Summary
declining to apply vicarious liability based on the circumstances of the case
Summary of this case from Orduno v. PietrzakOpinion
Civil No. 14-255 ADM/FLN
04-12-2016
Jessica Weitgenant, Plaintiff, v. Janet Kay Patten; Jane Does; Christopher Sorensen; Lincoln, Lyon, and Murray Human Services; Lincoln County; Lyon County; and Murray County, Defendants.
Daniel J. Bellig, Esq., Farrish Johnson Law Office, Chtd., Mankato, MN, on behalf of Plaintiff. John P. Edison, Esq., Rupp, Anderson, Squires & Waldspurger, P.A., Minneapolis, MN, on behalf of Defendants Lincoln County, Lyon County, and Murray County. Jessica E. Schwie, Esq., Jardine Logan & O'Brien, PLLP, Lake Elmo, MN, on behalf of Defendant Christopher Sorensen.
MEMORANDUM OPINION AND ORDER
Daniel J. Bellig, Esq., Farrish Johnson Law Office, Chtd., Mankato, MN, on behalf of Plaintiff. John P. Edison, Esq., Rupp, Anderson, Squires & Waldspurger, P.A., Minneapolis, MN, on behalf of Defendants Lincoln County, Lyon County, and Murray County. Jessica E. Schwie, Esq., Jardine Logan & O'Brien, PLLP, Lake Elmo, MN, on behalf of Defendant Christopher Sorensen.
I. INTRODUCTION
On January 22, 2016, the undersigned United States District Judge heard oral argument on Defendants Lincoln County, Lyon County, and Murray County's (collectively, the "Counties") Motion for Judgment on the Pleadings [Docket No. 74]. Plaintiff Jessica Weitgenant alleges the Counties are liable for violations of the Drivers Privacy Protection Act ("DPPA") and the Minnesota Government Data Practices Act ("MGDPA"). For the reasons discussed below, the Counties' motion is granted.
II. BACKGROUND
In this putative class action, Weitgenant alleges that her motor vehicle records and those of 284 other individuals were unlawfully accessed by Defendant Janet Patten and/or "Jane Doe" Defendants ("Does") using their positions as employees of Lincoln, Lyon, and Murray Human Services ("LLMHS"). Am. Compl. [Docket No. 51] ¶¶ 4-5, 37, 39-42. The motor vehicle records were accessed from the Driver and Vehicle Services ("DVS") division of the Minnesota Department of Public Safety. Id. ¶¶ 36, 39. The accessed records include personal information such as name, date of birth, driver's license number, address, driver's license status, driver's license photo, weight, height, and eye color. Id. ¶ 37.
Weitgenant is a resident of Olmstead County, Minnesota, and a former resident of Nobles County, Minnesota. Id. ¶ 41. She is acquainted with Patten's children. Id. Weitgenant's motor vehicle records were allegedly accessed on April 2, 2010. Id. ¶ 45. She learned of the access in June or July of 2011 when she received a letter from LLMHS stating that someone at LLMHS had accessed her DVS records without authorization. Id. ¶¶ 46-47. The potential class members include all those whose personal information was accessed by Patten or the Does from the DVS database for a purpose other than the administration and management of human services programs. Id. ¶ 51.
Weitgenant contends the unauthorized access of her motor vehicle records resulted from Patten's "snoopy curiosity." Pl.'s Mem. Opp'n J. Pleadings [Docket No. 24] at 1. Weitgenant alleges that Patten and the Does knew as a result of their training that their actions were unlawful, but they disregarded their training and "proceeded to willfully violate [Weitgenant's] and the Class's statutory privacy rights." Am. Compl. ¶ 49.
LLMHS was a multi-county local social services agency that provided services to the Counties as required by Chapter 393 of the Minnesota Statutes. Id. ¶¶ 7, 14. LLMHS dissolved on December 31, 2010, and was replaced on January 1, 2011 with a new joint powers entity called Southwest Health and Human Services ("SWHHS"). Id. ¶¶ 15-16. Defendant Christopher Sorensen was the director of LLMHS and immediately began serving as director of the newly created SWHHS. Id. ¶¶ 6, 25. SWHHS continues to provide social services to the Counties and also serves Pipestone, Rock, and Redwood Counties. Id. ¶¶ 8, 15, 18. Patten and the Does were employees of LLMHS and were not employees of the Counties or SWHHS. Id. ¶¶ 4-5.
