general public), this issue has still not been decided in the affirmative by the Eighth Circuit. It is not in dispute that a person has a privacy interest in avoiding the public disclosure of personal matters, and that SSNs are recognized as sensitive and highly confidential. See In re Crawford, 194 F.3d 954, 958 (9th Cir.1999) ; see generally Doyle v. Wilson, 529 F.Supp. 1343, 1348 (D.Del.1982). Even so, a privacy interest and a sensitive or highly confidential designation are not the same as having a constitutional right to privacy. The Court concludes that Plaintiff has not stated a claim based on a constitutional right to privacy in this information.
With respect to the medical information that Plaintiff alleges is included in driver's license records, such information may be protected in some instances, but is not always protected. See Cooksey, 289 F.3d at 517. Here, however, Plaintiff does not allege that her driver's record includes medical records, and does not allege that her medical information was accessed. As a result, without deciding the issue of whether medical records are constitutionally protected, the Court holds that Plaintiff has failed to state a claim based on a constitutional right to privacy in her medical information.
For the above reasons, the Court holds that Plaintiff's claims under § 1983 based on a constitutional right to privacy are properly dismissed.
C. Monell Claims
There can be no Monell claim where there is no underlying violation of Plaintiff's constitutional rights. See Brockinton v. City of Sherwood, 503 F.3d 667, 674 (8th Cir.2007). Because Plaintiff has not established an underlying violation of any constitutional right (see supra Section III.B.), any Monell claim against the City and County Defendants must be dismissed.
IV. Qualified Immunity
Defendants claim that they are entitled to qualified immunity on Plaintiff's claims. Qualified immunity is a defense only against a claim in one's individual capacity. Johnson v. Outboard Marine Corp., 172 F.3d 531, 535 (8th Cir.1999). Qualified immunity protects government officials and employees performing discretionary functions “from liability for civil damages insofar as their conduct does not violate clearly established statutory or constitutional rights of which a reasonable person would have known.” Saucier v. Katz, 533 U.S. 194, 202, 121 S.Ct. 2151, 150 L.Ed.2d 272 (2001). To state a claim for qualified immunity, the plaintiff must assert a violation of a statutory or constitutional right, and the alleged right must be clearly established at the time of the alleged misconduct. Id.
Here, at this stage of the proceedings, plaintiff has adequately alleged the violation of a clearly established statutory right. The DPPA is clear that accessing driver's license information without a permissible purpose violates the law. The DPPA has been in place since 1994. By August 2009, Defendants would have been on notice of the DPPA and its prohibition of the access of driver's license information for impermissible purposes.
It may well be that, as this case proceeds, Defendants will be able to establish that they are entitled to qualified immunity because their actions were not “clearly established” violations of the law. However, given the allegations at this stage, if Defendants accessed Plaintiff's data for an impermissible purpose as alleged, it was clearly established in 2009 and thereafter, that doing so constituted a violation of the DPPA. Thus, at this stage, Defendants are not entitled to qualified immunity.
This is different from Roth v. Guzman, 650 F.3d 603 (6th Cir.2011), cited by Ramsey County in support of its argument for qualified immunity. In that case, the court considered whether qualified immunity applied to a DPPA claim when information that was disclosed for a purportedly permissible purpose was actually obtained for an impermissible purpose and whether “stockpiling” for a permissible purpose violated the DPPA. Roth, 650 F.3d at 614, 617. The court held that the answers to those questions were not clearly established and that qualified immunity applied as a result. Id. Here, the scenario as alleged is simply impermissible, direct accesses—the primary scenario contemplated by the DPPA.
V. Invasion of Privacy Claims
Minnesota first recognized a claim for invasion of privacy in 1998. Lake v. Wal–Mart Stores, Inc., 582 N.W.2d 231, 235 (Minn.1998). The Minnesota Supreme Court adopted three separate causes of action that are generally referred to as invasion of privacy. Id. Here, Plaintiff's claim is for intrusion upon seclusion. (Compl. ¶ 264.)
Intrusion upon seclusion is an intentional tort with a two-year statute of limitations under Minn.Stat. § 541.07(1). Hough v. Shakopee Pub. Schs., 608 F.Supp.2d 1087, 1118 (D.Minn.2009) ; Manion v. Nagin, Civ. No. 00–238, 2003 WL 21459680, at *9 (D.Minn. June 20, 2003) ; see Manteuffel v. City of N. St. Paul, 570 N.W.2d 807, 810–11 (Minn.Ct.App.1997) (analyzing the types of torts to which Minn.Stat. § 541.07(1) applies and explaining that intentional torts are regularly covered by that section).
