Interesting Decision in Privacy Act Class Action Suit

What happens when there is a release of a group of individual's information under the Privacy Act, but the individual's submitting evidence to the Court about their damages show only an emotional harm from the release?  Well, the result in Rice et al. v. USA is that the named plaintiff's will have their claims dismissed.

Judge James Robertson of the District Court for the District of Columbia has dismissed the claims of the named plaintiffs in a class-action against the USDA for a release of their financial information pursuant to a FOIA request.  In making his ruling, the Judge first found that even though these were business records of the plaintiffs, they were about them as individuals and therefore covered by the Privacy Act.  However, the Court ultimately decided that the descriptions of the emotional harms suffered by certain of the plaintiffs in the case did not rise to the level of a harm that would allow recovery pursuant to Privacy Act Section 552a(g)(4).  Thus, the named class members claims have been dismissed.  The Court has left open the door for those not named to sue individually and provide evidence of harm that rises higher than that demonstrated by the class.

This case is a great example of how difficult it is to successfully file a wrongful disclosure in a Privacy Act suit.  Even though the plaintiffs were anguished by the disclosure of their financial information, they could not point to a harm that rose to the level of the Privacy Act that permitted a recovery. 

D.C. Circuit Issues Major FOIA/Privacy Act Decision

The D.C. Circuit has issued an opinion in the case of Michael Sussman v. U.S. Marshals Service which touches on a number of FOIA and Privacy Act ("PA") issues.  The procedural history of the case is complex and somewhat confusing--in short Sussman was appealing a D.C. District Court grant of summary judgment for the Marshal Service pertaining to Sussman's FOIA and PA requests to the Marshals Service and an allegation of a PA violation by the Marshals Service.  The Circuit Court remanded many of the grants of summary judgment on the FOIA request and all matters concerning the PA.  I'll try to touch on the major points of the decision.

The Court remanded the District Courts finding on FOIA exemptions 2, 3, 7(A) and 7(C).  While the Court held that certain internet addresses were ok to withhold pursuant to exemption 2, it found that the government did not meet its burden of proof for this exemption on material it described as "information reflecting communications between agencies" and remanded the withholding of that information back to the District Court for further findings.  The invocation of exemption 3 for information pertaining to grand jury proceedings (FRCP Rule 6(e)) was also remanded for further findings because the agency did not properly show that disclosure of the information would violate FRCP Rule 6(e).

Findings related to the government's use of Exemption 7(A) were remanded as well.  The agency's declarations did not show how disclosure would reveal the focus of a grand jury investigation which would in turn cause interference to the investigation.  Further, on remand, the ongoing proceedings must be pending at the time of the District Court's decision, not at the time of the earlier FOIA request.  Those knowledgable with FOIA issues, know this is a further explanation to a line of cases following the Court's Maydak v. Department of Justice decision decided in 2000.

As to Exemption 7(C), the Court remanded the issue so that the District Court could decide if a third party gave an adequate waiver for FOIA purposes.  The Court found that the issues surrounding the waiver of the third party, even though it arrived late in the proceedings, must still be decided by the District Court.

Procedurally, the Court reiterated its now long standing policy that District Courts must make a segregation finding for its decision to be properly made.  The Court also found that an agency's invocation of an exemption on a motion for reconsideration did not waive the exemption.

Finally, the PA count was remanded because the District Court only addressed the search efforts of the government in terms of FOIA, not the PA.  The search under PA is important because it will determine if the records pertaining to the requester were found in documents located in PA systems of records.  The unlawful disclosure count of the complaint was also referred to the District Court for further findings.

This case is important because of the many areas the Circuit Court made specific findings on areas of FOIA law.  I probably missed some of them, but I'm sure others, such as the fine newsletter accessreports will have an extensive overview of this case in the near future.

Discovery Granted in Privacy Act Suit

Plaintiff Bradley L. Lowe has been granted discovery in his Privacy Act lawsuit against the Navy.  Lowe claims that a release to the Marine Corps Times violated his Privacy Act rights.  The Navy moved for summary judgment on the lawsuit claiming that the disclosure was allowed pursuant to the FOIA.  However, Lowe moved for discovery pursuant to Federal Civil Rule of Procedure 56(f) seeking to find out if the disclosure was actually permissible under the FOIA.  District Court Judge for Ellen Segal Huvelle agreed that discovery was permissible; she denied the Navy's motion for summary judgment without predjudice while the discovery takes place.

