Opinion
Case No. 14-cv-299 (SRN/HB)
11-17-2016
Sonia L. Miller-Van Oort, Jonathan A. Strauss, and Lorenz F. Fett, Jr., Sapientia Law Group, 120 South Sixth St., Ste. 100, Minneapolis, MN 55402, for Plaintiff. Stephanie A. Angolkar, Jon K. Iverson, and Susan M. Tindal, Iverson Reuvers Condon, 9321 Ensign Ave. South, Bloomington, MN 55438, for Defendants Cities of Anoka, Champlin, Coon Rapids, and Howard Lake, and Tony Jackson, Roxanne Affeldt, Michael Sternquist, MariBeth Parks, and Ken Rollins. Judy L. Hedin, 10765 Tamarack Circle NW, Coon Rapids, MN 55433, pro se Defendant.
ORDER
Sonia L. Miller-Van Oort, Jonathan A. Strauss, and Lorenz F. Fett, Jr., Sapientia Law Group, 120 South Sixth St., Ste. 100, Minneapolis, MN 55402, for Plaintiff. Stephanie A. Angolkar, Jon K. Iverson, and Susan M. Tindal, Iverson Reuvers Condon, 9321 Ensign Ave. South, Bloomington, MN 55438, for Defendants Cities of Anoka, Champlin, Coon Rapids, and Howard Lake, and Tony Jackson, Roxanne Affeldt, Michael Sternquist, MariBeth Parks, and Ken Rollins. Judy L. Hedin, 10765 Tamarack Circle NW, Coon Rapids, MN 55433, pro se Defendant. SUSAN RICHARD NELSON, United States District Judge
This matter is before the Court on cross motions for summary judgment. Defendant Cities of Anoka and Howard Lake and individual Defendants Tony Jackson and Ken Rollins (collectively, the "Moving Defendants") filed a Motion for Summary Judgment ("Moving Defs.' Mot. for Summ. J.") [Doc. No. 200]. Plaintiff Summer Michelle Rollins also filed a Motion for Partial Summary Judgment ("Pl.'s Mot. for Partial Summ. J.") [Doc. No. 207] as to her claims against Defendants Judy Hedin, Ken Rollins, and the City of Howard Lake. For the reasons set forth below, the Moving Defendants' Motion for Summary Judgment is granted in part and denied in part and Plaintiff's Motion for Partial Summary Judgment is granted in part and denied in part.
When the parties initially brought their cross motions for summary judgment, Defendant Cities of Coon Rapids and Champlin and individuals Roxanne Affeldt, Michael Sternquist, and MariBeth Parks were still parties to this matter and joined in the Moving Defendants' motion. Shortly thereafter, those Defendants were dismissed. (See Doc. No. 216.)
I. BACKGROUND
This suit stems from Plaintiff's allegations that Defendants improperly accessed and disclosed her personal driver's license information in violation of the Driver's Privacy Protection Act ("DPPA"). On the parties' cross motions for summary judgment, the Court recounts the facts that are undisputed between the parties and notes where material disputes arise.
A. Facts
1. Plaintiff Summer Michelle Rollins
Plaintiff Summer Michelle Rollins ("Summer") is a single mother of two children. (Aff. of Sonia Miller-Van Oort ("First Van Oort Aff.") [Doc. No. 208], Ex. A ("Summer Depo.") at 7, 14-15 [Doc. No. 208-1].) Her parents, Defendant Judy Hedin ("Judy") and Dean Rollins ("Dean"), separated when she was young, but maintained an on-again-off-again relationship. (Summer Depo. at 7; First Van Oort Aff., Ex. B ("Judy Depo.") at 160-61 [Doc. No. 208-1]). After her parents separated, Summer lived with Judy until she was approximately sixteen, at which point she moved in with Dean. (Summer Depo. at 7-8.) Summer admits she used drugs during her adolescence, but claims that she has not used them since that time. (See id. at 28-29.)
Since multiple members of the Rollins family are discussed in this litigation, the Court refers to them by their first names for the sake of clarity.
For all depositions, the Court cites to the page numbers as they appear in the deposition transcript.
Dean Rollins passed away in November of 2013. (Summer Depo. at 25.)
Summer and Judy have not gotten along for many years and have been largely estranged from one another. (Id. at 12-13; Judy Depo. at 36-37.) In fact, Summer has had minimal contact with much of her extended family. (See Summer Depo. at 22.) When she did have contact with her extended family, it was primarily with her father's brother, Defendant Ken Rollins ("Ken"). (Id.)
In 2003, Plaintiff married Phil Krause ("Krause") and they had two children together. (See id. at 6-7, 14-15.) Summer and Krause were divorced in 2010. (Id. at 6.) Initially, Summer had full custody of the children, but that changed over time and by January of 2014, Krause and Summer split custody 50/50. (See id. at 15-17.)
Shortly before her divorce was finalized, Summer began a relationship with William McDonnell ("McDonnell"). McDonnell and his mother moved into Summer's house in Coon Rapids, Minnesota in the summer of 2010. (Id. at 14.) Summer's family members—including Judy and Ken—were not happy about her divorce or her relationship with McDonnell. (Id. at 23-24, 26-27; Judy Depo. at 40, 95.) Summer's relationship with her uncle Ken deteriorated after her divorce and she has had minimal contact with him since 2010. (See Summer Depo. at 23-26.)
Judy and other members of Summer's family believed McDonnell and Summer were involved with drugs together in the past and possibly again in 2010 and after. (See Summer Depo. at 26-28, 30; Judy Depo. at 165.) Summer's family—including Judy, Dean, and Ken—were also concerned by what Summer's children allegedly told them about the behavior of McDonnell and Summer and their living environment. (See Judy Depo. at 66-68, 140, 148-49; Summer Depo. at 30-31.) In fact, between 2010 and 2012, Judy and Dean contacted local officials and caused them to conduct welfare checks on Summer and her children. (Judy Depo. at 68-71, 144-49; Summer Depo. at 30-31.) Summer has also contacted law enforcement regarding child custody and visitation disputes with Krause. (See Summer Depo. at 15-16.)
In April of 2012, Summer moved with McDonnell to Maplewood, Minnesota. (Id. at 17-20.) However, she did not tell her family—including Judy, Dean, Ken, and Krause—her new address and did not want them to know where she lived. (See id. at 43, 47-49, 80; Judy Depo. at 72-73.)
2. Defendant Judy Hedin
As described above, Judy is Summer's mother and their relationship has been tumultuous for many years. Since Summer's divorce in 2010 and her ensuing relationship with McDonnell, Judy has worried about Summer's welfare as well as the welfare of Summer's children. (Judy Depo. at 66-67, 74.) Judy and other Rollins family members have asked that law enforcement check on the welfare of Summer and her children, but these checks did not result in any legal action. (Id. at 68-71.)
From 2002 until May of 2011, Judy worked as a license clerk specialist at the Columbia Heights License Center. (Id. at 57-58.) In this role, she would help Minnesota residents with a variety of issues related to their driver's licenses such as changing names and addresses and renewing or replacing licenses. As part of her job, Judy regularly accessed Minnesota's Driver and Vehicle Services' (DVS) database ("DVS Database"). (Id. at 61, 65.) The DVS Database contains personal information about Minnesota drivers including photos, a physical description of the individual, date of birth, vehicle information, driving record, home address, driver's license number, and more. (Aff. of Stephanie Angolkar ("Second Angolkar Aff.") [Doc. No. 221], Ex. 10 ("Jacobson Depo.") at 176-80 [Doc. No. 221-10].)
Starting in May of 2012, Judy worked as a license clerk specialist at the Coon Rapids License Center and performed the same duties. (Judy Depo. at 57-59.) However, Judy does not believe she ever served or otherwise assisted Summer as a license clerk specialist. (Id. at 60.) Since at least 2008, Judy was aware that using the DVS Database for personal reasons was not allowed. (See id. at 86-88.)
Judy accessed Summer's personal information on the DVS Database numerous times between 2003 and 2012. (Id. at 76.) Particularly relevant to this matter, Judy accessed Summer's DVS Database information once on November 11, 2011 and twice on August 14, 2012. (Id. at 76; First Van Oort Aff., Ex. D ("DVS Database Audit Report") at 1-2 [Doc. No. 208-2].) Judy explains that she looked up Summer's information purely out of concern for her grandchildren. (Judy Depo. at 65-66, 72, 74.) Specifically, she claims that she wanted to know where Summer had moved in 2012 in case law enforcement or the Rollins family needed to check on Summer and her children. (Id. at 65-66, 72.) Judy does not allege that she had any other purpose in accessing Summer's DVS Database information and was aware that Summer did not wish for Judy, other Rollins family members, or Krause to know where she lived. (See id. at 72-73.) On at least some occasions, Judy shared the information she obtained from the DVS Database with Dean. (Id. at 75.) Important here, there is no evidence Judy actually used the information she obtained from the DVS Database in 2011 and 2012 to have a welfare check performed on Summer.
Plaintiff submitted two attachments containing the exhibits discussed in the First Van Oort Affidavit. (See Doc. Nos. 208-1 and 208-2.) Each attachment contains multiple exhibits, some of which are individually paginated and others that contain no pagination. Unless the Court states otherwise, for exhibits other than depositions, the Court cites to the ECF page number as it appears in the upper right-hand corner of the exhibit.
