holding that the Privacy Act term “disclose” means “the placing into the view of another information which was previously unknown”Summary of this case from Luster v. Vilsack
[Copyrighted Material Omitted] Veterans Administration (VA) employees brought putative class action against the VA, alleging that the VA violated the employees' rights under the Privacy Act by disclosing their Social Security numbers (SSNs) on VA computer system to employees who had no need for the SSNs. On cross-motions for summary judgment, the District Court, Stadtmueller, J., held that: (1) arbitrator's decision that the VA violated a collective bargaining agreement right-to-privacy provision which mirrored the Privacy Act did not have collateral estoppel or res judicata effect on district court on issue whether the VA violated the Privacy Act; (2) evidence failed to establish a disclosure as required to show violation of Privacy Act provision barring agency disclosure of certain personal records; (3) any disclosure that might have occurred did not violate the disclosure provision absent any showing that the employees viewing the records did not need to know the other employees' SSNs in the course of carrying out their duties; (4) fact issue as to whether VA employees suffered adverse effect barred summary judgment on claim that VA violated Privacy Act provision requiring an agency that maintains a system of records to protect the security, confidentiality, and integrity of the records; (5) neither VA's placing of employees' SSNs on employee computer system, nor its failure to keep employee records separate from patient records, was a willful or intentional failure to appropriately protect the confidentiality of their records, as required for recovery of damages under Privacy Act; (6) fact issues as to whether VA's failure to install patches on computer system to allow tracing of a user's access to the SSNs of certain employees was a willful or intentional failure to appropriately protect the confidentiality of their records barred summary judgment on that claim; (7) plaintiffs who could show adverse effect were entitled to statutory damages without showing actual damages; and (8) class certification was inappropriate.
Kurt C. Kobelt, Lawton & Cates, Madison, WI, for plaintiffs.
Michael T. Newman, Susan M. Knepel, Thomas P. Schneider, U.S. Department of Justice, Office of U.S. Attorney, Milwaukee, WI, for defendants.
Thomas J. Cunningham, Drexel Hill, PA, pro se movant.
STADTMUELLER, District Judge.
Plaintiffs Albert Schmidt and Sandy Bond filed this class action on behalf of themselves and all others similarly situated alleging the United States Department of Veterans Affairs (" VA" ) violated their rights under Section 552a of the Privacy Act of 1974, 5 U.S.C. § 552a, as amended, by unlawfully disclosing the social security numbers (" SSNs" ) of its employees.
Both parties have filed motions for summary judgment pursuant Fed.R.Civ.P. 56. The plaintiffs' motion seeks a judgment from the court that the VA violated Section 7 of the Privacy Act as well as Sections 552a(b), (d)(2), and (e)(10). The plaintiffs argue they are entitled to declaratory relief pursuant to Section 552a(g)(2)(A) and monetary relief in the amount of $1000 each plus costs and attorney fees pursuant to Section 552a(g)(4)(A)-(B). The VA's motion for summary judgment seeks the dismissal of the claims raised in the plaintiffs' complaint.
The plaintiffs have also filed a motion for class certification, and the VA has moved to strike the plaintiffs' class-action allegations. Finally, the parties have filed seven other motions-all of which are unopposed: the VA has moved to strike plaintiffs' request for a jury trial, to dismiss Anthony J. Principi as a party, to permit it to file an oversized brief, to file an oversized reply brief, and to file a combined reply brief and sur-reply brief; the plaintiffs have moved the court twice to permit them to file a brief which exceeds the page limitations required by the local rules of this court. The matters are fully briefed, and the court will now address the merits of each motion.
The VA is an agency of the United States government. It operates a hospital in Milwaukee, Wisconsin, which is in the Eastern District of Wisconsin. The VA provides health care benefits via its health care system, which includes 163 medical centers, over 850 outpatient clinics, 137 nursing homes, 43 domiciliary centers, and 73 home care programs. As of January 31, 2002, the Veterans Health Administration (VHA) had over 200,000 employees. Many of the employees are veterans who receive their medical treatment at VA Medical Centers (" VAMCs" ) throughout the country.
VMACs do not serve or deliver health care to non-veterans except in isolated instances, such as medical emergencies. VMACs do, however, operate individual employee health clinics. Employee health clinics administer pre-employment tuberculosis tests to employees and administer other routine treatments such as flu shots. Employee health clinics are equipped to treat employees for minor medical problems, such as headaches or other work-related injuries, but they are not equipped to handle medical emergencies. Emergencies are typically handled in the Emergency Room or the Urgent Care Clinic of a VAMC.
In the 1980s, the VHA developed an electronic health care system called the Decentralized Hospital Computer Program (" DHCP" ) for the purpose of placing patients' medical records on computer files. The DHCP system was installed at each VAMC. Some, but not all, VAMCs placed the records of employees who received medical treatment at VA facilities on the DHCP system. Many VA employees are also veterans and receive medical treatment at the VAMCs. The fact that employee health records were being added to the computer system was published in the Federal Register wherein it stated " records are received by the employee's name, date of birth, social security number, or any combination of those identifiers." (53 F.R. 19085.) In 1996, the DHCP system was upgraded and renamed the Veterans Health Information Systems and Technology Architecture (" VistA" ).
In December 1997, the VA introduced new software called the Computerized Patient Records System (" CPRS" ). This software allowed a user to access VistA patient medical information. The installation of the CPRS software and updates were mandatory at each VAMC. Before February 2000, the CPRS system worked in the following manner: A CPRS user could locate the records of a particular patient on the VistA database through either CPRS GUI or through CPRS List Manager, which was an inferior version of CPRS GUI. If the user was on CPRS GUI, she could find a patient by entering the patient's entire last name, any part of the last name, the patient's entire SSN, or the last four numbers of the SSN. If a user entered the patient's entire SSN, the system would bring up only that patient. If a user entered the patient's entire last name, the system would bring up all patients with the same last name. If the user entered the letters " SMIT" in an effort to locate a patient whose last name was " SMITHSON," the system would bring up all patients in the system with last names starting with SMIT, such as SMITH, SMITHSON, and SMITTON. If the user entered the last four numbers of the patient's SSN, the system would bring up all patients with the same last four numbers in their SSNs. In all instances where more than one name was brought up, the user could locate the desired patient by scrolling down the list of names. When the user scrolled on a particular patient, that patient's social security number and date of birth automatically appeared on the screen. Once the user found the patient she was looking for, she could click on the name to open up the patient's medical record. If the patient also happened to be a VA employee, the medical record was considered " sensitive," and a warning screen appeared advising the user once the medical record was opened, the access to the record would be traced and the user would be subjected to sanctions for misuse of the information. The tracer was an electronic mail message which was sent to a specific mail group which included the Information Security Officer (" ISO" ) at the VA facility. The VA facility ISO was able to review tracer messages to determine whether there had been inappropriate access. For purposes of this case, the important thing to note is that before February 2000, the tracer did not begin until after the user decided to open the medical record. There was no tracer if the user merely viewed the employee's SSN and did not open the medical record.