Weitgenant filed this potential class action on January 27, 2014 against Patten, the Does, LLMHS, and SWHHS. See generally Compl. [Docket No. 1]. The Counties were not named as defendants. On October 30, 2014, the Court granted judgment on the pleadings to SWHSS after determining that SWHSS is not the successor to LLMHS and thus cannot not be held liable under a theory of successor liability for Patten and the Does' actions. Mem. Op. & Order [Docket No. 33] 8-10. In so holding, the Court stated that "the counties that participated in LLMHS remain functional government units, to which liability may attach for claims that arose during LLMHS's existence." Id. at 9.
The October 30, 2014 Order also denied judgment on the pleadings to Sorensen, who had argued that he was not the "responsible authority" for DVS data. See id. at 9-12. The Court held that Sorensen, as director of LLMHS, appeared to meet the definition of a "responsible authority" under Minn. Stat. § 13.46, subd. 10(a). See id. at 12.
On June 8, 2015, Weitgenant filed the First Amended Class Action Complaint ("Amended Complaint") adding the Counties as defendants in this action. See generally Am. Compl. She alleges the Counties and LLMHS are directly and vicariously liable for Patten and the Does' violations of the DPPA and the MGDPA. Id. ¶¶ 67, 69, 71. She also alleges the Counties, as the principals or individual partnership members of LLMHS, are directly, jointly, or vicariously liable for LLMHS's obligations stemming from Doe and Patten's conduct. Id. ¶ 69.
The Counties argue that the claims asserted against them in the Amended Complaint do not relate back to the date of the original Complaint and are therefore time-barred. However, this issue was thoroughly addressed by Magistrate Judge Franklin L. Noel in an May 14, 2015 Order [Docket No. 50]. The Court agrees with Judge Noel's well-reasoned conclusion that the Amended Complaint relates back to the date of the original Complaint pursuant to Federal Rule of Civil Procedure 15(c)(1).
The Counties move for judgment on the pleadings, arguing that Weitgenant has failed to plausibly allege that LLMHS or the Counties directly violated the DPPA or the MGDPA. The Counties also contend that they and LLMHS are not vicariously liable for the alleged DPPA and MGDPA violations.
III. DISCUSSION
A. Motion for Judgment on the Pleadings Standard
In considering a motion for judgment on the pleadings under Rule 12(c) of the Federal Rules of Civil Procedure, the court views "all facts pleaded by the nonmoving party as true and grant[s] all reasonable inferences in favor of that party." Poehl v. Countrywide Home Loans, Inc., 528 F.3d 1093, 1096 (8th Cir. 2008). Judgment on the pleadings is appropriate "where no material issue of fact remains to be resolved and the movant is entitled to judgment as a matter of law." Faibisch v. Univ. of Minn., 304 F.3d 797, 803 (8th Cir. 2002). This is the same standard used to resolve a motion to dismiss under Rule 12(b)(6). Ashley Cty., Ark. v. Pfizer, Inc., 552 F.3d 659, 665 (8th Cir. 2009).
B. Counties' Argument on Behalf of LLMHS
As a preliminary matter, the parties dispute whether the Counties can properly assert arguments on behalf of LLMHS with respect to LLMHS's liability. Weitgenant argues the Counties cannot assert the argument in LLMHS's stead because: (1) LLMHS has defaulted; and (2) the Counties deny successor liability for any forthcoming default judgment against LLMHS. The Counties respond that their arguments on behalf of LLMHS are proper because Weitgenant's claims against the Counties are based purely on LLMHS's liability, and LLMHS no longer exists and cannot file its own motion. The Counties further argue that LLMHS has not been properly served and is not in default.
On the present record, the Court cannot conclude that LLMHS is in default. Federal Rule of Civil Procedure 4(j)(2) provides that service on a "state, a municipal corporation, or any other state-created governmental organization that is subject to suit" must be made by: "(A) delivering a copy of the summons and of the complaint to its chief executive officer; or (B) serving a copy of each in the manner prescribed by that state's law for serving a summons or like process on such a defendant." Fed. R. Civ. P. 4(j)(2). Weitgenant tried to serve LLMHS in 2014 by attempting to serve Sorensen. See Returned Summons [Docket No. 4]. However, Sorensen was not a representative of LLMHS in 2014. Am. Compl. ¶ 25. Sorensen refused to accept service for LLMHS because it no longer existed. See Returned Summons at 2. The Summons on LLMHS was returned unexecuted. Id. Additionally, there is nothing on record to show that LLMHS was served with the First Amended Class Action Complaint.
Under the factual context here, the Counties' arguments on behalf of LLMHS are permissible. LLMHS is a dissolved entity that is not capable of filing a motion to dismiss on its own behalf, and the Court has previously determined that the Counties are subject to successor liability for any violations by LLMHS. Thus, the Counties may properly argue that they cannot be liable because LLMHS is not liable.