In July of 2013, Summer reported Judy to DVS based on her suspicion that Judy was improperly accessing Summer's driver's license information. (See First Van Oort Aff., Ex. G at 21-23 [Doc. No. 208-2].) An investigation ensued and resulted in Judy's suspension from her job for thirty days without pay "for multiple unauthorized lookups of Department of Public Safety-Driver and Vehicle Services (DVS) information on family members and acquaintances." (See First Van Oort Aff., Ex. H at 24-26 [Doc. No. 208-2]; Judy Depo. at 77-87.) Judy signed a Last Chance Agreement wherein she admitted to the unauthorized lookups, agreed to the suspension, and acknowledged that her employer would not defend her if any litigation arose out of those lookups. (See First Van Oort Aff., Ex. I at 27-28 [Doc. No. 208-2]; Judy Depo. at 88.)
3. Defendants Ken Rollins and the City of Howard Lake
Ken is Summer's uncle, but has had limited interaction with her in her adult years. (See Second Angolkar Aff., Ex. 3 ("Ken Depo.") at 74-75, 82 [Doc. No. 221-3].) Their relationship has been especially limited since Summer's divorce in 2010 because Ken does not approve of McDonnell. (See id. at 82-84.) Ken was aware of—and shared— Judy's and Dean's concerns about the welfare of Summer and her children. (See id. at 83-93.)
At all relevant times, Ken worked as a part-time patrol police officer for the City of Howard Lake ("Howard Lake"). (Id. at 6-7, 12-15.) As a police officer, Ken had access to personal information on people that the general public does not have. (See id. at 73-74, 139-40.) One source of such information is the DVS Database, which Ken typically used to run license plates to determine if drivers' licenses were valid, identify witnesses and suspects, and other law enforcement-related activities. (See id. at 30-34.) Another is the Minnesota Bureau of Criminal Apprehension's Database ("BCA Database"), which also allows law enforcement to access motor vehicle and driver's license records. (Jacobson Depo. at 30-32, 252 (explaining how the DVS and BCA Databases are separate, but closely related in terms of the information they contain).) Ken knew that he was prohibited from sharing personal information he had access to with the public. (Ken Depo. at 73-74.) He also understood that he was not to access the databases when off-duty and should not "abuse" his access to those systems. (See id. at 34-36.)
Ken does not recall using the BCA Database and professes not to know anything about that system. (Ken Depo. at 118-19.) He believes that on the occasions he accessed Summer's information, he did so through the DVS Database. (See id.) However, in the record is a BCA Database audit report that shows someone accessed Summer's personal information on September 14, 2012 and March 3, 2013 using Howard Lake Police Department credentials. (See First Van Oort Aff., Ex. E at 3 [Doc. No. 208-2].) Ken does not deny that these accesses are attributable to him, nor does he produce any evidence to suggest otherwise.
Ken recounted a situation where a mother asked that a police officer do a welfare check on her daughter who lived in Howard Lake because the daughter was suicidal. (Id. at 62.) Ken performed the welfare check, but refused to tell the mother where her daughter lived because disclosing that sort of information, even under those circumstances, was improper. (Id. at 62-64.) When asked what he would have done had the daughter lived in a jurisdiction other than Howard Lake, Ken replied that he would have contacted a law enforcement agency where the daughter lived and requested that they perform the check. (Id. at 66.)
In September of 2012, Dean provided Ken with Summer's license plate number and asked that Ken find Summer's new address. (Ken Depo. at 115-18, 137-38.) Ken accessed Summer's information on September 14, 2012 through the BCA Database. (Id. at 131-32; see First Van Oort Aff., Ex. E ("BCA Database Audit Report") at 3 [Doc. No. 208-2].) He then relayed to Dean that the system still listed Summer's former Coon Rapids address and suggested they try again later. (Ken Depo. at 131-32) On March 3, 2013, Ken accessed Summer's information on the DVS Database and believes he provided Dean with Summer's new address. (Id. at 134-37; DVS Database Audit Report at 2.) Ken also accessed Summer's information through the BCA Database on March 3, 2013. (BCA Database Audit Report.) Ken was on-duty as a Howard Lake police officer each time he accessed Summer's information. (Id. at 117, 133-34.)
Summer did not, and has never, lived in Howard Lake. (See Summer Depo. at 60, 79.) There is no allegation that anyone believed she might live in Howard Lake.
Ken explained why he obtained Summer's information as follows:
Q: Okay. So why is it that your brother [Dean] needed you to look up this information as opposed to a jurisdiction where she [Summer] might live?
A: Because I was a cop and I was accessible. I suppose he didn't want to go up to some strange cop and ask because he probably would have got the same response like I gave the one guy that - you know, I don't know that you're family. He was family, I knew he was family. And he knew I was family and he knew he could trust me and I knew I could trust him.
Q: So the bottom line is that you did it because he was your brother and you wanted to help your brother?
A: Yes.
Q: Okay. Even though in similar circumstances you might not have given it to somebody else?
A: I wouldn't, of course not.
Q: Okay. So this was personal?
A: Yes. Well, it is personal from a law enforcement perspective, you know, he came to an officer that he could trust, that he knew he could get probably get the information to see if it's correct. If it's, you know - and maybe he didn't want to feel like a fool if he went to somebody else and just said, hey, I don't know if you can do this for me, but you know, will you run my daughter, and again, how do they know that that really is family.
Q: Okay. When I say its personal I mean you did it - you provided this information to your brother because he was your brother and he asked you for it, correct?
A: Yes
Q: That's what I mean by personal; it was because of your personal relationship, correct?
A: It was a personal relationship as a police officer though.
Q: Well, as a brother?
A: A brother who is a police officer who has the access.(Id. at 140-41.) Important here, there is no evidence that anyone ever requested that Ken do a welfare check on Summer and her children, or that he cause other law enforcement officers to perform such a check. Nor is there any allegation that Ken had any other law enforcement reason to obtain Summer's information in the DVS Database (e.g., that Summer requested he do so, that Summer was pulled over for a traffic violation in Howard Lake, that Summer was the target of a Howard Lake police investigation, etc.).
Q: Exactly.
A: Yes.
4. Defendants Tony Jackson and the City of Anoka
Tony Jackson ("Jackson") is an officer with the City of Anoka's ("Anoka") police department. (See Aff. of Stephanie Angolkar ("First Angolkar Aff.") [Doc. No. 203], Ex. 2 ("Jackson Depo.") at 6-7 [Doc. No. 203-2].) He does not know Summer or her family. (Jackson Depo. at 54-55, 97.) In 2010, Jackson was assigned to the Anoka-Hennepin Drug Task Force where he investigated drug-related tips. (Id. at 8.) As part of that process, Jackson would access the DVS Database to look up complainants, suspects, and confidential informants related to the Task Force's investigations. (See id. at 48-49, 53.)
At some point in 2010 or 2011, Jackson received training instructing him that he could not access the DVS Database for personal reasons. (Id. at 13.) Before this training, Jackson claims he was unaware of any such restriction. (Id. at 14-17.) Jackson admits that prior to receiving this training, he accessed the DVS Database numerous times for personal reasons (e.g., to look up family members and celebrities, and based on his curiosity about people he had met). (See id. at 17-18.)
On September 13, 2010, Jackson accessed Summer's personal information in the DVS Database. (Id. at 69-70, 73; DVS Database Audit Report at 1.) Jackson does not remember the specific reason why he accessed her information, but based on the other individuals whose information he looked up at that same time, believes it could have been connected to a drug-related tip. (See Jackson Depo. at 71-75, 97, 112-13.) However, Jackson does not specifically recall Summer making any drug-related complaint, being the subject of a drug-related investigation, or serving as a confidential informant. (See id. at 55-57, 104-05.) He does not believe he ever interacted with Summer in a law enforcement capacity and is not aware of any law enforcement investigations or interactions with Summer generally. (See id. at 58, 105-08.)
5. How the Audit Reports Track Database Accesses
The DVS and BCA Databases track when an individual's information is accessed and, upon request, an audit report provides information about these accesses—such as the date and time the access occurred, the agency and specific user accessing the information, and the type of information viewed. (See DVS Database Audit Report; BCA Database Audit Report; Jacobson Depo. at 152-53.) Law enforcement using the DVS Database can find an individual in a variety of ways, including by name, driver's license number, or license plate number. (See Jacobson Depo. at 61-62, 138-39, 242.) Once an officer locates the individual's record within the database, he/she can make further "queries" or select various "tabs" depending on the particular information he/she wishes to view for that individual (e.g., photos, addresses, driving record, motor vehicle information, etc.) (Id. at 144-48, 150-51, 247.)
Kim Jacobson is an official with Minnesota's Department of Public Safety—which oversees and maintains the DVS Database—and is knowledgeable about the DVS Database and audit reports run on that database. (See Jacobson Depo. at 22, 39-40.) However, besides some basic knowledge about the existence and contents of the BCA Database (which includes motor vehicle records), she does not know how audit reports are generated for that system. (See id. at 30-32.)