Prior to February 2000, a user could locate a patient on CPRS List Manager by typing in the patient's name. If there was only one patient with the name entered, the patient's information was immediately accessed, and an introductory screen appeared with the patient's name, SSN, date of birth, and veteran status. If there was more than one patient with the name entered, the system brought up the names of other patients with the same names along with their SSNs, dates of birth, and veterans status. The user then could select the particular patient she was looking for from the list of names on the screen.
After February 2000, the CPRS system at the VAMC in Leavenworth, KS, was changed so the user could no longer view the SSN or date of birth of a VA employee whose eligibility for health care services was her employee status until the user decided to open the medical record-an action which was traced. On February 10, 2000, a similar system was installed at all VAMCs. The CPRS system was again modified in 2001 to similarly mask the SSNs and dates of birth of VA employees whose primary eligibility for health care treatment was their veteran status.
In 1993, the General Counsel for the VA considered whether the Privacy Act of 1974 permitted the VA to use the entire SSN of " every patient, including a VA employee" on its DHCP database. (Kobelt Aff. ¶ 13, at Ex. 12, at 1.) In the opinion of the General Counsel, " where access to the patient's full name, date of birth, full social security number ... is necessary in order to properly identify the patient, disclosure of all that information to the employee is legally justifiable under the [Privacy Act]." ( Id. ) The General Counsel recommended the VA " consider whether certain information may be deleted from the subject screen without impairing the user's ability to properly identify patients in a timely manner." ( Id. )
The VA considered using only the last four digits of patients' SSNs as an identifier instead of the entire nine-digit number, but it rejected the idea out of concern that a four-digit system ran the risk patient of misidentification. Many VA patients have the same name and some also have the same last four digits in their social security numbers. The VA concluded without nine-digit SSNs as identifiers in addition to names, there was a legitimate risk that the wrong medical record could be opened and a patient could be given the wrong medication or wrong treatment resulting in serious injury or death. Prior to February 2000 and afterward, the VA implemented a series of security measures designed to protect the confidentiality of the records accessible by a CPRS user. The VA only permitted employees with patient care responsibilities to access patient records under the CPRS system. These employees included physicians, nurse practitioners, physicians assistants, medical students, and medical technicians. Other VA employees such as housekeepers and carpenters were given access to the CPRS e-mail system, but they did not have access to patient records. After an employee was trained concerning restrictions on her access to information, and had signed a security agreement, the employee was then given an access and verify code which permitted that employee to access only menus in VistA that she had been authorized to enter in the course of her job duties. The information security agreements differed by facility and were periodically revised. The security agreement in effect at the Milwaukee VAMC between 1993 and 1999 required employees to acknowledge they were given access to perform their assigned duties and would use " access ONLY for its intended purposes." (Farmer Decl., at Ex. 1.) The security agreement in effect at the Leavenworth VAMC from May 1998 to February 2002 required an employee to acknowledge she understood she was given access to the computer system " to perform the duties of [her] job." (Williams Decl., at ¶ 3; Ernzen Decl., at ¶ 3.) In addition, the agreements provided an employee could not access data except as authorized, and if the employee exceeded her computer system access authority to engage in conduct outside the scope of her official duties, she could be subject to " disciplinary or adverse action, as appropriate, and criminal prosecution." (Williams Decl., at ¶ 3.)
In October 1998, Anita Maynard, a registered nurse who worked at the Leavenworth VAMC, was training to use the CPRS. She discovered she was able to view her name and SSN on the system. Soon thereafter, she told Sandy Bond, who was a recreational therapist at the VAMC, that while she was training on the CPRS software, she discovered employees had access to her SSN and date of birth. Maynard was afraid her name and SSN could be stolen and used for improper purposes. Maynard testified in her deposition that she overheard statements in random conversations at the nurses' station that employees were looking up other employees' birthdays, SSNs, and ages outside the scope of their employment. (Maynard Dep., at 13-14.) She could not identify which employees were doing this. ( Id. )
Bond testified in her deposition that the fact that other employees were able to view her SSN and date of birth caused her to experience anxiety and to lose sleep. (Bond Dep., at 19-20.)
On January 7, 1999, NFFE Local 1765 filed a grievance against the VA on behalf of approximately 200 employees represented by the local union at the Leavenworth VAMC alleging that the unauthorized disclosure of employees' SSNs in the CPRS software system violated the Privacy Act of 1974, and the grievance cited Article 3, Section 17-F of the 1997 collective bargaining agreement between the VA and NFFE which provided, " Employees have the right to: ... Privacy in every way consistent with law, regulations and this Agreement." The union alleged the VA violated the Privacy Act by mixing employees' names, social security numbers, and dates of birth into the CPRS System, and that the only employees who needed to know this information were Employee Health Staff. On May 5, 2000, the arbitrator found the VA violated the right to privacy in Article 3, Section 17-F in the collective bargaining agreement.
Albert Schmidt was a regular full-time employee at the VAMC in Milwaukee during the time relevant to this case. He first became aware his SSN and date of birth were accessible through the CPRS system in February 2000, after Bond told him about the arbitration proceedings at Leavenworth. Schmidt testified in his deposition that he suffered from mental anguish, emotional distress, his blood pressure increased as a result of knowing his SSN and date of birth could be accessed by his fellow employees. (Schmidt Dep., at 34.)
After the arbitration, employees at the VA's Office of Information, which is a division of the VA's Central Office at its headquarters in Washington, D.C., considered ways to enhance the protection of VA employees' SSNs on its computer system. Some employees suggested the VA maintain employee records on an entirely separate database which could only be accessed by VA employees who worked at the employee health clinics. Other employees suggested the VA install a " key system" where only employees at the employee health clinics had " keys" which would permit them to access employees through the CPRS system. The VA looked at potential systems for setting up separate databases, but Dr. Michael Hodgson, Director of Occupational Health for VHA, concluded alternative health systems would not provide the same quality of care to patients as the CPRS system. The VA also looked into the key system but concluded the potential risks of such a system outweighed the benefits. The key system would essentially make an employee's data invisible to all but those CPRS users with the access keys. The current VistA system did not have a " break glass" provision which would allow a user without an access key to bring up a particular employee's medical information in an emergency. The VA believed a key system was not optimal because in the event an employee needed emergency medical attention at the Emergency Room or Urgent Care Clinic, there would be no way for a CPRS user at that facility to access the employee's medical information.
Prior to January 2001, some employees at the Office of Information expressed concerns about the ability of ISO staff to monitor the newly installed tracers. Frank Marino, the head of the Medical Information Security Group believed ISOs could not protect the confidentiality of employee's SSNs.
Actually, we only have a handful of full time ISO's [ sic ]. The overwhelming majority of individuals serve in this capacity as a collateral duty. Most do not have the time to perform the function of this position and certainly their sole purpose is not to monitor unauthorized access. In fact, at most facilities I have visited this not being done very well. Most facilities are only spot check monitoring at best and some are not monitoring this activity at all. I am fully on-board with the need to do this but it is not realistic to expect the average ISO to do it at this time.