Agencies Update Privacy Act Matters

The FCC is proposing a new routine use.  As published in the Federal Register, the FCC is proposing a new routine use that they state is needed to allow for "disclosure of records to appropriate persons and entities for purposes of response and remedial efforts in the event of a breach of data contained in the
protected systems".  According to the FCC,  this "routine use will facilitate an effective response to a confirmed or suspected breach by allowing for disclosure to individuals affected by the breach, in cases, if any, where such disclosure is not otherwise authorized under the Act. This routine use will also authorize disclosures to others who are in a position to assist in response efforts, either by assisting in notification to affected individuals or otherwise playing a role in preventing, minimizing, or remedying harms from the breach."  The deadline for public comments on this new routine use is April 30, 2007.

The Army is also making changes to its Privacy Act regulations.  It proposes to amend four of its Privacy Act systems of records on April 27, 2007, unless it receives comments "which result in a contrary determination."

While neither of these changes are earth shattering, it is good to see agencies taking notice of their responsibilities under the Privacy Act.  By looking at and revising these Privacy Act matters so as to keep them current, these agencies make it easier, at least in theory, for agency personnel to act in a way that doesn't run afoul of the Act.

IRS Cleaning Up Privacy Act Systems of Records

The IRS is amending and revising certain Privacy Act Systems of Records.  The IRS proposals are found in the December 1, 2006 Federal Register and any comments on the changes need to be made by January 2, 2007.

Coast Guard Disclosure Not a Privacy Act Violation

A District Court Judge for the District of Columbia has determined that the Coast Guard's disclosure of a Coast Guard doctor's medical records was not a violation of the Privacy Act.  The plaintiff, Dr. Willie Cacho, had asserted that his commanding officer's disclosure of certain of his medical records to other Coast Guard employees was a violation of his Privacy Act.  The Court did not agree, finding that the disclosures were either proper or caused no ill effect and therefore, Dr. Cacho's Privacy Act rights were not violated.   

Decision in Privacy Act Case Goes Against the VA

The U.S. Court of Appeals for the District of Columbia has issued a major Privacy Act decision.  The case entitled McCready v. Nicholson, Civ. No. 01-02219 (Sept. 19, 2006) concerned McCready's attempts to get the Department of Veterans Affairs ("VA") to destroy or amend records concerning an Office of Inspector General ("OIG") report concerning McCready's tenure as head of the VA's Office of Congressional Affairs.  The U.S. District Court for the District of Columbia had granted summary judgment on all counts of McCready's complaint before it.

The first issue before the Court was whether a claim under 5 U.S.C. Section 552a(g)(1)(C) requires a record to be within a system of records.  The VA, of course, argued that to be actionable under the subsection, the record at issue had to be maintained in a system of records.  The Court found that the subsection applied to any record and the record did not have to be within a Privacy Act system of records.  The Court made this finding due to the clear language of the Privacy Act, and invited the VA to ask Congress to amend the Privacy Act if it didn't like this result.  This finding makes it easier for individuals to bring actions under this subsection of the Privacy Act.

The next issue was whether certain records at issue in the case were records under a system of records.  The record at issue was the OIG's report on McCready's tenure.  The VA argued that this was not a record under the system of records because it was not identifiable to McCready.  After a lengthy discussion of whether or not a specific record not identifiable to an individual in a system of records qualified as being considered records in a system of records, the Court found that the discussion was solely academic and did not make an ultimate ruling.  This is because the record at issue was retrievable by the initials of McCready's position, which was a unique personal identifier, and therefore subject to the Privacy Act suit.  The Court then remanded the case for further proceedings before the District Court.

Recovering Damages Under the Privacy Act

I'm often contacted by individuals who have had their Privacy Act rights violated by various agency personnel.  To recover civil damages under the Privacy Act, it must be shown that the "agency acted in a manner which was intentional or willful."  This is a very high standard and is very rarely met in Privacy Act suits.  Until the Privacy Act is amended, the recovery of monetary damages for violations of the Act will continue to be rare.

Department of Labor violates Privacy Act

The Department of Labor has been found to violate the Privacy Act in releasing an administrative court's decision that contained personal medical information.  The District Court for the District of Columbia found that the release was not a routine use.  However, the Court showed how difficult it is to receive mony damages under the Privacy Act as it found that since the release was not willful, the plaintiff was not entitled to monetary damages.  The Labor Department only has to redact the identifying information about the plaintiff from all information released about the administrative decision of his case.