Important here is how audit reports track and present accesses of information in the DVS Database. An officer's initial access of an individual's record appears as one "line" on the audit report. (Id. at 139-40, 245-46.) From the "main page" for that individual, the officer can then select a tab or run a query for particular information. (Id. at 144-45, 247-48.) If a query is made or a tab selected within the same minute of the initial access, it does not appear as an additional line on the audit report. (Id. at 145-46, 227-28, 255, 259-60.) As a result, any and all activity on an individual's DVS Database profile within a given minute is displayed as a single line on an audit report, regardless of how many tabs within the profile are selected. (Id. at 258-60.) However, if an officer views a particular tab of information from one minute to the next (e.g., 9:37am into 9:38am), or selects a new tab more than one minute after his/her last selection, this fact will be displayed as another line on the audit report. (See id. at 150-52, 247-48, 254-55, 258-60.)
The following illustrates how an audit report would track and display a hypothetical example. Officer Smith looks up Jane Doe in the DVS Database using her driver's license number on May 1, 2013 at 9:37am. Before 9:38am, Officer Smith clicks on the tabs for Jane Doe's photo and driving record. This initial access and Officer Smith's subsequent clicks on the various information tabs would appear as a single line on the audit report. Officer Smith is then distracted from his computer for five minutes, from 9:38am through 9:42am. The audit report will show five lines, one for each minute Officer Smith remained on the last information tab for Jane Doe that he selected before being distracted. After five minutes, at 9:43am, Officer Smith returns to viewing Jane Doe's profile and selects the tab for her motor vehicle information. This would present as another line on the audit report. Officer Smith then exits Jane Doe's DVS profile. Thus, the audit report for Jane Doe would show a total of seven lines associated with Officer Smith's access of her information on May 1, 2013 from 9:37am until 9:43am.
The audit report for Summer's DVS record shows three lines related to Judy—one on November 16, 2011 and two on August 14, 2012. (DVS Database Audit Report at 1-2.) That audit report shows three lines associated with Ken, all on March 3, 2013. (Id. at 2.) That same report shows two lines representing Jackson's access of Summer's information on September 13, 2010. (Id. at 1.) The BCA audit report shows three lines associated with Ken accessing Summer's information—two lines on September 14, 2012 and one on March 3, 2013. (BCA Database Audit Report.) The parties do not dispute how the audit reports track and present accesses of information within the databases. However, as described below, they do dispute how these reports should be used to calculate the number of DPPA violations—if the accesses were improper.
B. Procedural History
In January of 2014, Summer brought suit against a variety of municipal entities (including Anoka and Howard Lake) and John and Jane Doe defendants alleging that they violated the DPPA by accessing her driver's license information without a permissible purpose. (See Compl. [Doc. No. 1].) Initially, Summer could not name specific individuals as defendants because the Department of Public Safety ("DPS")—which oversees DVS—would not provide that information without a subpoena or court order. (See id. at ¶ 37; Aff. of Sonia Miller-Van Oort in Supp. of Opp. to Defs.' Mot. for Summ. J. ("Van Oort Aff. in Opp.") at ¶¶ 4, 5 [Doc. No. 219].) Summer's counsel explains that—based on her unsuccessful attempts to obtain discovery in another DPPA case while motions to dismiss were pending—she did not serve a subpoena on DPS until March of 2015, after Defendants' motions to dismiss were resolved and the parties held their Rule 16(f) conference. (Van Oort Aff. in Opp. at ¶ 4.) However, DPS continued to refuse to identify individual accessors until after Summer obtain a court order in June of 2015. (Id. at ¶ 5.)
Once DPS identified the individual accessors, Summer sought a stipulation from Defendants allowing her to amend her complaint to identify individual Defendants. (Id. at ¶ 6.) Defendants initially refused and it was not until August of 2015, after Summer filed a motion for leave to amend her complaint, that they finally acquiesced to her amendment. (Id.) Summer's amended complaint, filed in October of 2015, named Ken, Judy, and Jackson individually as Defendants. (See Sec. Am. Compl. [Doc. No. 158].)
The Moving Defendants (Ken, Jackson, Howard Lake, and Anoka) now move for summary judgment on Summer's claims against them. (Moving Defs.' Mot. for Summ. J.) They filed a Memorandum of Law in Support ("Defs.' Mem. in Supp.") [Doc. No. 202] and Reply in Support ("Defs.' Reply") [Doc. No. 225]. Summer filed a Memorandum of Law in Opposition ("Pl.'s Mem. in Opp.") [Doc. No. 218].
Summer also moves for partial summary judgment as to liability on her claims against Ken, Howard Lake, and Judy, and asks that the Court determine certain damages related issues as a matter of law. (Pl.'s Mot. for Partial Summ. J.) She filed a Memorandum of Law in Support ("Pl.'s Mem. in Supp.") [Doc. No. 215] and Reply in Support ("Pl.'s Reply") [Doc. No. 227]. The Moving Defendants filed a Memorandum in Opposition ("Defs.' Mem. in Opp.") [Doc. No. 220]. Defendant Judy Hedin submitted a letter opposing Summer's motion. (See Ltr. filed 6/1/2016 ("Judy's Opp.") [Doc. No. 223].) Judy also provided several exhibits with her letter. (See Judy's Opp. Exs. [Doc. No. 224].)
II. DISCUSSION
A. Legal Standard
Summary judgment is proper if, drawing all reasonable inferences in favor of the non-moving party, there is no genuine issue as to any material fact and the moving party is entitled to judgment as a matter of law. Fed. R. Civ. P. 56(a); Celotex Corp. v. Catrett, 477 U.S. 317, 322-23 (1986); Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 249-50 (1986); Morriss v. BNSF Ry. Co., 817 F.3d 1104, 1107 (8th Cir. 2016). "Summary judgment procedure is properly regarded not as a disfavored procedural shortcut, but rather as an integral part of the Federal Rules as a whole, which are designed 'to secure the just, speedy, and inexpensive determination of every action.'" Celotex, 477 U.S. at 327 (quoting Fed. R. Civ. P. 1).
The party moving for summary judgment bears the burden of showing that the material facts in the case are undisputed. Id. at 323. However, a party opposing summary judgment "'may not rest upon the mere allegation or denials of his pleading, but ... must set forth specific facts showing that there is a genuine issue for trial,' and 'must present affirmative evidence in order to defeat a properly supported motion for summary judgment.'" Ingrassia v. Schafer, 825 F.3d 891, 896 (8th Cir. 2016) (quoting Anderson, 477 U.S. at 256-57). "[T]he nonmoving party must 'do more than simply show that there is some metaphysical doubt as to the material facts.'" Conseco Life Ins. Co. v. Williams, 620 F.3d 902, 910 (8th Cir. 2010) (quoting Matsushita Elec. Indus. Co., v. Zenith Radio Corp., 475 U.S. 574, 586 (1986)). Summary judgment is proper where the nonmoving party fails "'to make a showing sufficient to establish the existence of an element essential to that party's case . . . .'" Walz v. Ameriprise Fin., Inc., 779 F.3d 842, 844 (8th Cir. 2015) (quoting Celotex, 477 U.S. at 322). While the moving party bears the burden of showing that the facts are undisputed, a judge is not confined to considering only the materials cited by the parties, and "it may consider other materials in the record." Fed. R. Civ. P. 56(c)(3).
B. The Driver's Privacy Protection Act
The DPPA was enacted to address privacy concerns about the personal information held by state departments of motor vehicles, like Minnesota's DVS. See Maracich v. Spears, 133 S. Ct. 2191, 2198 (2013). "Personal information" includes "an individual's photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information . . . ." 18 U.S.C. § 2725(3). In relevant part, the DPPA makes it unlawful "for any person knowingly to obtain or disclose personal information, from a motor vehicle record, for any use not permitted under section 2721(b) of this title." 18 U.S.C. § 2722(a). The statute lists fourteen "permissible uses" when a driver's personal information may be obtained and disclosed. See 18 U.S.C. § 2721(b)(1)-(14). Relevant here, such information may be obtained or disclosed "[f]or use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions." 18 U.S.C. § 2721(b)(1).
The DPPA provides a civil cause of action for those whose personal information is improperly accessed. 18 U.S.C. § 2724. "To establish a DPPA violation, [a plaintiff] must prove that the Defendants 1) knowingly 2) obtained, disclosed, or used personal information, 3) from a motor vehicle record, 4) for a purpose not permitted." McDonough v. Anoka Cty., 799 F.3d 931, 945 (8th Cir. 2015), cert. denied sub nom. McDonough v. Anoka Cty., Minn., 136 S. Ct. 2388 (2016).
C. The Moving Defendants' Motion for Summary Judgment
The Moving Defendants argue that they are entitled to summary judgment in their favor for one or more of the following reasons. First, they contend that Summer's Second Amended Complaint does not relate back to her original Complaint and thus her claim against Defendant Jackson is time barred. (See Defs.' Mem. in Supp. at 13-18.) Second, they claim that Ken and Jackson are entitled to qualified immunity because they did not violate the DPPA by looking up Summer's personal information and even if they did, it was not clearly established that their accesses represented a violation of the DPPA at the time they were made. (See id. at 13-25.) Third, the Moving Defendants argue that Anoka and Howard Lake are neither directly nor vicariously liable for the accesses of Jackson and Ken respectively. (See id. at 25-30.) Fourth, they assert that Summer lacks Article III standing to bring her claims because she has not suffered an injury in fact. (See id. at 30-33.) Fifth, the Moving Defendants argue that Summer's claims are barred by the rule of lenity because the phrase "in carrying out its functions" in 18 U.S.C. § 2721(b)(1) is vague and ambiguous. (See id. at 33-35.) The Court addresses these arguments in turn.