(Kobelt Aff. ¶ 9, Ex. 8, at BS 1632.) In another e-mail, Marino stated there were currently only 10 full-time ISOs in the VA and that " the overwhelming majority of facilities already accumulate over 1000 sensitive record hits each day." ( Id., at BS 1537.) Another employee urged the adoption of a separate employee health security key, because " the ISO is usually an additional duty for the medical center and it is hard to believe that they have time to go name by name down the list. And who is to say that an Employee that has a need to know isn't abusing their privileges?" ( Id. )
In January 2001, the VA directed all VAMCs to have a full-time ISO whose main " responsibility will be to develop, implement, and monitor station-specific information security policy and procedures." (Eisenhauer 2d Decl., at ¶ 2, Ex. 1.) Since January 2001, the ISOs at the Milwaukee and Leavenworth VMACs have reviewed access by employees to sensitive records in VistA/CPRS on a daily basis, and they act upon any evidence discovered concerning inappropriate access by employees.
JURISDICTION, VENUE, AND STANDARD OF REVIEW
The court has jurisdiction over this matter pursuant to 28 U.S.C. §§ 1331 and 1337. Venue in the Eastern District of Wisconsin is proper pursuant to 28 U.S.C. § 1402(a). The court may grant summary judgment " if the pleadings, deposition, answers to interrogatories, and admission on file, together with affidavits, if any, show that there is no genuine issue of material fact and that the moving party is entitled to a judgment as a matter of law." Fed.R.Civ.P. 56(c). The mere existence of a factual dispute does not defeat a summary judgment motion; rather, the requirement is that there be a genuine issue of material fact. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986). A dispute is genuine when the evidence is such that a " reasonable jury could return a verdict for the nonmoving party." Id. A party opposing a summary judgment motion " may not rest upon mere allegations or denials," but rather must introduce affidavits or other evidence to " set forth specific facts showing that there is a genuine issue for trial." Fed.R.Civ.P. 56(e). In evaluating a motion for summary judgment, a court is " ... not required to draw every conceivable inference from the record-only those that are reasonable." Bank Leumi Le-Israel, B.M. v. Lee, 928 F.2d 232, 236 (7th Cir.1991).
The plaintiffs argue the arbitrator's decision that the VA violated the " right to privacy" provision in the collective-bargaining agreement, which prohibited the same practices outlawed in the Privacy Act, precludes this court from applying a de novo review to their claims that the VA violated the Privacy Act. The court disagrees. The Supreme Court has on three occasions considered whether a decision from an arbitration proceeding brought under a collective-bargaining agreement precludes de novo review of a statutory claim brought in federal court and has rejected such a contention each time. In Alexander v. Gardner-Denver Co., 415 U.S. 36, 94 S.Ct. 1011, 39 L.Ed.2d 147 (1974), an employee brought a Title VII action in federal district court on the heels of an unsuccessful arbitration proceeding which considered whether his discharge was racially motivated. The Court held the employee was permitted to file his Title VII claim in federal court. The Court also declined to adopt a rule requiring federal courts to defer to an arbitrator's decision where the collective-bargaining agreement prohibited the same form of discrimination charged in the Title VII suit and where the arbitrator had the authority to rule on the claim and fashion a remedy. Id. at 55-56, 94 S.Ct. 1011. In Barrentine v. Arkansas-Best Freight System, Inc., 450 U.S. 728, 101 S.Ct. 1437, 67 L.Ed.2d 641 (1981), the Court rejected the contention that an arbitration award precluded a subsequent suit based on the same underlying facts alleging a violation of the Fair Labor Standards Act. Id. at 745-46, 101 S.Ct. 1437. In McDonald v. City of West Branch, 466 U.S. 284, 104 S.Ct. 1799, 80 L.Ed.2d 302 (1984), the Court declined to fashion a rule that an award in arbitration precluded a subsequent suit in federal court alleging a violation of 42 U.S.C. § 1983. Id. at 289-90, 104 S.Ct. 1799. The rejection of a rule of preclusion in Gardner-Denver, Barrentine, and McDonald was based on the Court's conclusion that Congress intended that those statutes be judicially enforceable and that arbitration could not provide an adequate substitute for judicial proceedings in adjudicating claims under those statutes. For these same reasons, this court concludes the doctrines of collateral estoppel and res judicata are inapplicable in this Privacy Act action.
Collective-bargaining arbitration may be an efficient and effective way to settle contract disputes, but it is not an adequate or reliable substitute for judicial proceedings when it comes to determining whether the Privacy Act has been violated. First, as pointed out in Gardner-Denver, Barrentine, and McDonald, the labor arbitrator's competence pertains to her knowledge of the law of the shop, not the law of the land. 415 U.S. at 53, 94 S.Ct. 1011; 450 U.S. at 743, 101 S.Ct. 1437; 466 U.S. at 290, 104 S.Ct. 1799. This is not a knock. Arbitrators who specialize in administering industrial justice are most effective when they are able to settle complex labor disputes in an expeditious, efficient, and inexpensive manner. However, knowing the law of the shop does not require an arbitrator to be conversant with the legal considerations which underlie a complex public law like the Privacy Act. There are numerous concepts under the Privacy Act, such as what constitutes " intentional and willful," " a person entitled to recovery," and a " disclosure" which simply cannot be resolved without poring over countless legal decisions and the legislative history of the Act. See 5 U.S.C. §§ 552a(b), (g)(4). Most labor arbitrators, who are not attorneys, are under pressure to provide a quick turnaround with decisions, and consequently, they cannot be expected to make fully-informed decisions about whether an agency violated the Privacy Act.
Second, labor arbitrators derive their authority from the collective-bargaining agreement and are required to enforce the agreement. Barrentine, 450 U.S. at 744, 101 S.Ct. 1437. The arbitrator has no authority to " ‘ invoke public laws which conflict with bargain between the parties.’ " McDonald, 466 U.S. at 290, 104 S.Ct. 1799 (quoting Gardner-Denver, 415 U.S. at 53, 94 S.Ct. 1011). The Court articulated the role of the labor arbitrator in United Steelworkers of America v. Enterprise Wheel & Car Corp., 363 U.S. 593, 597, 80 S.Ct. 1358, 4 L.Ed.2d 1424 (1960).
An arbitrator is confined to interpretation and application of the collective bargaining agreement; he does not sit to dispense his own brand of industrial justice. He may of course look for guidance from many sources, yet his award is legitimate only so long as it draws its essence from the collective bargaining agreement. When the arbitrator's words manifest an infidelity to this obligation, courts have no choice but to refuse enforcement of the award.
Id. Thus, at the end of the day, the arbitrator's duty is to enforce the contractual, not the statutory, rights of the parties.
Third, the union's control over the " manner and extent to which an individual grievance is presented," Gardner-Denver, 415 U.S. at 58, 94 S.Ct. 1011, typically means the union's interests are not always aligned with the interests of the individual. Id. This collective approach in the arbitration is at odds with Congress' intent that the individual's right to privacy be protected by the Privacy Act. See 5 U.S.C. § 552a(g)(4) (" the United States shall be liable to the individual ...." ) (emphasis added).