C. Drivers Privacy Protection Act
1. Purpose and Legislative History
The DPPA generally prohibits the disclosure of personal information included in motor vehicle records unless the disclosure is for a permissible purpose under the Act. See 18 U.S.C. § 2721(a)-(b); McDonough v. Anoka Cty., 799 F.3d 931, 938 (8th Cir. 2015). Congress enacted the DPPA as a public safety measure designed to prevent stalking, harassment, and related crimes. Margan v. Niles, 250 F. Supp. 2d 63, 68-69 (N.D.N.Y. 2003). The legislation was prompted by the murder of an actress by a stalker who had obtained her unlisted home address through the California DMV. Id. at 68. In the wake of this crime, Congress sought to prevent state motor vehicle departments from freely providing personal information included in motor vehicle records which would then be used by stalkers, harassers, and other criminals to locate or contact their victims. Id.; see also 139 Cong. Rec. S15745-01, S15764-66, 1993 WL 470986 (1993) (statements of Sens. Robb, Biden, and Harkin) (stating that the DPPA "closes a loophole in the law that permits stalkers to obtain—on demand—private, personal information about their potential victims" and discussing incidents where individuals had been harassed, assaulted, or burglarized by persons who had obtained the individuals' home addresses from motor vehicle records). The DPPA was also "enacted in part to respond to the States' common practice of selling personal information to businesses that used it for marketing and solicitations." Maracich v. Spears, 133 S.Ct. 2191, 2204 (2013).
When drafting the statute, Congress recognized that DVS records were commonly used by government entities to perform government operations. Congress sought to ensure that such entities would "continue to have unfettered access" to motor vehicle information. Kost v. Hunt, 983 F. Supp. 2d 1121, 1133 (D. Minn. 2013) (quoting 103d Cong., 2d Sess., 1994 WL 212698 (1994) (statement of Rep. Moran)). As a sponsor of the Act expressly noted: "Careful consideration was given to the common uses now made of this information and great efforts were made to ensure that those uses were allowed under this bill. Among those who will continue to have unfettered access are federal and state governments and their contractors . . . ." Id. The DPPA was considered to be a "well-balanced proposal that strongly protects privacy, yet accommodates a variety of important interests." 139 Cong. Rec. S15745-01, 1993 WL 470986 (1993) (statement of Sen. Harkin).
2. Liability Under the DPPA
The DPPA allows a civil suit to be brought against any "person who knowingly obtains, discloses, or uses personal information, from a motor vehicle record, for a purpose not permitted under this chapter . . . ." 18 U.S.C. § 2724(a). A "person" who may be sued under this section "means an individual, organization, or entity, but does not include a State or agency thereof." 18 U.S.C. § 2725(2). "[P]ersonal information" means basic identification information including name, photograph, address, social security number, and driver's license number. 18 U.S.C. § 2725(3).
Although a state or a state agency cannot be sued under the DPPA, "[a]ny State department of motor vehicles that has a policy or practice of substantial noncompliance with [the DPPA] shall be subject to a civil penalty imposed by the Attorney General of not more than $5,000 a day for each day of substantial noncompliance." 18 U.S.C. § 2723(b).
The Act lists numerous permitted uses, including "use by any government agency . . . in carrying out its functions." 18 U.S.C. § 2721(b)(1). This exception to the DPPA's general prohibition on the disclosure of personal data is broadly worded and reflects Congress' intent to "leave essentially intact governmental agencies' ability to access and use motor vehicle record data in conducting their operations." Kost, 983 F. Supp. 2d at 1133.
To establish a violation of the DPPA, a plaintiff must show that a defendant (1) knowingly (2) obtained, disclosed or used personal information, (3) from a motor vehicle record, (4) for a purpose not permitted. McDonough, 799 F.3d at 945. Remedies for a DPPA violation include "actual damages, but not less than liquidated damages in the amount of $2,500;" punitive damages for "willful or reckless disregard of the law;" attorneys' fees and litigation costs; and appropriate preliminary and equitable relief. 18 U.S.C. § 2724(b).
a. Direct Liability
The Counties argue that the Amended Complaint fails to plausibly allege that the Counties or LLMHS violated the DPPA because there are no allegations that the Counties or LLMHS themselves "obtained, disclosed, or used" personal information for an impermissible purpose. Rather, the Amended Complaint alleges only that Patten and the Does viewed information in the DVS database and did not disclose the information to anyone else. See Am. Compl. ¶¶ 42-45, 49, 51, 62. Weitgenant disagrees, arguing that "to disclose" means to make information known or available. Pl.'s Mem. Opp'n [Docket No. 79] 6 (citing Random House Webster's Unabridged Dictionary 562 (2d ed. 1998)). Weitgenant contends LLMHS disclosed protected data to its employees by providing access to the DVS database, and that this access was unfettered and therefore impermissible.