1. Relation Back
The Moving Defendants argue that Summer's DPPA claim against Jackson is time barred because her Second Amended Complaint—wherein she first named Jackson as an individual Defendant—does not relate back to her original Complaint. (See id. at 13-18.) Specifically, they contend that Summer's failure to name Jackson was not a "mistake" under Federal Rule of Civil Procedure 15(c)(1) ("Rule 15(c)(1)"), but instead was caused by a "lack of knowledge" and hence her amended complaint does not relate back. (See id. at 15-18.) Summer argues that relating back is appropriate here because Jackson and Anoka had constructive notice of her claims when she first brought suit in 2014 and she amended to name Jackson as soon as was practicable under the circumstances. (See Pl.'s Mem. in Opp. at 32-42.) Specifically, she contends that based on her counsel's experience in another DPPA case in this District—where discovery was delayed until after motions to dismiss were resolved—it was "futile" for her to request early discovery and thus she could not have discovered Jackson's name and amended her complaint before she did. (See id. at 34-36, 41-42.)
The DPPA carries a four-year statute of limitations that begins to run at the time of the improper access. McDonough, 799 F.3d at 942-43. Jackson accessed Summer's information on September 13, 2010. Summer first brought her DPPA claims in January of 2014, within the four-year statute of limitations, but did not amend her complaint to name Jackson until October of 2015, well outside the statute of limitations. Thus, unless Summer's amended complaint relates back, her DPPA claim against Jackson is time barred.
Rule 15(c)(1) provides that an amendment to the pleadings relates back to the date of the original pleading in relevant part when:
(B) the amendment asserts a claim or defense that arose out of the conduct, transaction, or occurrence set out--or attempted to be set out--in the original pleading; or
(C) the amendment changes the party or the naming of the party against whom a claim is asserted, if Rule 15(c)(1)(B) is satisfied and if, within the period provided by Rule 4(m) for serving the summons and complaint, the party to be brought in by amendment:
Fed. R. Civ. P. 15(c)(1)(B)-(C). The Supreme Court held that a "mistake" contemplated by Rule 15(c)(1)(C)(ii) is "'[a]n error, misconception, or misunderstanding; an erroneous belief.'" Krupski v. Costa Crociere S. p. A., 560 U.S. 538, 548 (2010) (quoting Black's Law Dictionary 1092 (9th ed.2009)).(i) received such notice of the action that it will not be prejudiced in defending on the merits; and
(ii) knew or should have known that the action would have been brought against it, but for a mistake concerning the proper party's identity.
Other courts in this District recently considered the relation back issue in the context of DPPA claims where a plaintiff first names numerous John and Jane Doe defendants and later amends to name specific individuals. See Taylor v. City of Amboy, No. 14-cv-0722 (PJS/TNL), 2016 WL 5417190, at *2 (D. Minn. Sept. 27, 2016); Engebretson v. Aitkin Cty., No. 14-cv-1435 (ADM/FLN), 2016 WL 5400363, at *5-6 (D. Minn. Sept. 26, 2016); Krekelberg v. Anoka Cty., No. 13-cv-3562 (DWF/TNL), 2016 WL 4443156, at *3-6 (D. Minn. Aug. 19, 2016); Potocnik v. Carlson, No. 13-cv-2093 (PJS/HB), 2016 WL 3919950, at *3-5 (D. Minn. July 15, 2016); Heglund v. Aitkin Cty., No. 14-cv-296 (ADM/LIB), 2016 WL 3093381, at *3-6 (D. Minn. June 1, 2016). These courts unanimously held that a plaintiff's initial listing of John and Jane Doe defendants evidences a lack of knowledge about the identity of a party, which is not the sort of mistake as to a party's identity contemplated by Rule 15(c)(1)(C). See Taylor, 2016 WL 5417190 at *2; Engebretson, 2016 WL 5400363 at *5-6; Krekelberg, 2016 WL 4443156 at *5-6; Potocnik, 2016 WL 3919950 at *5; Heglund, 2016 WL 3093381 at *5-6. This Court finds the reasoning in those cases persuasive and will follow it here.
Summer did not make a "mistake" when she initially brought her DPPA claims against numerous John and Jane Doe defendants. Rather, she lacked knowledge about the identities of these defendants. Summer's counsel—based on her experience in another DPPA case—elected not to seek discovery related to the Doe defendants in this matter until after the motions to dismiss were resolved. As a result, Summer did not serve discovery aimed at identifying the Doe defendants until March of 2015, more than five months after the statute of limitations lapsed on her claim against Jackson. These facts do not constitute a mistake as to the identity of a party under Rule 15(c)(1)(C)(ii), nor do they present a scenario warranting the tolling of the statute of limitations. See Engebretson, 2016 WL 5400363 at *6 (refusing to apply the doctrine of equitable estoppel where the defendants did not engage in any misleading conduct regarding the identity of the appropriate parties); Krekelberg, 2016 WL 4443156 at *6 (same); Potocnik, 2016 WL 3919950 at *5 (same). Thus, Summer's claim against Jackson is dismissed because it is time barred.
Neither party offered any argument about what effect, if any, the dismissal of Summer's claims against Jackson would have on her claims against Anoka (Jackson's employer). Summer named Anoka in her original complaint and thus her claims against Anoka do not suffer from the same timeliness issues as those against Jackson. At least one court in this District found that even where DPPA claims against individual defendants are time barred, claims against the defendant-employers—premised on vicarious liability—are not, so long as those employers were named before the statute of limitations expired. See Taylor, 2016 WL 5417190 at *4 n.5, *5 n.8. At a minimum, where the parties have not adequately briefed whether DPPA claims against a defendant-employer survive even when the claims against a defendant-employee are dismissed, courts decline to award summary judgment in favor of the defendant-employer on this basis. See Potocnik, 2016 WL 3919950 at *8. The Court follows Potocnik's example and—to the extent the Moving Defendants argue that Anoka is entitled to summary judgment because Summer's claim against Jackson is time barred—declines to award summary judgment on that basis.
2. Qualified Immunity
The Moving Defendants argue that Ken and Jackson (collectively, the "Officers") are entitled to qualified immunity against Summer's DPPA claims. (See Defs.' Mem. in Supp. at 18-25.) First, they contend that Jackson accessed Summer's information "consistent with functions [he] perform[ed] while conducting an investigation[,]" and thus did not violate the DPPA. (Id. at 22.) Second, they similarly claim that Ken did not violate the DPPA because he accessed Summer's personal information for a permissible purpose—providing his brother, Dean, with Summer's current address in case Dean needed to contact law enforcement to check on the welfare of Summer or her children. (Id.) Second, they assert that even if the Officers violated the DPPA by accessing Summer's personal information, it was not "clearly established" that accesses under those circumstances were violations of the law. (Id. at 24-25.)
Although Summer's DPPA claims against Jackson are time barred, the Court must address whether Jackson is entitled to qualified immunity because that ruling bears on Anoka's potential vicarious liability for Jackson's actions. See infra Part II.C.3.
Summer argues that the record does not allow for qualified immunity for either Jackson or Ken. (See Pl.'s Mem. in Opp. at 16-20.) Specifically, she notes that Jackson does not recall exactly why he accessed her information and is at-best speculating that it may have been related to a drug investigation. (Id. at 17-19.) She further contends that Jackson's history of improperly looking up young women and misusing the DVS Database creates a factual dispute about why he accessed her information. (Id. at 19.) As to Ken, Summer argues that there are no disputed facts and the record establishes, as a matter of law, that Ken accessed her information without a permissible purpose. (Id. at 16-17.) She also contends that it has been clearly established since the DPPA's enactment in 1994 that accessing drivers' personal information without a permissible purpose is a violation of that statute. (Id. at 19-20.)
As discussed below, Summer moved for summary judgment in her favor against Ken and Howard Lake on this basis.
Qualified immunity protects government officials from liability "unless the official's conduct violates a clearly established constitutional or statutory right of which a reasonable person would have known." Brown v. City of Golden Valley, 574 F.3d 491, 495 (8th Cir. 2009). Determining whether qualified immunity applies involves a two-part analysis: (1) whether the facts show the violation of a constitutional or statutory right, and (2) whether that right was clearly established at the time of the alleged misconduct. Saucier v. Katz, 533 U.S. 194, 201 (2001); see Brown, 574 F.3d at 496. Courts may address the prongs of the qualified immunity analysis in whatever order they deem appropriate based on the circumstances of a case. Pearson v. Callahan, 555 U.S. 223, 236 (2009).
The Court will first consider whether the rights afforded under the DPPA were clearly established when the Officers accessed Summer's personal information. A right is "sufficiently clear" when "a reasonable official would understand that what he is doing violates that right." Hope v. Pelzer, 536 U.S. 730, 739 (2002). However, this does not mean "that an official action is protected by qualified immunity unless the very action in question has previously been held unlawful, but it is to say that in the light of pre-existing law the unlawfulness must be apparent." Id. (quotations and citations omitted). "The relevant, dispositive inquiry is whether it would be clear to a reasonable officer that the conduct was unlawful in the situation he confronted." Saucier, 533 U.S. at 194-95.