Finally, arbitral fact-finding is not as complete as judicial fact-finding. Arbitrations typically do not follow rules of evidence, discovery, compulsory process, cross-examination, and testimony under oath is severely curtailed. Gardner-Denver, 415 U.S. at 57-58, 94 S.Ct. 1011.
The plaintiffs argue the court's holding today is at odds with Gilmer v. Interstate/Johnson Lane Corp., 500 U.S. 20, 111 S.Ct. 1647, 114 L.Ed.2d 26 (1991), but Gilmer was decided under a completely different set of facts. Gilmer addressed the enforceability of an agreement to arbitrate statutory claims, whereas this case addresses whether the arbitration of contract-based claims precludes the subsequent judicial resolution of statutory claims. Gilmer, 500 U.S. at 35, 111 S.Ct. 1647. Second, unlike the parties in Gilmer, the parties in this case did not agree to arbitrate their statutory claims, and the labor arbitrator in this case was not authorized to resolve the statutory claims under the Privacy Act. Id. Third, the parties in this case were represented by their unions in the arbitration proceedings which creates tension between the collective representation and the individual statutory rights, which was not the case in Gilmer. Id. Finally, Gilmer was decided under the Federal Arbitration Act (" FAA" ) whereas this case does not fall under the FAA. Id. Thus, Gilmer has no bearing on this case. In light of the foregoing, the court will not accord preclusive effect to the arbitrator's decision, and it will proceed to address the plaintiffs' statutory claims de novo.
The court will review the plaintiffs' claims under the Privacy Act in the following manner: First, it will review the plaintiffs' claim that the VA violated Section 7 of the Privacy Act. Second, it will review the plaintiffs' claim that the VA is liable to the plaintiffs under Section 552a(g)(2)(A). Third, it will review the plaintiffs' claim that the VA is liable to the plaintiffs under Section 552a(g)(4). Fourth, the court will review the plaintiffs' claim that they are entitled to $1,000 in statutory damages pursuant to Section 552a(g)(4). Finally, the court will review the plaintiffs' request for certification of their proposed class.
The plaintiffs' complaint contains no allegations which would place the VA on notice that it was raising a violation of Section 7 of the Privacy Act. The plaintiffs' complaint only alleges the VA violated Section 552a of the Privacy Act. (Compl. ¶ ¶ 2, 34.) As such, the court will not consider whether the VA violated Section 7.
Section 552a(g)(2)(A) of the Privacy Act authorizes the court to order an agency to amend an individual's record in accordance with a request made pursuant to Section 552a(d)(2). Section 552a(g)(2)(A) reads in relevant part:
In any suit brought under the provisions of subsection (g)(1)(A) of this section, the court may order the agency to amend the individual's record in accordance with his request or in such other way as the court may direct ....
Id. Section 552a(g)(1)(A) permits an individual to bring a civil action against the agency whenever it fails to make " a determination under subsection (d)(3) of this section not to amend an individual's record in accordance with his request ...." 5 U.S.C. § 552a(g)(1)(A). An agency is required to made a determination under Section 552a(d)(3) when an individual makes a request under Section 552a(d)(2). Id. Section 552a(d)(2) reads in relevant part:
Each agency that maintains a system of records shall-
(2) permit the individual to request the amendment of a record pertaining to him-
(A) not later than 10 days (excluding Saturday, Sunday, and legal public holidays) after the date of receipt of such request, acknowledge in writing such receipt; and
(B) promptly, either-
(i) make any correction of any portion thereof which the individual believes is not accurate, relevant, timely, or complete; or
(ii) inform the individual of its refusal ....
Id. The matter of the interplay between these subsections is easily dispatched because the plaintiffs failed to include any allegations in their complaint which placed the VA on notice that a violation of Section 552a(d)(2) was being raised. Therefore, the court will not consider the plaintiffs' claim the VA failed to comply with their request under Section 552a(d)(2).
Section 552a(g)(4) of the Privacy Act makes the United States liable to an individual who is able to show a Federal agency covered by the Act has intentionally and willfully failed to comply with Sections 552a(g)(1)(C) or (g)(1)(D). Id. Section 552a(g)(4) reads in its entirety:
In any suit brought under the provisions of subsection (g)(1)(C) or (D) of this section in which the court determines that the agency acted in a manner which was intentional or willful, the United States shall be liable to the individual in an amount equal to the sum of-
(A) actual damages sustained by the individual as a result of the refusal or failure, but in no case shall a person entitled to recovery receive less than the sum of $1,000; and
(B) the costs of the action together with reasonable attorney fees as determined by the court.
Id. In this particular action, the plaintiffs bring their suit under the provisions of subsection (g)(1)(D), which reads in its entirety:
Whenever any agency-
(D) fails to comply with any other provision of this section, or any rule promulgated thereunder, in such a way as to have an adverse effect on an individual, the individual may bring a civil action against the agency, and the district courts of the United States shall have jurisdiction in the matters under the provisions of this subsection.
Id. Specifically, the plaintiffs claim they suffered an adverse effect as a result of the VA's failure to comply with Sections 552a(b), and (e)(10). The court will first address whether there is evidence in the record to support a finding that the VA violated these provisions. If the court concludes there is evidence to support such a finding, it will then address whether there is evidence in the record to support a finding that the plaintiffs suffered an adverse effect as a result. If such a finding can be made, the court will then address whether there is evidence to support a finding that the VA's violation of the provision or provisions was intentional and willful.
The plaintiffs claim the VA failed to comply with Section 552a(b). For purposes of this case, Section 552a(b) cannot be considered without also considering subsection (b)(1). Section 552a(b) and (b)(1) read in their entirety:
No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be-
(I) to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties.
Id. Here, the plaintiffs argue the evidence shows the VA disclosed their SSNs, which were records in a system of records, to CPRS users who did not have need for them. The VA argues there was no disclosure to another person within the meaning of the Act, and even if there were, the CPRS users who viewed them would have had a need for the records.
The Privacy Act does not define the term " disclose." The term has been defined by one court as the " the imparting of information which in itself has meaning and which was previously unknown to the person to whom it was imparted." Harper v. United States, 423 F.Supp. 192, 197 (D.S.C.1976). Black's Law Dictionary defines the term " disclose" as " to bring into view by uncovering; to expose, to make known." Black's Law Dictionary, at 464 (6th ed.1991). Webster's Dictionary defines the term " disclose" as " to open" and " to expose to view" or " to make known to the public." Webster's Ninth New Collegiate Dictionary, at 360 (9th ed.1991). The court will define the term " disclose" to mean the placing into the view of another information which was previously unknown.
The Privacy Act also does not define the collective phrase " disclose ... to any person [or] ... agency." Courts and commentators who have considered this phrase have concluded it requires that a disclosure actually occurred. See Pope v. Bond, 641 F.Supp. 489, 500 (D.D.C.1986) (requiring plaintiff to point to evidence of actual incidents of unlawful disclosures to defeat government's motion to dismiss); Mittleman v. U.S. Dep't of the Treasury, 919 F.Supp. 461, 468 (D.C.Cir.1995) (granting government's motion for summary judgment because plaintiff unable to show actual disclosure of information occurred); James T. O'Reilly, Federal Information Disclosure § 20:51 (3d ed.2000) (" When a government motion for summary judgment is raised, the plaintiff will avoid dismissal if he or she can show that disclosures of the filed covered by the Privacy Act actually took place ...." ) (emphasis added). The court adopts the interpretation offered by these courts and this commentator because such an interpretation gives real effect to words of Congress.