Assuming without deciding that providing employees with access to the DVS database constituted a disclosure by LLMHS, Weitgenant has failed to plead that the disclosure was "for a purpose not permitted" under the DPPA. 18 U.S.C. § 2724(a). To violate the DPPA, a defendant itself must have acted with an impermissible purpose; it is not enough that the defendant discloses information to one who subsequently uses it for an impermissible purpose. Jessen v. Blue Earth Cty., No. 14-1065, 2014 WL 5106870, at *3 (D. Minn. Oct. 10, 2014) (holding defendant not liable under DPPA where county provided DVS access to employees for permissible law-enforcement purpose); Shambour v. Carver Cty., No. 14-566, 2014 WL 3908334, at *3 (D. Minn. Aug. 11, 2014) (same); Potocnik v. Carlson, 9 F. Supp. 3d 981, 989 (D. Minn. 2014) ("If the disclosure was made for a permissible purpose, then the person making the disclosure cannot be held liable under the DPPA, irrespective of the purpose of the person who sought the information."); Nelson v. Jesson, No. 13-340, 2013 WL 5888235, at *3 (D. Minn. Nov. 1, 2013) (holding Commissioners did not violate DPPA by disclosing motor vehicle records to employee who subsequently acted with impermissible purpose because Commissioners themselves did not act with such purpose); Gulsvig v. Mille Lacs Cty., No. 13-1309, 2014 WL 1285785, at *5 (D. Minn. March 31, 2014) ("[T]he text of the statute limits liability to those who disclose, use, access, or obtain information themselves for an impermissible purpose, not those who provide access to information that is subsequently used for an impermissible purpose.") (emphasis in original).
Here, the Amended Complaint does not allege that LLMHS "knowingly" gave Patten and the Does access to the DVS Database "for a purpose not permitted" under the DPPA. 18 U.S.C. § 2724(a). Nor does the Amended Complaint allege that Patten and the Does did not require access to the DVS Database to perform their official job duties as LLMHS employees. In the absence of such allegations, the only reasonable inference to be drawn is that LLMHS provided its employees with access to the DVS records for the permitted use of carrying out its government agency functions. See 18 U.S.C. § 2721(b)(1).
Weitgenant attempts to avoid this result by arguing that the mens rea requirement of § 2724(a) requires only that a defendant knowingly disclose personal information, and not that a defendant also know that the information will be used for a purpose not permitted under the Act. Weitgenant thus contends that LLMHS's knowing disclosure of the personal information was sufficient to violate the statute, even if LLMHS did not know that the information would be used for an impermissible purpose. This argument has been rejected by multiple courts as being contrary to the plain reading of § 2724(a) and is rejected here for the same reason. See Kiminski v. Hunt, No. 13-185, 2013 WL 6872425, at *6 (D. Minn. Sept. 20, 2013) ("Under the plain language of the statute, the person who obtains, discloses, or uses the information must do so for an impermissible purpose. If the person discloses the information for a permissible purpose, the plain language of the provision does not make the person liable for a subsequent misuse by the recipient.") (emphasis in original); Roth v. Guzman, 650 F.3d 603, 611 (6th Cir. 2011) (holding that state officials who disclosed personal information for an explicitly permissible purpose were not liable for the recipient's subsequent use of the information for an impermissible purpose); but see Senne v. Vill. of Palatine, Ill., 695 F.3d 597, 603 (7th Cir. 2012) ("Voluntary action, not knowledge of illegality or potential consequences, is sufficient to satisfy the mens rea element of the DPPA.").
Weitgenant also argues that she has sufficiently pled a DPPA violation against LLMHS by alleging that LLMHS provided its employees with DVS access without establishing "appropriate security safeguards, procedures, and other measures to prevent misuse of DVS motor vehicle records." Am. Compl. ¶ 72. However, the DPPA does not clearly impose a duty of care to prevent misuse by a recipient given access to DVS records for a permissible purpose. McDonough, 799 F.3d at 957. Moreover, even if the DPPA could be read to impose some duty of care, Weitgenant has failed to plausibly allege that LLMHS violated this duty because: (1) she does not allege DVS database access was granted to individuals whose job duties did not require access, (2) she admits that Patten and the Does received sufficient training to make them aware that their actions were unlawful but chose to disregard that training, (3) the Amended Complaint does not allege any LLMHS official was aware of and ignored the alleged DPPA violations, and (4) April 2, 2010 is the only instance in which Weitgenant claims someone illegally looked up her DVS information.