The Officers argue that "[Summer] cannot cite any court decision that 'clearly established' viewing records . . . [for the purpose of] investigating tips; or aiding with welfare concerns [was] not a law enforcement function." (Defs.' Mem. in Supp. at 24.) This argument is without merit for at least two reasons. First, Hope rejects Ken's suggestion that Summer must produce specific case law to show that her rights were clearly established under the particular circumstances of this case. Second, numerous courts have held that the DPPA's prohibition against accessing private driver's license information without a permissible purpose was clearly established since shortly after the statute's enactment in 1994. See McDonough, 799 F.3d at 944 n.6; Mallak v. Aitkin Cty., 9 F. Supp. 3d 1046, 1063 (D. Minn. 2014); Engebretson, 2016 WL 5400363 at *10; Heglund, 2016 WL 3093381 at *6. In 2010, 2012, and 2013—when Ken and Jackson accessed Summer's information—any reasonable officer would have understood that it was unlawful to access a driver's personal information without a permissible purpose.
Next, the Court considers whether the record allows it to conclude as a matter of law that Jackson accessed Summer's information for a permissible purpose (i.e., in furtherance of a government function). Although a police officer looking up individuals associated with a drug investigation in the DVS Database would undoubtedly be in furtherance of a government function, the record is anything but undisputed on this subject. Jackson has a history of looking up individuals based purely on his personal curiosity about them. (See Jackson Depo. at 17-18.) Jackson has no specific recollection of Summer being the target of a drug investigation, a confidential informant, complainant, or having any contact with his department or the Hennepin County Drug Task Force to which he was assigned. (See Jackson Dep. at 55-58, 104-08, 113.) Still, Jackson believes—but is not sure—he accessed Summer's information as part of a drug-related investigation. (See id. at 71-75, 97, 112-13.) He bases this belief on the other individuals he looked up around the same time he accessed Summer's information and the timeframe in which these accesses occurred. (See id.) However, Summer argues that these same facts show something entirely different—that Jackson was looking up women younger than him simply to view their photographs. (See Pl.'s Mem. in Opp. at 17-18.)
A reasonable juror might conclude Jackson accessed Summer's information as part of his police duties, or he/she might decide Jackson was—for whatever reason—simply curious about Summer. The Eighth Circuit recently concluded that suspicious patterns of accesses are relevant to establishing DPPA claims. See McDonough, 799 F.3d at 947-48. Similarly, the mere fact that an officer's access might have been for a permissible purpose does not create the sort of undisputed record necessary to award qualified immunity on summary judgment. See Mallak v. City of Baxter, 823 F.3d 441, 446-47 (8th Cir. 2016). On this record the Court cannot conclude as a matter of law that Jackson is entitled to qualified immunity. See Taylor, 2016 WL 5417190 at *5 (denying the defendants summary judgment on the basis of qualified immunity because, even though the court "agree[d] with defendants that their proffered reasons for accessing [the plaintiff's DVS records] qualify as legitimate law-enforcement purposes[,]" a jury could conclude "that their proffered reasons are false and that they actually accessed [the plaintiff's records]" for an improper purpose).
Finally, the Court considers whether the undisputed facts show that Ken did not violate the DPPA (i.e., that Ken had a permissible purpose for accessing Summer's information). Notably, Ken claims that "[his] accesses to give his brother information for contacting the correct law enforcement agency if Summer Rollins threatened suicide again, particularly while her children were with her, were arguably for the purpose of carrying out law enforcement functions." (Defs.' Mem. in Supp. at 22 (emphasis added).) Summary judgment—concluding as a matter of law that qualified immunity shields a defendant from liability—is only appropriate where the undisputed facts establish that the defendant had a permissible purpose for accessing a driver's personal information. As discussed below, the Court holds that, in fact, the undisputed facts establish that Ken accessed Summer's personal information without a permissible purpose. Thus, the Court denies Ken summary judgment on the basis of qualified immunity.
3. Direct and Vicarious Liability
The Moving Defendants argue that Howard Lake and Anoka (the "Cities") are neither directly nor vicariously liable for any of Summer's DPPA claims. (See Defs.' Mem. in Supp. at 25-30.) They contend that there is no direct liability because Summer produced no evidence that the Cities knowingly accessed her personal information without a permissible purpose. (See id. at 25-26.) The Moving Defendants further claim that applying vicarious liability to the DPPA would be inconsistent with the statute's purpose in that it would upset the balance Congress struck between privacy concerns and the interest of government agencies in carrying out their functions. (Id. at 26-28.) Finally, they contend that even if vicarious liability applies, the Cities are not liable for the accesses of Ken and Jackson (collectively, the "Officers") because they were performed outside the scope of their employment. (Id. at 28-30.)
Summer argues that the DPPA specifically envisioned direct liability for entities like the Cities when it defined the term "person" to include non-State organizations and entities. (See Pl.'s Mem. in Supp. at 20-23.) She contends that the Cities could only act through their agents, the Officers, and did so by providing them with access to the DVS and BCA Databases, thus making them directly liable for their officers' knowing accesses of Summer's personal information without a permissible purpose. (See id. at 23-24.) Summer further argues that nearly every court outside of this District has found that municipal entities may be held vicariously liable for the DPPA violations of their employees. (See id. at 24-30.)
The Court first addresses direct liability. The DPPA defines a "person" who may be subject to liability under that statute as "an individual, organization, or entity, but does not include a State or agency thereof." 18 U.S.C. § 2725(2). Thus, the statute appears to explicitly contemplate direct liability for municipal entities like the Cities. However, this is not the end of the inquiry. To establish liability, there must be evidence that the defendant-entity itself knowingly gave its employees access to driver's license records for an impermissible purpose. Engebretson, 2016 WL 5400363 at *7; Weitgenant v. Patten, No. 14-cv-255 (ADM/FLN), 2016 WL 1449572, at *5 (D. Minn. Apr. 12, 2016); see also Potocnik, 2016 WL 3919950 at *6 ("There is no evidence that the City facilitated access to the database for any reason other than to enable its officers to carry out their law-enforcement duties, which is a purpose permitted by the DPPA."); Jessen v. Blue Earth Cty., No. 14-cv-1065 (RHK/JSM), 2014 WL 5106870, at *4 (D. Minn. Oct. 10, 2014) ("Common sense suggests, and nothing in the Complaint alleges otherwise, that Blue Earth County provided DVS access to law-enforcement personnel for law-enforcement reasons. Therefore, Plaintiffs fail to plausibly allege that Blue Earth County or Supervisor Does personally used, disclosed, or obtained personal information for a non-permitted purpose.").
There is no evidence that the Cities knowingly provided the Officers with access to the DVS and BCA Databases for an impermissible purpose. Instead, Summer argues that because the Cities could only act through their Officers, the Officers' knowingly impermissible accesses of Summer's personal information are attributable to the Cities. (See Pl.'s Mem. in Opp. at 22-24.) But, this is an argument for vicarious liability. See Taylor, 2016 WL 5417190 at *3 ("Taylor also argues that the municipal defendants are directly liable because they employed officers who allegedly violated the DPPA. ... [T]his is an argument for vicarious, not direct, liability."); Potocnik, 2016 WL 3919950 at *6 (same). Thus, the Court holds that the Cities are not directly liable for Summer's DPPA claims.
The Moving Defendants' argument that the Cities cannot be vicariously liable is unavailing. Two courts in this District previously rejected the idea that defendant-entities could be vicariously liable under the DPPA. See Weitgenant, 2016 WL 1449572 at *6-7; Jessen, 2014 WL 5106870 at *4 n.4. However—and more recently—other courts in this District have held that defendant-entities may be vicariously liable under the DPPA. See Taylor, 2016 WL 5417190 at *2; Engebretson, 2016 WL 5400363 at *8 (Judge Montgomery noted that she previously held vicarious liability did not apply to defendant-entities in Weitgenant, but changed her mind in light of other recent District decisions); Potocnik, 2016 WL 3919950 at *6-7. Courts in other districts have similarly found that defendant-entities may be vicariously liable under the DPPA. Schierts v. City of Brookfield, 868 F. Supp. 2d 818, 821-22 (E.D. Wis. 2012); Menghi v. Hart, 745 F. Supp. 2d 89, 98-99 (E.D.N.Y. 2010), aff'd, 478 F. App'x 716 (2d Cir. 2012); Margan v. Niles, 250 F. Supp. 2d 63, 72-75 (N.D.N.Y. 2003).
This Court finds the thorough and well-reasoned opinion in Potocnik to be persuasive and adopts it here. To quote from that case:
In American law, vicarious liability is the rule, not the exception, and the Court can discern no reason why DPPA cases should be exempt from the general rule.
...
As many courts have noted, Congress was concerned about the impact of the DPPA on legitimate law-enforcement functions. To alleviate that concern, courts typically give a broad reading to the government-function exception in 18 U.S.C. § 2721(b)(1). But once a law-enforcement officer has exceeded the broad bounds of the government-function exception, shielding his employer from vicarious liability serves no purpose other than to weaken the municipality's incentive to prevent future violations. Given that legitimate law-enforcement work is amply protected by § 2721(b)(1), the Court sees no conflict between the availability of vicarious liability against municipalities and the purposes of the DPPA.