Intrusion upon seclusion is actionable when “one intentionally intrudes, physically or otherwise upon the solitude or seclusion of another or his private affairs or concerns, if the intrusion would be highly offensive to a reasonable person.” Lake v. Wal–Mart, 582 N.W.2d at 233 (citations omitted); Swarthout v. Mut. Serv. Life Ins. Co., 632 N.W.2d 741, 744 (Minn.Ct.App.2001).
What is “highly offensive” is generally considered a “question of fact” for the jury, and only becomes a question of law “if reasonable persons can draw only one conclusion from the evidence.” Swarthout, 632 N.W.2d at 745. To determine whether an interference is offensive, courts consider: “the degree of intrusion, the context, conduct and circumstances surrounding the intrusion as well as the intruder's motives and objectives, the setting into which he intrudes, and the expectations of those whose privacy is invaded” and “the number and frequency of the intrusive contacts.” Bauer v. Ford Motor Credit Co., 149 F.Supp.2d 1106, 1109 (D.Minn.2001). The interference must be a “substantial one, of a kind that would be highly offensive to the ordinary reasonable person, as the result of conduct to which the reasonable person would strongly object.” Swarthout, 632 N.W.2d at 745 (internal citations omitted). For example, in Lake v. Wal–Mart, the court found allegations that nude photographs of the plaintiffs had been publicized were sufficient to state a claim for invasion of privacy. 582 N.W.2d at 235. In Swarthout, the court found that “[v]iewing this record in the light most favorable to [the plaintiff] we cannot say that, as a matter of law, the altering of [the plaintiff's] release and the illicit obtaining, conveying, and publicizing of his private medical information was not the ‘substantial’ and ‘highly offensive’ intrusion upon Swarthout's seclusion that would satisfy the ... [intrusion upon seclusion] test.” 632 N.W.2d at 745.
Here, the Court finds that “reasonable persons can draw only one conclusion from the evidence”—that the access of information as alleged by Plaintiff cannot rise to the level of offensiveness required to state a claim for invasion of privacy. Id. at 745. First, the Court agrees with Nelson and Rasmusson that to the extent that only Plaintiff's address, date of birth, weight, height, eye color, driver identification number, and driving record were accessed, she cannot state a claim because “this information is included on the face of a driver's license and, as discussed above, there is a low expectation of privacy in this type of information because individuals show their driver's licenses to strangers on a daily basis. Moreover, much of this information can be obtained by looking at an individual or through public records.” Rasmusson, 991 F.Supp.2d at 1078, 2014 WL 107067, at *10 ; Nelson, 2013 WL 5888235, at *8 (holding the same, and that because there was no allegation that the records at issue contained a social security number or financial or medical information, “no reasonable person could consider the intrusion ... highly offensive”); see also Bass, 998 F.Supp.2d at 824–25, 2014 WL 683969, at *7 (holding that information relating to the plaintiff's address, date of birth, weight, height, eye color, and driver identification number were not “particularly sensitive” and could not meet the “highly offensive” threshold and dismissing the claims as a result).
Second, though Plaintiff points to the viewing of medical information and social security numbers to satisfy the standard, Plaintiff has failed to adequately make any such allegations about the accesses to her record. Plaintiff alleges that her social security number was provided to DPS (Compl. ¶ 173), but never alleges it was viewed or accessed. (See id. ¶ 79 (Plaintiff alleges Defendants viewed: “her home address, color photograph or image, date of birth, eye color, height, weight and driver identification number.”).) Plaintiff makes no allegations about her medical information. Therefore, Plaintiff has failed to sufficiently allege the existence of an intrusion that could be considered by a jury to be “highly offensive” or that is based on a “legitimate expectation of privacy.” All claims for invasion of privacy are thus dismissed.
VI. Issues Specific to the Commissioner Defendants
Plaintiff alleges that the Commissioner Defendants directed the construction of an electronic database consisting of Minnesota drivers' information, and then granted law enforcement officers and other governmental personnel access to the database without proper training or instruction and without proper monitoring or restrictions. Furthermore, Plaintiff argues that the Commissioner Defendants knew that there were illegal accesses and that misuse of the database was widespread. For these actions, Plaintiff sues the Commissioner Defendants in their individual capacities under the DPPA, § 1983, and for invasion of privacy.
The Court agrees with the Commissioner Defendants that Plaintiff's claims against the DPS Does are based on the same theory of liability as her claims against the Commissioner Defendants. The Court will therefore treat the DPS Does as included in its analysis of the Commissioner Defendants.