What remains to be seen is whether there is any record of evidence demonstrating a user of the CPRS system actually viewed the plaintiffs' SSNs. The plaintiffs concede they cannot point to an actual instance where a CPRS user viewed their SSNs, but they argue the evidence in the record permits a presumption that such a disclosure actually occurred. The plaintiffs seem to argue it is inevitable that at least one VA employee actually viewed their SSNs while either looking up their names in the CPRS system or in the course of looking up someone else's name.
The court has grave reservations about whether it would ever be appropriate to permit a presumption of an actual disclosure, but it is convinced such a presumption is particularly inappropriate based on the evidence presented here. The court believes such a presumption is inappropriate because there is no basis to conclude it is inevitable that a CPRS user actually viewed their SSNs. Once again, before the tracers were installed, multiple names were brought up on the CPRS GUI system only when the user entered part of the particular patient's last name, or the last four digits of the SSN, or the other patients had the same last name. Multiple names were brought up on the CPRS List Manager system only when other patients had the same last name. Thus, it is only reasonable to infer that a significant number of names were brought up when part of a patient's last name, or the last four digits of a SSN were entered on CPRS GUI. The plaintiffs offer no evidence to show how often CPRS users searched on CPRS GUI as opposed to List Manager, and they offer no evidence to show how often CPRS GUI users searched for patients by entering part of the particular patient's last name or the last four digits of a SSN as opposed to entering the entire last name or SSN. Without this sort of evidence, there is no basis from which to conclude that the statistical odds compel an inference that a VA employee actually viewed the plaintiffs' SSNs. As such, there is no evidence that the VA disclosed the plaintiffs' SSNs to another person or agency within the meaning of the Privacy Act.
Even if the court were to presume that such a disclosure actually took place, the plaintiffs fail to show the VA employees did not need to know the plaintiffs' SSNs in the course of carrying out their duties. The need-to-know exception under Section 552a(b)(1) " embod[ies] the principle that some but not all people who work at an agency need access to individual records." 2 Justin D. Franklin & Robert F. Bouchard, The Freedom of Information and Privacy Acts, § 2.05, at 2-50 (1986). The plaintiffs argue VA medical staff did not need to access employee records through CPRS at all, and even if they did, they did not need to view the entire SSNs of employees. Both arguments fail. First, the VA offers evidence that users needed to access employee records as well as patient records via the CPRS system in case there was an emergency which required the employee to receive medical treatment at the Emergency Room or Urgent Care Center at the VAMC. If the employees were not accessible through CPRS, there would be no way to electronically access their information. The VA also explained that inserting a key system which would essentially make the employees' information invisible to CPRS users who did not have key access would mean VA personnel at a VMAC Emergency Room or Urgency Care Center would not have access to the employees' information in the case of an emergency. Clearly, if VA personnel viewed the plaintiffs' SSNs for this reason, it would constitute a need to know. In addition, the VA considered only using the last four digits of SSNs as identifiers, but it refused to do so because there were instances where patients had the same last names and the same last four digits. Clearly, VA personnel need to have access to the entire SSN of persons accessible through the CPRS system to avoid misidentification. The plaintiffs argue that the VA General Counsel's Advisory Opinion in 1993 concluded the entire SSN should not be used for identification, and in the event entire SSNs were used, they should only be used for patients, not employees. The advisory opinion says nothing of the sort. The advisory opinion stated the VA should " consider" using the last 4 digits, but if it concluded if it was necessary to use the entire SSN for identification, that would be justified under the Privacy Act. Moreover, the advisory opinion expressly considered whether employees' SSNs should be used because employees were included in the opinion's definition of patients. Accordingly, the plaintiffs' claim that the VA failed to comply with Section 552a(b) cannot survive summary judgment.
The plaintiffs argue the VA failed to comply with Section 552a(e)(10), which states in relevant part:
Each agency that maintains a system of records shall-
(10) establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom the information is maintained ....
Id. The defendants do not dispute that they may have failed to comply with the requirements of Section 552a(e)(1) during the time relevant to the plaintiffs' action, but they contend the plaintiffs cannot show they suffered any adverse effect as a result or that the VA intentionally and willfully failed to comply.
A plaintiff shows she suffered an adverse effect by pointing to evidence in the record which indicates (1) she suffered some sort of cognizable injury, see, e.g., Pippinger v. Rubin, 129 F.3d 519, 528 (10th Cir.1997), and (2) there is a causal nexus between the injury and the violation of the Act. Orekoya v. Mooney, 330 F.3d 1, 5 (1st Cir.2003). Financial harm is the most tangible adverse effect which can result from the unlawful disclosure by an agency. However, it is well-established that emotional trauma, which can take the form of stress, embarrassment, and emotional anguish, constitutes an adverse effect. See Albright v. United States, 732 F.2d 181, 186 (D.C.Cir.1984); Quinn v. Stone, 978 F.2d 126, 135-36 (3d Cir.1992); Pippinger, 129 F.3d at 528; Parks v. United States IRS, 618 F.2d 677, 682-83 (10th Cir.1980). For there to be a casual link between the injury and the violation of the Act, the injury necessarily must be distinct and independent from the violation of the Act itself. As rightly pointed out by Judge Michaels in his dissenting opinion in Doe v. Chao, 306 F.3d 170 (4th Cir.2002), " if a violation of the Privacy Act was sufficient to constitute an adverse effect, there could be no question of whether the violation caused the adverse effect, and hence the causal prong would be superfluous." Id. at 186 (emphasis in original). At least one court has held a plaintiff can show there is a causal nexus without making an independent showing of an adverse effect because the violation of the Privacy Act is itself an adverse effect, see Romero-Vargas v. Shalala, 907 F.Supp. 1128, 1134 (N.D.Ohio 1995), but this court believes the holding in Romero-Vargas is based on too loose of a reading of the language in Section 552a(1)(D). By requiring the adverse effect to be distinct and separate from the unlawful disclosure, this court gives effect to the intent of Congress by giving literal meaning to the words used in Section 552a(g)(1)(D). United States v. Second Nat'l Bank, 502 F.2d 535, 539-40 (5th Cir.1974). This court also points out the holding in Romero-Vargas has little support in case law since most courts look for evidence of an adverse effect which is distinct and separate from the violation of the Act itself to determine whether a plaintiff is entitled to recovery under the Privacy Act. See Albright, 732 F.2d at 186 (holding a plaintiff recovered damages under the Act by producing actual evidence to show she suffered emotional trauma caused by the agency's violation of the Act); Johnson v. Dep't of Treasury, 700 F.2d 971, 977 n. 12 (5th Cir.1983) (permitting recovery under the Act in light of evidence of emotional trauma caused by the violation); Rorex v. Traynor, 771 F.2d 383, 387 (8th Cir.1985) (testimony from plaintiffs that they suffered emotional trauma from violation of the Act sufficient to warrant recovery).