Finally, the Court notes that it sees nothing in the language of the DPPA that precludes vicarious liability. It is true, as the City argues, that the
DPPA creates a cause of action against "[a] person who knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a purpose not permitted under this chapter ...." 18 U.S.C. § 2724(a). But such language is not incompatible with the existence of vicarious liability . . . .Potocnik, 2016 WL 3919950 at *6-7.
The Moving Defendants argue that vicarious liability does not apply because the Officers' accesses were outside the scope of their employment. However, Summer's theory appears to be that the Cities are vicariously liable because the Officers had apparent, or actual, authority to access her personal information by virtue of their employment as police officers for the Cities. (See Pl.'s Reply at 12-13.) Liability under the actual/apparent authority theory encompasses cases where tortious conduct is made possible or facilitated by actual agency. See Faragher v. City of Boca Raton, 524 U.S. 775, 801-02 (1998); Taylor, 2016 WL 5417190 at *2.
To summarize, the Court concludes as a matter of law that the Cities are not directly liable for Summer's DPPA claims. However, the Cities are not entitled to summary judgment in their favor on the theory that they cannot be held vicariously liable for those claims. The record contains facts that are sufficient to allow Summer to pursue her claims on the theory that the Cities are vicariously liable, by virtue of apparent or actual authority, for the Officers' accesses of her personal information.
As discussed below, the Court concludes as a matter of law that Ken accessed Summer's information without a permissible purpose and thus violated the DPPA.
4. Standing
The Moving Defendants argue that Summer lacks the Article III standing necessary to assert her DPPA claims, citing the Supreme Court's recent decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), as revised (May 24, 2016). (See Defs.' Mem. in Supp. at 30-33.) Specifically, they contend that she has not suffered an "injury in fact" and that the DPPA's statutorily prescribed damages do not provide her with standing. (See id. at 31-32.) Summer argues that the Moving Defendants' "injury in fact" standard was in fact rejected in Spokeo and that she satisfies the standard actually articulated in that case. (See Pl.'s Mem. in Opp. at 9-11.) Furthermore, she contends that she does not rely solely on statutory damages for standing, but rather has alleged that she suffered actual damages—emotional distress caused by the invasion of her privacy through these improper accesses. (See id. at 11-12.)
Several courts in this District recently addressed the issue of standing in the context of the DPPA. Each one concluded that the plaintiffs had adequately pled injury in fact (sometimes referred to as "concrete injury") by virtue of pleading an invasion of their right to privacy as a result of these impermissible accesses. Engebretson, 2016 WL 5400363 at *4; Krekelberg, 2016 WL 4443156 at *2-3; Potocnik, 2016 WL 3919950 at *2-3; see Taylor, 2016 WL 5417190 at *2. Each court also held that emotional distress could qualify as the necessary injury in fact. See Engebretson, 2016 WL 5400363 at *4; Krekelberg, 2016 WL 4443156 at *3; Potocnik, 2016 WL 3919950 at *3.
Again, this Court finds the detailed analysis of Potocnik to be persuasive and adopts it here. Judge Schiltz found that the plaintiff had satisfied the standard in Spokeo:
[The defendant] argues that [the plaintiff] lacks standing to sue under the DPPA, citing in support of his argument the recent decision of the United States Supreme Court in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016). A plaintiff has standing if (1) the plaintiff suffered an injury in fact; (2) the injury is fairly traceable to the challenged conduct of the defendant; and (3) the injury is likely to be redressed by a favorable judicial decision. Id. at 1547. To show injury in fact, the plaintiff must have suffered "'an invasion of a legally protected interest' that is 'concrete and particularized' and 'actual or imminent, not conjectural or hypothetical.'" Id. at 1548 (quoting Lujan v. Defenders of Wildlife, 504 U.S. 555, 560 (1992)).Potocnik, 2016 WL 3919950 at *2-3 (footnote omitted).
...
[The defendant] argues that, under Spokeo, [the plaintiff] lacks standing because she has alleged only a violation of a statutory right, and not a concrete injury. The Court disagrees. In Spokeo, the Court observed that, in determining whether an intangible harm meets the test for concreteness, "it is instructive to consider whether an alleged intangible harm has a close relationship to a harm that has traditionally been regarded as providing a basis for a lawsuit in English or American courts." Id. Here, the type of harm at issue—the viewing of private information without lawful authority—has a close relationship to invasion of the right to privacy, a harm that has long provided a basis for tort actions in the English and American courts. See Restatement (Second) of Torts § 652A cmt. a (Am. Law Inst. 1977) (describing the history of the tort of invasion of privacy).
...
For these reasons, the Court concludes that [the plaintiff] has standing to pursue her claims under the DPPA, even if [the plaintiff] can show nothing more than that defendants invaded her privacy by unlawfully obtaining information about her from the DVS database. Moreover, even if the invasion of [the plaintiff's] legal right to keep her data private is not a sufficiently concrete harm, [the plaintiff] has also offered evidence that she suffered actual injury in the form of emotional distress. There is no doubt that emotional distress is an injury in fact or that [the plaintiff] has standing to bring an action seeking compensation for that injury.
The Court holds that the Moving Defendants are not entitled to summary judgment on the basis of Summer's standing to bring her claims. Summer has standing "even if [she] can show nothing more than that defendants invaded her privacy by unlawfully obtaining information about her from the DVS database." See id. at *3. Even if this invasion of privacy were not enough for standing, Summer "has also offered evidence that she suffered actual injury in the form of emotional distress." See id.
Summer described her damages as the emotional distress and distrust for law enforcement she developed after learning that her personal information was being accessed without any apparent permissible purpose. (Summer Depo. at 88-89, 90, 91, 95, 97-98.)
5. The Rule of Lenity
Finally, the Moving Defendants argue that they are entitled to summary judgment because the government function exception, 18 U.S.C. § 2721(b)(1), is ambiguous and thus the rule of lenity precludes Summer's DPPA claims. (See Defs.' Mem. in Supp. at 33-35.) Summer contends that the DPPA is not ambiguous and the rule of lenity does not apply. (See Pl.'s Mem. in Opp. at 42-43.)
The rule of lenity generally applies to the interpretation of criminal statutes and requires that ambiguity in those statutes be resolved in a defendant's favor so as not to convict or punish an individual on the basis of an ambiguous statute. See Bifulco v. United States, 447 U.S. 381, 387 (1980). It is at-best debatable whether that rule has any applicability in the context of the DPPA. See Maracich, 133 S. Ct. at 2209 (considering civil application of the DPPA under 18 U.S.C. § 2724 and concluding that "[i]n this framework, there is no work for the rule of lenity to do"). Assuming that the rule is applicable to the DPPA's civil section, it would require that "after considering text, structure, history, and purpose [of the DPPA], there remains a grievous ambiguity or uncertainty in the statute such that the Court must simply guess as to what Congress intended." Barber v. Thomas, 560 U.S. 474, 488 (2010).
At least one court in this District rejected the argument that the government function exemption of the DPPA is subject to the rule of lenity. Taylor, 2016 WL 5417190 at *5. The Supreme Court similarly rejected the idea that the rule of lenity applied to another one of the permissible purpose exemptions. See Maracich, 133 S. Ct. at 2209 (considering 18 U.S.C. § 2721(b)(4)).
Assuming without deciding that the rule of lenity has any applicability to the DPPA in this case, the Court finds that the challenged provision, 18 U.S.C. § 2721(b)(1), does not contain any "grievous ambiguity or uncertainty." See Barber, 560 U.S. at 488. The Moving Defendants are correct that the DPPA does not explicitly state what constitutes a "government function" in every possible circumstance. But this does not amount to grievous ambiguity. It is well-established, and the Moving Defendants do not argue otherwise, that accessing a driver's personal information out of curiosity or for other personal reasons is a violation of the DPPA. See Taylor, 2016 WL 5417190 at *5; Engebretson, 2016 WL 5400363 at *9; see also Mallak, 823 F.3d at 446 (noting that the appellant-municipalities "do not dispute that accessing an individual's data to satisfy some personal interest constitutes a violation of clearly established law under the DPPA"). By definition then, an officer's access of a driver's information based on curiosity or other personal reasons cannot be in furtherance of a government function. Summer alleges that Ken, Jackson, and Judy accessed her personal information for purely personal reasons and provides evidence in support of these allegations. Thus, the rule of lenity cannot form the basis for granting the Moving Defendants summary judgment.
D. Plaintiff's Motion for Summary Judgment
Summer moves for summary judgment as to liability on her DPPA claims against Howard Lake, Ken, and Judy, arguing that the undisputed facts show that Ken and Judy accessed her personal information for purely personal reasons. (See Pl.'s Mem. in Supp. at 1.) She also contends that the Court should decide as a matter of law that a jury will consider whether these accesses were willful or reckless as the basis for a potential punitive damages award. (Id. at 1-2.) Finally, Summer argues that the undisputed facts allow the Court to determine the number of times each Defendant violated the DPPA by accessing and disclosing her personal information without a permissible purpose. (See id. at 18-20.)