Because Plaintiff seeks redress against the Commissioner Defendants in their individual capacities, to state a claim, Plaintiff must show that each Commissioner is “a person who knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a purpose not permitted.” 18 U.S.C. § 2724(a). A “person” is “an individual, organization or entity” but cannot be “a State or agency thereof.” 18 U.S.C. § 2725(3). Pursuant to the plain language of the statute, any obtainment, disclosure or use must be for a purpose not permitted. (See supra Section II.C.) Here, Plaintiff fails to make any allegations that either of the Commissioner Defendants personally obtained, disclosed, or used personal information from a motor vehicle record. But even if they did, Plaintiff fails to allege that the Commissioner Defendants did so, or did anything at all, with the driver's license information that was “for a purpose not permitted. ” See Kiminski, 2013 WL 6872425, at *6 (“Under the plain language of the statute, the person who obtains, discloses, or uses the information must do so for an impermissible purpose” and examining a number of cases that support this proposition) (emphasis in original); Nelson, 2013 WL 5888235, at *3 (dismissing DPPA claims against Commissioners for failure to allege an impermissible purpose because “[i]t is not enough that they disclosed information to [a Defendant] and he acted with an impermissible purpose, the Commissioners themselves must have acted with such a purpose”) (emphasis in original). See also Roth, 650 F.3d at 607–609 (holding that because officials disclosed the data for a permissible purpose, the fact that it was later used for an impermissible purpose did not create DPPA violation). The Court finds Kiminski and Nelson's reasoning compelling on this issue, and hereby adopts it.
Plaintiff argues that the following allegations are sufficient to show an “impermissible purpose” by the Commissioner Defendants: (a) they had the ability to determine if unauthorized access was being made and to prevent it; (b) they failed to prevent unauthorized access to Plaintiff's private data; (c) they knowingly authorized, directed, ratified, approved, acquiesced in, committed, or participated in the disclosure of Plaintiff's private data; and (d) they knowingly disclosed Plaintiff's private data and violated state policy by devising and implementing the DVS Database that failed to uphold Plaintiff's privacy rights as required by the DPPA. But, in reality, Plaintiff's allegations amount to a claim that the Commissioner Defendants violated the DPPA by releasing the information to their respective employees and agencies for a permitted purpose (i.e., doing their jobs), but without proper safeguards, training, or monitoring. This is not the same as releasing the information for an impermissible purpose. As explained in Kiminski, Plaintiff's reading would require a deviation from the plain language of the statute and is not supported by law. Kiminski, 2013 WL 6872425, at *8. The possibility that the Commissioner Defendants disclosed the data for the permissible purpose of allowing law enforcement officers and other governmental personnel to do their jobs is just too great for Plaintiff to overcome without specific allegations to the contrary; Plaintiff offers none. In fact, the type of situation described by Plaintiff is explicitly contemplated and addressed by the DPPA itself, which allows the Attorney General to impose civil penalties upon a state department of motor vehicles that has a “policy or practice of substantial noncompliance” with respect to driver's license information and records. 18 U.S.C. § 2723(b) ; Kiminski, 2013 WL 6872425, at *8. Furthermore, any allegations made by Plaintiff with respect to the February 2013 hearing cannot support claims regarding what the Commissioner Defendants knew or did for the time period relevant to this lawsuit (2009 to 2012). Simply put, Plaintiff has not sufficiently alleged an impermissible purpose with respect to the Commissioner Defendants.
Plaintiff ties a number of her allegations to a 2013 report and hearing about database use in Minnesota.
Finally, Plaintiff argues that Gordon, 726 F.3d 42, creates a duty of care to which the Commissioners must be held with respect to driver's license data. In Kiminski, the court generally held that Gordon is inconsistent with the plain language of the DPPA and the Commissioner Defendants cannot be held individually liable for systemic issues as alleged in the complaint. 2013 WL 6872425, at *8–9. Again, the Court finds the reasoning in Kiminski persuasive and adopts it.
With respect to Plaintiff's § 1983 claims against the Commissioner Defendants, because the Court has already held that Plaintiff cannot state a claim under § 1983 (see detailed analysis in Section III, supra ), these claims are also dismissed against the Commissioner Defendants. Similarly, although the Commissioner Defendants did not address the question of invasion of privacy, the Court finds that the legal and factual issues with respect to the Commissioner Defendants are not materially different from those alleged against the other Defendants. As a matter of law, Plaintiff has alleged no conduct that could rise to the requisite level of offensiveness to state an invasion of privacy claim. Thus, all claims against the Commissioner Defendants and DPS Does are properly dismissed.