In this case, plaintiff Bond testified she had a hard time sleeping at night as a result of issues raised in this case, and plaintiff Schmidt testified he suffered mental anguish and emotional distress, and his blood pressure increased as a result of his concern about the availability of his SSN on the CPRS system. This evidence is sparse but sufficient to raise a genuine issue of fact concerning whether the plaintiffs suffered an adverse effect as a result of the VA's violation of Section 552a(e)(10). See Quinn, 978 F.2d at 135-36 (having undergone stress and emotional anguish enough to satisfy adverse effect requirement); Albright, 732 F.2d at 186 (suffering emotional trauma alone sufficient to qualify as an adverse effect); Parks, 618 F.2d at 682-683 (mental distress about possible misuse of unlawful disclosure of record sufficient to show adverse effect).
As previously mentioned, the VA contends its failure to comply with the requirements of Section 552a(e)(10) was not intentional and willful. The Privacy Act does not define the phrase " intentional and willful," but the legislative history of the Act provides some guidance as to how the phrase should be interpreted:
In a suit for damages, the [compromise] amendment reflects a belief that a finding of willful, arbitrary or capricious action is too harsh a standard of proof for an individual to exercise the rights granted by this legislation. Thus the standard for recovery of damages was reduced to " willful and intentional" action by an agency. On a continuum between negligence and the very high standard of willful, arbitrary, or capricious conduct, this standard is viewed as only somewhat greater than gross negligence.
Analysis of House and Senate Compromise Amendments to the Federal Privacy Act, 120 Cong. Rec. 40405, 40406 (1974). The Seventh Circuit has held the evidence required to meet this " greater than gross negligence standard" must show " reckless behavior and/or knowing violations of the Act" on the part of the agency. Moskiewicz v. United States Dep't of Agriculture, 791 F.2d 561, 564 (7th Cir.1986). The Seventh Circuit cautioned this standard is not met when the evidence shows the agency had a legitimate reason to Act in the manner it did or the alleged violation was the product of a reasonable judgment call on the part of the agency. Moskiewicz, 791 F.2d at 565. With this background in mind, the court will review the plaintiffs' contentions that the VA's actions intentionally and willfully violated Section 552a(e)(10).
First, the plaintiffs argue the VA willfully and intentionally failed to appropriately protect the confidentiality of their records and failed to protect against any anticipated threats or hazards to the security of their records by placing their SSNs on the VistA system which could be accessed by authorized VA personnel via the CPRS system. The court does not believe the evidence in the record supports such an inference. As already discussed at some length, the VA has legitimate reasons for wanting every person who received any type of medical treatment at a VA facility to be entered in VistA as a patient. In the event that an employee needed emergency medical attention at the Emergency Center at the VA facility, not at the Employee Health Clinic, the VA felt it was necessary for VA medical personnel to be able to access an employee's medical information so they could administer appropriate treatment in the event of an emergency. Although the plaintiffs believe such a situation is unlikely to arise, the VA has a legitimate reason to act as it did. Therefore, the VA's conduct in this regard cannot be considered willful or intentional.
Second, the plaintiffs argue the VA willfully and intentionally failed to appropriately protect the confidentiality of their records and failed to protect against any anticipated threats or hazards to the security of their records by displaying the entire 9-digit SSN of employees rather than only the last four digits. Again, the court does not believe the evidence supports such a finding. The VA has produced ample evidence to support its belief that only displaying the last 4 digits of an SSN would lead to the potential misidentification of a patient. Accordingly, it cannot be inferred that the VA willfully and intentionally failed to comply with the requirements the Privacy Act in this regard.
Third, plaintiffs argue the VA willfully and intentionally failed to appropriately protect the confidentiality of their records and failed to protect against any anticipated threats or hazards to the security of their records by failing to keep employee records separate from patient records through the use a " key" system patch or using a separate database. The court does not believe the evidence in the record supports such an inference. The VA actually considered using a separate employee medical records database but rejected the idea after Dr. Hodgson looked at potential systems and concluded they would not provide the same quality of care as the CPRS. The VA also considered using a " key" system but determined it was not the optimal way to address access to employee health records. The VA believed the effects of the key system, which would essentially make VA employees invisible to those who did not hold the computer access key, ran the risk of denying VA emergency medical personnel access to the employee's records in case of a medical emergency. This evidence clearly indicates the VA was not acting in a reckless or intentionally unlawful manner when it refused to adopt either approach.
Fourth, plaintiffs argue the VA willfully and intentionally failed to appropriately protect the confidentiality of their records and failed to protect against any anticipated threats or hazards to the security of their records by failing to install patches which would trace a CPRS user's access to the SSNs of employees who were not veterans prior to February 2000 and employees whose primary status was not a veteran until 2001. The court believes there is sufficient evidence in the record to support such an inference. The VA may have had legitimate reasons for wanting employees' SSNs and other confidential information to be readily available to authorized CPRS users, but there is nothing in the record to explain why the VA thought it was appropriate to let these users view this information with virtual anonymity. Such a practice in the court's view shows a complete disregard for the security and confidentiality of those SSNs and shows a complete lack of anticipation of the potential for abuse. After all, under this system, anyone authorized to view patient records, which included physicians, nurse practitioners, physicians assistants, medical technicians, and medical students, to name a few, had complete, untraceable access to every SSN in the CPRS system. The VA argues this information was secure because each CPRS user was aware of her legal responsibility to maintain the confidentiality of the information and signed an agreement acknowledging the possible penalties for failing to carry out this responsibility. Nonetheless, it is reasonable to infer that these safeguards were wholly insufficient because CPRS users knew their viewing of confidential information could not be detected until they opened up a patient's medical record. Thus, this loop-hole in the security system made it possible for any unscrupulous employee to substantially harm another employee by obtaining access to another employee's SSN without detection.
Finally, the plaintiffs argue the VA willfully and intentionally failed to appropriately protect the confidentiality of their records and failed to protect against any anticipated threats or hazards to the security of their records by failing to monitor the hits on sensitive records on a daily basis after the tracers were implemented. Again, the court does not believe the evidence in the record supports such an inference. If the evidence were to show it was widely known that no one in the VA was reviewing access by employees to sensitive records in the CPRS system, it might be reasonable to infer that the VA was recklessly failing to protect the security and confidentiality of the records. However, the evidence in the record does nothing more than suggest the VA had not devoted enough personnel to check every sensitive hit, which can number in the thousands each day at each VMAC location. The failure to check every sensitive hit simply does not constitute an intentional and willful failure to comply with Section 552a(e)(10) because there is no evidence to show that confidentiality and security are significantly jeopardized when only some, but not all, of the sensitive hits are reviewed.