Howard Lake and Ken contend that Summer is not entitled to summary judgment because qualified immunity applies and Howard Lake is neither directly nor vicariously liable for Ken's accesses if they were violations of the DPPA. (See Defs.' Mem. in Opp. at 18-22, 25-30.) The Court previously rejected these arguments and will not revisit them here. See supra Part II.C.2-3. Judy states that she "join[s] in the arguments raised by the cities and their officers" but offers no explanation as to why the arguments of Howard Lake and Ken apply with equal force to her. (See Judy's Opp. at 1.) To the extent Judy argues she is entitled to qualified immunity, the Court rejects this argument for the reasons discussed below.
1. Liability - Improper Versus Permissible Purpose
Summer contends that the undisputed facts show that Ken and Judy, relatives with whom she had little or no contact, accessed her personal information because of their personal interest in discovering where she lived after she moved to Maplewood in 2012. (See Pl.'s Mem. in Supp. at 17-18.) Ken argues that the government function exception (18 U.S.C. § 2721(b)(1)) should be broadly interpreted to permit his accesses. He argues that accessing Summer's personal information for the purpose of providing her address to her father, Dean, so that Dean could request that law enforcement perform a welfare check on Summer or her children is embraced by the government function exception. (See Defs.' Mem. in Opp. at 19-21.) Judy similarly contends that the only reason she looked up Summer's personal information was out of concern for the welfare of Summer's children. (See Judy's Opp. at 2, 5.)
The "contours" of the government function exception are not precisely defined in the statute. See Metcalfe v. Priebe, No. 13-cv-1692 (RHK/JJG), 2014 WL 5106851, at *4 (D. Minn. Oct. 10, 2014); Kost v. Hunt, 983 F. Supp. 2d 1121, 1134 (D. Minn. 2013). The broad text of 18 U.S.C. § 2721(b)(1) and the legislative history of the DPPA, however, "supports reading the exception broadly." See Metcalfe, 2014 WL 5106851, at *4. Thus, for instance, a police officer who accessed an individual's personal information after that individual threatened to "come after his job as a police officer and have him fired" did so in furtherance of a government function—reporting the threat and the relevant identifying information about the individual to the officer's superior. Id. at *4-5.
Even reading the exception broadly, no reasonable juror could conclude that these accesses were in furtherance of a government function. Both Ken and Judy readily and repeatedly admit that they accessed Summer's personal information due to their own concerns about the welfare of Summer and her children, or because of Dean's concerns. Missing from the record is any indication that these concerns, or Judy's and Ken's accesses, were in furtherance of a government function.
Judy works for DVS, an agency that is not authorized to perform welfare checks. Judy does not claim that any law enforcement agency contacted her asking that she provide Summer's new address so that a welfare check could be performed. Judy admits she never served Summer in her role as a license clerk with DVS.
The Court is sympathetic to a mother's concerns for her child and grandchildren, but those concerns do not constitute a government function, nor did Judy's accesses based on those concerns further any government function. On this undisputed record, Judy accessed Summer's information purely for personal reasons. (See Judy Depo. at 65-66, 72, 74.) Even if Judy were unaware of the DPPA's restrictions, this is not a defense since it is undisputed her acts were voluntary. Senne v. Vill. of Palatine, Ill., 695 F.3d 597, 603 (7th Cir. 2012) ("Voluntary action, not knowledge of illegality or potential consequences, is sufficient to satisfy the mens rea element of the DPPA."). Thus, Judy's accesses were in violation of the DPPA. See Taylor, 2016 WL 5417190 at *5; Engebretson, 2016 WL 5400363 at *9; see also Mallak v. City of Baxter, 823 F.3d at 446.
The record for Ken is similar. No one asked that the Howard Lake Police Department or Ken perform a welfare check on Summer or her children. Nor did anyone request that Ken or Howard Lake locate the relevant law enforcement agency (i.e., one with jurisdiction) and cause that agency to perform a welfare check. Ken admits that he accessed Summer's information based on personal requests from his brother. Once Ken discovered Summer's new address, he did not act on that information in a law enforcement capacity. Instead, he provided that information to Dean for Dean's potential use in the future. This scenario—the obtainment and disclosure of a driver's personal information to a member of the public who would not otherwise have access to such information—is precisely what the DPPA meant to protect against. See Maracich, 133 S. Ct. at 2198.
By Ken's own accounting, he used his position as a police officer to personally assist his brother in locating Summer based on his brother's personal concerns about the welfare of Summer and her children. (See Ken Depo. at 133-38, 140-41.) Ken did so despite being aware that he could not disclose personal information he had access to by virtue of his position as a police officer—even when an individual's family member actually requested that Ken perform a welfare check. (See id. at 34-36, 62-66, 73-74.) Even if Ken were unaware of the restrictions of the DPPA, this is not a defense since it is undisputed his actions were voluntary. See Senne, 695 F.3d at 603. Thus, Ken's accesses were in violation of the DPPA. See Taylor, 2016 WL 5417190 at *5; Engebretson, 2016 WL 5400363 at *9; see also Mallak v. City of Baxter, 823 F.3d at 446.
Summer also moves for summary judgment against Howard Lake based on its vicarious liability for Ken's unlawful actions. (See Pl.'s Mot. for Partial Summ. J.; Pl.'s Mem. in Supp. at 17-19; Pl.'s Reply at 12-13.) The undisputed record shows Howard Lake enabled Ken to access the DVS Database by virtue of employing him as a police officer. As just described, Ken used this access to obtain and then disclose Summer's personal information without a permissible purpose, in violation of the DPPA. Thus, Howard Lake is vicariously liable for the unlawful accesses of its agent, Ken.
2. Calculating the Number of DPPA Violations
As discussed below, determining the number of DPPA violations that occurred may be relevant to determining the amount of damages in this case. The Court's assessment of how many violations occurred is limited to this purpose.
Summer argues that the number of DPPA violations committed by Ken and Judy may be determined as a matter of law. (See Pl.'s Mem. in Supp. at 18-19; Pl.'s Reply at 7-12.) She contends that each time Ken and Judy accessed (or "obtained") her personal information and each time they disclosed that information, they violated the DPPA. (Pl.'s Reply at 12.) Summer asserts that every time Ken or Judy viewed a new tab within the DVS or BCA Databases, that constituted a separate obtainment since each tab contained different parts of her personal information (e.g., photo, address, driving record, motor vehicle information, etc.). (Id. at 8-9.) However, if a database audit report shows that the same tab was viewed for consecutive minutes, Summer agrees this counts as a single obtainment. (Id. at 9-10.) Based on the DVS and BCA Database Audit Reports, Summer argues that Judy obtained her personal information three times and disclosed it three times, while Ken obtained her personal information four times and disclosed it twice. (Id. at 12.)
Howard Lake and Ken argue that the number of obtainments is a question of fact for the jury. (See Defs.' Mem. in Opp. at 23-24.) They further contend that only the initial accessing of an individual's personal information within the DVS Database should be considered an obtainment, regardless of how many tabs are subsequently selected, because all of the individual's personal information is available by virtue of that initial access. (See id.) However, Howard Lake and Ken agree that where an audit report shows a particular tab of information was viewed for consecutive minutes it at-most counts as a single obtainment. (Id.)
The Court first addresses whether obtaining and then disclosing personal information counts as one, or two, violations of the DPPA for the purpose of calculating liquidated damages. It does not appear the Eighth Circuit has addressed this issue. However, the Third Circuit has opined that:
Congress clearly contemplated that in most cases, a defendant who obtained motor vehicle information would put it to some use. Therefore, given Congress's use of the term "liquidated damages" and the $2,500 amount provided, we conclude that this amount encompasses both aspects of a defendant's "breach" of the DPPA—one instance of obtaining and one of use—and that the defendant is limited to one liquidated damage award in this situation. A contrary holding would effectively result in a minimum award of $5,000 for every violation of the DPPA—a result we do not believe Congress intended.Pichler v. UNITE, 542 F.3d 380, 393 (3d Cir. 2008). The Court finds this reasoning to be persuasive and adopts it here. Thus, Ken's and Judy's disclosures of Summer's personal information to Dean do not count as separate violations of the DPPA for the purposes of calculating liquidated damages.
The Court next turns to whether "clicking" on various tabs of information within an individual's DVS records count as separate obtainments. This issue was recently addressed in this District as follows:
[T]he parties seem to dispute whether clicking through separate tabs within [the plaintiff's] DVS record during a single session counts as separate "obtainments." In the Court's view, once [the defendant] accessed [the plaintiff's] record, any steps he took to navigate through that record during a continuous session do not count as separate obtainments. Otherwise, the extent of a defendant's liability would depend on the way that a particular state DMV displayed data. The Court can conceive of no reason why a police officer who looks at a name and address should be found to have committed one violation if the name and address appear together under one tab, but two violations if they appear separately under two tabs.Potocnik, 2016 WL 3919950 at *14. This holding comports with the testimony of Kim Jacobson that once an individual's record within the DVS Database, all his/her information is available to the person accessing that record. (See Jacobson Depo. at 144-48, 150-51, 247-48.) The Court finds the reasoning in Potocnik to be persuasive and adopts it here.