VII. Summary Judgment
A. Hennepin County
Hennepin County also seeks summary judgment. However, because no claims remain against Hennepin County, this motion is moot.
B. Crow Wing County
The County Defendants seek summary judgment as to the allegations relating to the fifteen occasions on which Plaintiff's DVS data was accessed by Crow Wing County Probation between 2004 and 2012 because Crow Wing County Probation employees are not employees of any of the County Defendants. (Doc. No. 52, at 23–24 & Doc. No. 82, at 9.) Plaintiff concedes that those fifteen accesses are not attributable to the County Defendants and agrees that they should be dismissed as a result. (Doc. No. 72, at 9–10.) Thus, the Court dismisses claims relating to the fifteen accesses by Crow Wing County Probation.
VIII. Motion for Severance
Hennepin County and Ramsey County seek severance. Insofar as these parties have been dismissed, the question of severance is moot.
For the reasons discussed above, the Court concludes that all of Plaintiff's § 1983 claims and invasion of privacy claims are properly dismissed for failure to state a claim. The Court dismisses all DPPA claims related to searches made prior to August 2009 as well as the relevant Defendants. Thus, only DPPA claims against certain City and County Defendants for searches conducted after August 2009 remain. The remaining entities and corresponding number of searches are as follows: Aitkin County (3 searches); City of Baxter (2 searches); City of Brainerd (4 searches); Cass County (4 searches); Crow Wing County (39 searches); City of Fridley (1 search); City of Little Falls (7 searches); City of Minneapolis (1 search); Morrison County (1 search); City of St. Cloud (1 search); City of Staple (2 searches); and Wright County (1 search). The Court also orders the parties to settlement discussions, particularly with respect to those entities for which only a single search is alleged. The Court notes that discovery at this early stage should be limited in scope to address the issue of the permissibility of the relevant accesses.
Finally, the Court assumes that the parties in this case, as well as other governmental entities, are proactively working on significant policy and rule changes to prevent the impermissible access to data and to ensure that individuals responsible for any such impermissible access will be held accountable. Such reform should be a priority of all agencies given the extent of potential litigation and associated costs.
Based upon the foregoing, IT IS HEREBY ORDERED that:
1. Defendant Hennepin County's Motion to Dismiss and/or for Summary Judgment and/or to Sever (Doc. No.  ) is GRANTED IN PART and DENIED IN PART as follows:
a. Defendant Hennepin County's motion to dismiss (Doc. No.  ) is GRANTED, and Hennepin County is DISMISSED WITH PREJUDICE; and
b. Defendant Hennepin County's motions for summary judgment and to sever (Doc. No.  ) are DENIED AS MOOT.
2. The City Defendants' Motion to Dismiss (Doc. No.  ) is GRANTED IN PART and DENIED IN PART as follows:
a. Counts II, III and VI are DISMISSED WITH PREJUDICE in their entirety;
b. Count I against the City of Crosslake, the City of Long Prairie, and the City of Pine River is DISMISSED WITH PREJUDICE; and
c. Count I against the City of Baxter, the City of Brainerd, the City of Fridley, the City of Little Falls, the City of Minneapolis, the City of St. Cloud and the City of Staples remains.
3. The County Defendants' Motion to Dismiss and/or for Summary Judgment (Doc. No.  ) is GRANTED IN PART and DENIED IN PART as follows:
a. Counts II, III and VI are DISMISSED WITH PREJUDICE in their entirety;
b. Count I against Scott County and St. Louis County is DISMISSED WITH PREJUDICE; and
c. Count I against Aitkin County, Cass County, Crow Wing County, Morrison County, and Wright County remains.
4. Defendant Ramsey County's Motion to Dismiss or for Severance (Doc. No.  ) is GRANTED IN PART and DENIED IN PART as follows:
a. Defendant Ramsey County's motion to dismiss (Doc. No.  ) is GRANTED, and Ramsey County is DISMISSED WITH PREJUDICE; and
b. Defendant Ramsey County's motion for severance (Doc. No.  ) is DENIED AS MOOT.
5. The Commissioner Defendants' Motion to Dismiss (Doc. No.  ) is GRANTED in its entirety, and the Commissioner Defendants are DISMISSED WITH PREJUDICE.
6. The parties shall contact the Magistrate Judge's chamber to schedule a settlement conference to occur within sixty (60) days of the date of this Order.
7. Discovery at this stage should be limited to the issue of the permissibility of the relevant accesses.