Having concluded that there is a genuine issue of fact concerning whether the VA intentionally and willfully failed to comply with the requirements of Section 552a(e)(10) and whether the plaintiffs suffered an adverse effect as a result, the court considers whether the plaintiffs are entitled to recover $1,000 in damages under Section 552a(g)(4)(A) should they prevail at trial. Section 552a(g)(4)(A) entitles a plaintiff who has shown an agency acted in a manner inconsistent with Section 552a(g)(1)(D) in an intentional and willful manner is entitled to recover " actual damages" against the United States, but " in no case shall a person entitled to recovery receive less than the sum of $1,000 ...." Id. At first blush the language of Section 552a(g)(4)(A) appears straight-forward. However, Section 552a(g)(4)(A) has been the subject of differing interpretations by the federal courts of appeals. The conflict between the circuits concerns the meaning of the phrase " a person entitled to recovery." The Fourth Circuit, over a dissent, has held " a person entitled to recovery" means any person who can show " actual damages." Doe v. Chao, 306 F.3d at 182. Most recently the First Circuit has held " a person entitled to recovery" means any person who can show he or she suffered an adverse effect as a result of the agency's intentional and willful violation of Section 552a. Orekoya v. Mooney, 330 F.3d at 8. The difference is important in this case because the plaintiffs offer no evidence of actual damages. The Seventh Circuit has not had an occasion to interpret the meaning of Section 552a(g)(4)(A), but this court finds the latter of the two interpretations is correct in light of the plain language of Section 552a(g)(4), the overall scheme of the Privacy Act, and Congress' willingness to accord statutory damages in lieu of proof of actual damages in similar enactments.
On June 27, 2003, the Supreme Court granted a petition for a writ of certiorari in Doe v. Chao to decide whether under the Privacy Act, an individual who has proven a violation of the Privacy Act, but cannot prove actual damages, is automatically entitled to $1,000 in statutory damages. See 539 U.S. 957, 123 S.Ct. 2640, 156 L.Ed.2d 654, 2003 WL 1609497 (June 27, 2003) (No. 02-1377).
The court believes a plain reading of Section 552a(g)(4) strongly suggests " a person entitled to recovery" is anyone who can show she suffered an adverse effect as a result of an agency's intentional and willful violation of Section 552a, not merely someone who can show actual damages. The court believes this is the case because Section 552a(g)(4) does not require an individual to prove " actual damages" to receive " costs of the action together with reasonable attorney fees" under Section 552a(g)(4)(B). If a person is entitled to recover costs and attorney fees without proving actual damages under Section 552a(g)(4)(B), it does not seem possible that " a person entitled to recovery" can only be someone who can prove actual damages.
The court also believes this reading of Section 552a(g)(4) is the most reasonable in light of the overall scheme of the Privacy Act. As noted by the First Circuit in Orekoya v. Mooney, 330 F.3d at 8, " Congress would not have granted standing to pursue an action for civil remedies to those who suffered an adverse effect caused by an intentional and willful violation and then afforded no remedy at all for the adverse effect." Id. The First Circuit's reading is shared by a majority of the courts of appeals. See Orekoya, 330 F.3d at 8; Quinn, 978 F.2d at 135; Johnson v. IRS, 700 F.2d 971, 976-77 (5th Cir.1983); Wilborn v. Dep't Health & Human Services, 49 F.3d 597 (9th Cir.1995); Parks, 618 F.2d at 682-83; Fitzpatrick v. IRS, 665 F.2d 327, 331 & n. 7 (11th Cir.1982); Albright, 732 F.2d at 186. This is also the interpretation of the Office of Management and Budget, the Federal agency charged with the responsibility of implementing the Privacy Act. See OMB Privacy Act Guidelines, 40 Fed.Reg. 28,949, 28,970 (July 9, 1975). Finally, the court believes Congress would have been amenable to providing individuals with statutory damages in lieu of actual damages under the Privacy Act because Congress has unequivocally provided for such damages in almost identical situations in the past. Congress created a civil remedy in 1976 for the unauthorized disclosure of tax returns and tax return information. The statute was originally enacted as follows:
In any suit brought under the provision of subsection (a), upon a finding of liability on the part of the defendant, the defendant shall be liable to the plaintiff in an amount equal to the sum of -
(1) actual damages sustained by the plaintiff as a result of the unauthorized disclosure of the return or return information and, in the case of a willful disclosure or a disclosure which is the result of gross negligence, punitive damages, but in no case shall a plaintiff entitled to recovery receive less than the sum of $1,000 with respect to each instances of such unauthorized disclosure; and
(2) the costs of the action.
26 U.S.C. § 7217(c) (Supp.1981 (emphasis added) (repealed 1982)). Congress explained its reasons for wording Section 7217 as it did in the legislative history.
Because of the difficulty in establishing monetary terms the damages sustained by a taxpayer as the result of the invasion of his privacy caused by an unlawful disclosure of his returns or return information, the amendment provides that those damages would, in no event, be less than liquidated damages of $1,000 for each disclosure.
S.Rep. No. 94-938, at 348 (1976) (reprinted in 1976 U.S.C.C.A.N. 2897, 3778). Courts having occasion to interpret Section 7217 uniformly concluded it provided for the recovery of statutory damages without requiring proof of actual damages. See, e.g., Johnson v. Sawyer, 120 F.3d 1307, 1313 (5th Cir.1997); Rorex v. Traynor, 771 F.2d at 387-88. For these reasons, the court holds Section 552a(g)(4) entitles an individual to recover statutory damages in the amount of $1,000 in lieu of actual damages upon showing she suffered an adverse effect as a result of the agency's failure to comply with the provisions of Section 552a in an intentional and willful manner. Thus, the court holds the plaintiffs' evidence that they suffered an adverse effect as a result of the VA's intentional and willful violation of Section 552a(e)(10) is sufficient to show they are entitled to statutory damages of $1,000 under Section 552a(g)(4)(A) as well as costs and attorneys fees under Section 552a(g)(4)(B).
In light of the foregoing, the court will grant the VA's motion for summary judgment on the plaintiffs' claims under Section 7, Sections 552a(b) and (d)(2) of the Privacy Act, but it will deny the VA's motion for summary judgment on the plaintiffs' claims under Section 552a(e)(10) of the Act because there are genuine issues of material fact as to whether the plaintiffs suffered an adverse effect as a result of the VA's failure to comply with Section 552a(e)(10) and whether the VA's failure to comply with Section 552a(e)(10) was intentional and willful. The plaintiffs' motion for summary judgment will be denied.
The only remaining question for the court to decide is whether it should grant the plaintiffs' request to certify the following proposed class of approximately 168,000 members:
All current and former persons employed by the Department of Veteran's Affairs between August 9, 1998 and February 1, 2000, whose names and social security numbers were entered into a computer software program known as the Computerized Patient Records System at their place of employment.
Federal Rule of Civil Procedure 23(a) lists four prerequisites for a class action: (1) numerosity; (2) commonality; (3) typicality; and (4) adequacy of representation. Id; see also Keele v. Wexler, 149 F.3d 589, 594 (7th Cir.1998). Federal Rule of Civil Procedure 23(b) provides if the prerequisites of Rule 23(a) are satisfied, a class action may be maintained only if the proposed class meets the requirements of either Rule 23(b)(1), (b)(2), or (b)(3). Id. The plaintiffs bear the heavy burden of proof in establishing each of the elements required under Rule 23 for class certification. Retired Chicago Police Ass'n v. City of Chicago, 7 F.3d 584, 596 (7th Cir.1993). The plaintiffs must establish a class action will " advance ‘ the efficiency and economy of litigation which is a principal purpose of the procedure.’ " General Telephone Co. of Southwest v. Falcon, 457 U.S. 147, 159, 102 S.Ct. 2364, 72 L.Ed.2d 740 (1982) (quoting Am. Pipe & Constr. Co. v. Utah, 414 U.S. 538, 553, 94 S.Ct. 756, 38 L.Ed.2d 713 (1974)).