Based on these rulings and the undisputed record, it is possible for the Court to determine how many violations of the DPPA Ken and Judy committed. See supra Part I.A.5. Judy accessed Summer's DVS records once on November 16, 2011. (DVS Database Audit Report at 1.) This constitutes a single violation. Judy then accessed Summer's DVS records twice on August 14, 2012, once at 15:15 (3:15pm) and then again at 15:47 (3:47pm). (Id. at 2.) This constitutes two violations. Thus, Judy committed a total of three DPPA violations.
Ken accessed Summer's DVS records on March 3, 2013. (Id.) The audit report shows three lines associated with that access, one at 22:41 (10:41pm), another at 22:42 (10:42pm), and the third at 22:44 (10:44pm). (Id.) The parties agree that the lines at 22:41 and 22:42 at-most constitute a single obtainment. (Pl.'s Reply at 10 n.7; Defs.' Mem. in Opp. at 25-26.) The line for 22:44 indicates that Ken viewed a different tab of Summer's information. (DVS Database Audit Report at 2.) However, as just discussed, the Court holds that clicking through separate tabs of an individual's information within the DVS Database does not constitute separate obtainments. Thus, Ken's access of Summer's information in the DVS Database on March 3, 2013 constitutes a single DPPA violation.
Ken also accessed Summer's information in the BCA Database on March 3, 2013. The audit report presents a single line related to this obtainment. (BCA Database Audit Report.) Thus, Ken's access of Summer's information in the BCA Database on March 3, 2013 constitutes a single DPPA violation.
Finally, Ken accessed Summer's information on the BCA Database on September 14, 2012. The audit report presents two lines associated with this access, one at 14:06:10 (2:06pm) and the other at 14:07:10 (2:07pm). The parties presented scant evidence by which the Court can decide whether this counts as one or two obtainments. Defendants' briefing (in support of their motion and in opposition to Summer's motion) is devoid of any mention of Ken's BCA Database accesses. However, it is clear from Summer's briefing that she believes the BCA Database audit report evidences a total of two obtainments. (Pl.'s Reply at 8-12 (arguing that Ken improperly obtained her personal information a total of four times, twice from the DVS Database on March 3, 2013 and thus, by deduction, twice from the BCA Database).) The Court has already concluded that Ken's March 3, 2013 access of the BCA Database counts as one obtainment. At a minimum, his access of the BCA Database on September 14, 2012 counts as a single obtainment. Since Summer contends the audit report evidences only two obtainments, the Court need not resolve whether the two lines for September 14, 2012 count as separate obtainments.
To summarize, the Court holds that Judy committed a total of three DPPA violations. Ken also obtained Summer's information in violation of the DPPA three times.
3. Punitive Damages and Other Damages Related Arguments
Summer argues that the issue of her damages, both actual and punitive, should go to the jury. (See Pl.'s Mem. in Supp. at 20-21.) Specifically, Summer does not ask that the Court determine the amount of punitive damages, but rather determine as a matter of law that the undisputed facts allow the issue of punitive damages to be presented to a jury. (Pl.'s Reply at 16.) In their opposition to Summer's motion (not in support of their own motion for summary judgment), the Moving Defendants contend that Summer "is not entitled to damages" because she has not proven that she incurred actual pecuniary damages. (Defs.' Mem. in Opp. at 30-31.) They also argue that, even if there were multiple DPPA violations, the Court should award a total of $2,500 in liquidated damages. (Id. at 31-32.) Finally, they assert that whether the accesses were willful or reckless so as to allow for punitive damages is a question for a jury, but that "[a]t this point, a jury should not be instructed on punitive damages . . . ." (Id. at 32.) Judy also questions whether Summer suffered any damages as a result of her accesses since they were done "out of concern for the safety and welfare of [her] grandchildren . . . ." (Judy's Opp. at 5.)
Summer correctly notes that this argument would support summary judgment in Defendants' favor, yet they did not make the argument in support of their own motion for summary judgment. (See Pl.'s Reply at 16.) Despite this deficiency, and because it does not affect the end result, the Court addresses Defendants' argument below.
The Court addresses the issue of punitive damages first. The DPPA allows a court to award "punitive damages upon proof of willful or reckless disregard of the law." 18 U.S.C. § 2724(b)(2). Summer does not ask that the Court determine the amount of punitive damages here, or even that Ken and Judy were willful or reckless. Instead, she asks that the issue be put to a jury. The record contains sufficient evidence such that a reasonable juror could conclude that Ken or Judy willfully or recklessly violated the DPPA when they repeatedly accessed and disclosed Summer's personal information. Thus, at trial, the Court will put this issue to the jury.
The Court next addresses liquidated damages. A court may also award "actual damages, but not less than liquidated damages in the amount of $2,500." 18 U.S.C. § 2724(b)(1). Given the discretionary language of the statute, when it comes to fashioning the appropriate award of damages, a court may grant cumulative awards (i.e., $2,500 per violation). Pichler, 542 F.3d at 394; Ela v. Destefano, No. 613CV491ORL28KRS, 2015 WL 7839723, at *5 (M.D. Fla. Dec. 2, 2015); see Kehoe v. Fid. Fed. Bank & Trust, 421 F.3d 1209, 1217 (11th Cir. 2005). However, a cumulative award of liquidated damages is not automatic, but rather subject to an assessment of the circumstances of each case. Ela, 2015 WL 7839723 at *5. Similarly, a court should consider the various types of damages (e.g., actual, punitive, liquidated) that are appropriate when fashioning an award. Kehoe, 421 F.3d at 1217.
It is premature for the Court to decide whether a cumulative award of liquidated damages is appropriate. The issue of what, if any, actual or punitive damages should be awarded must be considered by a jury. Attorneys' fees and costs, which may also be awarded under 18 U.S.C. § 2724(b)(3), must be resolved. Thus, the Court declines to rule on whether a cumulative award of liquidated damages is appropriate, but holds that the parties may raise the issue again at a later time.
Finally, the Court briefly addresses Defendants' argument regarding actual pecuniary damages. The defendant in Potocnik raised a nearly identical argument—that he was entitled to summary judgment because "actual damages" were limited to pecuniary damages, not non-economic harm like emotional distress, and the plaintiff had failed to establish that she suffered any such damages. 2016 WL 3919950 at *12. The Potocnik Court rejected this argument in a well-reasoned opinion that the Court adopts here. See id. at *12-13. Judge Schiltz held that the invasions of privacy the DPPA was meant to protect against,
will rarely result in pecuniary loss, but often cause emotional distress. It is highly unlikely that Congress intended to deprive the very type of victim who inspired passage of the DPPA . . . from any recovery under the Act. Clearly, then, the purpose and context of the DPPA counsel a broader interpretation of "actual damages."Id. at *12.
III. CONCLUSION
The Moving Defendants' Motion for Summary Judgment is granted as to Summer's DPPA claims against Jackson because they are time barred. Furthermore, Howard Lake and Anoka are not directly liable for Summer's DPPA claims. The Moving Defendants' motion is in all other respects denied.
Summer's Motion for Partial Summary Judgment is granted in part. The undisputed facts establish that Defendants Ken and Judy knowingly accessed Summer's personal information without a permissible purpose. At the time of those accesses, it was clearly established that obtaining a driver's personal information without a permissible purpose violated the rights created by the DPPA. Thus, as a matter of law, neither Ken nor Judy is entitled to qualified immunity. Howard Lake is vicariously liable for Ken's unlawful accesses. Furthermore, in the event it is relevant to calculating the damages award in this matter, the Court holds as a matter of law that Ken and Judy each violated the DPPA on three occasions. Finally, the Court holds that there is sufficient evidence in the record to put the question of punitive damages to the jury. Summer's motion is in all other respects denied.
IV. ORDER
Based on the submissions and the entire file and proceedings herein, IT IS HEREBY ORDERED that:
1. The Motion for Summary Judgment by Defendants Cities of Anoka and Howard Lake and individuals Tony Jackson and Ken Rollins [Doc. No. 200] is GRANTED IN PART AND DENIED IN PART as follows:
a. Plaintiff's claims against Defendant Tony Jackson are DISMISSED WITH PREJUDICE;
b. Defendants Howard Lake and Anoka are not directly liable for Plaintiff's Driver's Privacy Protection Act ("DPPA") claims;
c. Defendants' Motion is in all other respects DENIED.
2. Plaintiff Summer Michelle Rollins' Motion for Partial Summary Judgment [Doc. No. 207] is GRANTED IN PART AND DENIED IN PART as follows:
a. Defendant Judy Hedin and Ken Rollins are not entitled to qualified immunity as a matter of law;
b. Defendants Judy Hedin and Ken Rollins accessed Plaintiff's personal driver's license information without a permissible purpose and in doing so, violated the DPPA and are thus liable to Plaintiff as a matter of law;
c. Defendant Howard Lake is vicariously liable for Defendant Ken Rollins' unlawful accesses of Plaintiff's personal information;
d. For the purpose of calculating the appropriate damages award, Defendants Judy Hedin and Ken Rollins each violated the DPPA on three occasions;
e. The issue of whether or not punitive damages are warranted will be put to a jury;
f. Plaintiff's Motion is in all other respects DENIED.
Dated: November 17, 2016
3. This matter is set for trial on April 24, 2017.
s/ Susan Richard Nelson
SUSAN RICHARD NELSON
United States District Judge