The court will set aside for the moment the question of whether the prerequisites of Rule 23(a) are satisfied and focus on whether any of the three requirements of Rule 23(b) can be met. The plaintiffs argue their proposed class can be certified under either Rule 23(b)(2) or (b)(3). The court cannot agree. Rule 23(b) states in its in relevant part:
An action may be maintained as a class action if ...
(2) the party opposing the class has acted or refused to act on grounds generally applicable to the class; thereby making appropriate final injunctive relief or corresponding declaratory relief with respect to the class as a whole.
Id. Rule 23(b)(2) " does not extend to cases in which the appropriate final relief is related to exclusively or predominately to money damages." Fed.R.Civ.P. 23 Advisory Committee's Note. The allegations in the plaintiffs' complaint only entitle them to relief under Section 552a(g)(4). Section 552a(g)(4) provides monetary relief, not equitable relief. Thus, the only relief available in this action is monetary, which makes it inappropriate to certify the plaintiffs' class under Rule 23(b)(2).
In addition, certification under Rule 23(b)(3), which requires that " the court finds that the questions of law or fact common to the members of the class predominate over any questions affecting only individual members," is not proper in this case because individual questions of fact predominate over common questions fact. The common question of fact is whether the VA intentionally or willfully violated the requirements of Sections 552a(b) or 552a(e)(10). The individual questions of fact affecting the members of the class are whether the VA actually disclosed the records of individual class members to a person or any agency that did not need the record for purposes of establishing a violation of Section 552a(b), and whether any of the individual class members suffered an adverse effect as a result of the VA's failure to comply with either Section 552a(b) or (e)(10). These questions of fact preclude certification under Rule 23(b)(3) because they could not be resolved without conducting numerous mini-trials. See Lyon v. United States, 94 F.R.D. 69, 76 (W.D.Okla.1982) (noting " [i]n Privacy Act damages actions, questions affecting only individual members greatly outweigh questions of law and fact common to the class" and " the individualized nature of the proof precludes ... class certification under Rule 23(b)(3)" ); see also I George B. Trubow, Privacy Law and Practice ¶ 2.09 (1991) (" Because of the individualized nature of Privacy Act violations and the adverse effects and damages that must be demonstrated in order to recover under the Act ... class actions have usually been viewed as unsuitable." ). It is true one court has certified a class action under the Privacy Act on the grounds the class of 3,500 plaintiffs only sought $1,000 each and proof of emotional distress would not be complicated to establish, Rice v. United States, 211 F.R.D. 10, 14 (D.D.C.2002), but the plaintiffs' class of 186,000 members is far larger than the one considered in Rice. In addition, this court, unlike the court in Rice, does not believe there would be anything easy about proving each of the 168,000 members suffered an adverse effect or actually had their individual information unlawfully disclosed by the agency. Proof of this nature would require extensive discovery, the defendants would be entitled to cross-examination of each individual class member at trial, and the court would be buried in paper in no time. Accordingly, the court, in the exercise of its discretion, does not believe it is proper to certify the plaintiffs' proposed class under Rule 23(b)(3).
Finally, as a more general matter, the court does not believe it would even be feasible to determine who is a member of the plaintiffs' proposed class. Although Rule 23 does not expressly discuss it, it is well-established that any " proposed class must be clearly defined in order to make it ‘ administratively feasible for the court to determine whether a particular individual is a member.’ " Rios v. Marshall, 100 F.R.D. 395, 403 (S.D.N.Y.1983) (quoting 7C Wright, Miller & Kane, Federal Practice and Procedure § 1760, at 581 (1976)). As already indicated, it would be an unmanageable task to determine which individual members suffered an adverse effect because it is almost certain that such an adverse effect would be in the form of emotional trauma. The Seventh Circuit and other courts have held class certification is improper when it turns on the putative class members' states of mind. Simer v. Rios, 661 F.2d 655, 659 (7th Cir.1981) (refusing to identify as class of persons who were " discouraged" from applying for government assistance which would require ascertaining each member's state of mind and render the class unmanageable); Rodriguez v. United States Dep't of Treasury, 131 F.R.D. 1, 7 (resolving putative class member's state of mind " obviously would call for innumerable ‘ mini-trials,’ " making class certification inappropriate); Marshall, 100 F.R.D. at 403 (although it is not rare for a court to make determinations of a particular party's state of mind, doing so for a class would require the court to make " an unmanageable number of such determinations" ). As such, the court, in an exercise of its discretion, concludes it would be administratively unfeasible to determine whether an individual was a member of the plaintiffs' proposed class. For these reasons, the plaintiffs' motion for class certification will be denied. The VA's motion to strike the plaintiffs' class action allegations is moot and will be denied accordingly.
Lastly, the court has carefully considered each of the remaining seven motions filed by the parties, and each will be granted.
IT IS ORDERED
that the VA's motion for summary judgment on plaintiffs' claims under Section 7, Sections 552a(b), and Section 552a(d)(2) of the Privacy Act (Docket # 62) be and the same is hereby GRANTED;
IT IS FURTHER ORDERED
that the plaintiffs' claims against the VA under Section 7, Section 552a(b), and Section 552a(d)(2) be and the same are hereby DISMISSED with prejudice;
IT IS FURTHER ORDERED
that the VA's motion for summary judgment on the plaintiffs' claims under Section 552a(e)(10) of the Privacy Act (Docket # 62) be and the same is hereby DENIED;
IT IS FURTHER ORDERED
that the plaintiffs' motion for summary judgment (Docket # 79) be and the same is hereby DENIED;
IT IS FURTHER ORDERED
that the plaintiffs' motion for class certification (Docket # 76) be and the same is hereby DENIED;
IT IS FURTHER ORDERED
that the VA's motion to strike the plaintiffs' class-action allegations (Docket # 65) be and the same is hereby DENIED;
IT IS FURTHER ORDERED
that the VA's unopposed motion to strike jury trial (Docket # 67) be and the same is hereby GRANTED;
IT IS FURTHER ORDERED
that the VA's unopposed motion to dismiss defendant Anthony J. Principi (Docket # 69) be and the same is hereby GRANTED;
IT IS FURTHER ORDERED
that the plaintiffs' unopposed motions for permission to exceed page limitations (Docket # 82 and 105) be and the same are hereby GRANTED; IT IS FURTHER ORDERED
that the VA's unopposed motions to file an oversized brief (Docket # 91 and 110) be and the same are hereby GRANTED; and
IT IS FURTHER ORDERED
that the VA's unopposed motion to file combined reply in support of motion to strike and sur-reply to plaintiffs' second motion for class certification (Docket # 112) be and the same is hereby GRANTED.