Therefore, the Amended Complaint fails to plausibly allege that LLMHS or the Counties directly violated the DPPA.
b. Vicarious Liability
Weitgenant also claims that LLMHS and the Counties are vicariously liable for Patten and the Does' alleged DPPA violations. Weitgenant contends vicarious liability is appropriate under the federal doctrine of apparent authority as well as Minnesota law governing vicarious liability. The Counties argue that vicarious liability for DPPA violations has been rejected in this district and is inconsistent with the intent behind the DPPA's statutory scheme.
The DPPA is silent on the issue of vicarious liability. The parties have cited no court of appeals decisions that address whether a municipality may be vicariously liable for the DPPA violations of its employees. Only a handful of district court decisions discuss the issue. The sole decision in this district to directly consider the issue is Jessen v. Blue Earth County, which holds that vicarious liability does not apply because the plain language of the Act requires that the defendant itself must have acted to be liable under the DPPA. See Jessen, 2014 WL 5106870, at *4 n.4.
At least three district court decisions from other federal jurisdictions, however, have held that the DPPA imposes vicarious liability upon municipalities for the actions of their employees. See Margan v. Niles, 250 F. Supp. 2d 63, 72-76 (N.D.N.Y. 2003); Schierts v. City of Brookfield, 868 F. Supp. 2d 818, 821-22 (E.D. Wis. 2012); Menghi v. Hart, 745 F. Supp. 2d 89, 99 (E.D.N.Y. 2010). Two of those courts relied on the general principle that "when Congress creates a tort action, it legislates against a legal background of ordinary tort-related vicarious liability rules and consequently intends its legislation to incorporate those rules." See Margan, 250 F. Supp. 2d at 74 (quoting Meyer v. Holley, 537 U.S. 280, 285 (2003)); Schierts, 868 F. Supp. 2d at 822 (same). Under this principle, traditional vicarious liability rules will be applied if they are consistent with the federal statute's provisions and Congress' intent. Jones v. Federated Fin'l Reserve Corp., 144 F.3d 961, 965-66 (6th Cir. 1998).
Federal tort-related vicarious liability rules include the doctrine of apparent authority, under which a principal is liable for the torts of its agents when the agents act with apparent authority. Schierts, 868 F. Supp. 2d at 822 (citing Am. Soc'y of Mech. Eng'rs, Inc. v. Hydrolevel Corp., 456 U.S. 556, 565-66 (1982)). Liability is imposed on the principal regardless of whether the agent was acting entirely for its own interests rather than those of its principal. Jones, 144 F.3d at 965. The rationale for imposing vicarious liability on principals who are not at fault is that the agent's position facilitates the wrongdoing. Id. Additionally, the principal will be motivated to adopt policies and procedures to prevent future violations by their agents. Id. at 965-66.
Under Minnesota's tort-related vicarious liability rules, "an employer is vicariously liable for the torts of an employee committed within the course and scope of employment." Fahrendorff v. N. Homes, Inc., 597 N.W.2d 905, 910 (Minn. 1999). The test for whether an employee was acting within the scope of employment differs depending on whether the employee's conduct involves an intentional tort or, alternatively, negligence. Marston v. Minneapolis Clinic of Psychiatry & Neurology, Ltd., 329 N.W.2d 306, 310 (Minn. 1982). Under the intentional tort standard, an employee's conduct is within the scope of employment if the wrongdoing is related to the employee's duties and occurs "within work-related limits of time and place." Lange v. Nat'l Biscuit Co., 211 N.W.2d 783, 786 (Minn. 1973). Under the negligence standard, an employee's acts are not within the scope of employment unless the employee acts, at least in part, in furtherance of the employer's interests. Marston, 329 N.W.2d at 310.
The justification for holding an employer liable for an employee's intentional torts, even where the employee's acts were not motivated to serve the employer's interests, is that the employer "can and should consider this liability as a cost of his business. He may then avoid the cost by insuring against such contingencies, or by adjusting his prices so that his patrons must bear part, if not all, of the burden of insurance." Lange, 211 N.W.2d at 785. Additionally, if the employer is held responsible for the wrongdoing, the employer will "be alert" to prevent it from happening. Id.
Even if vicarious liability were a viable theory of recovery under the DPPA in this district, applying it to the particular circumstances of this case would upset the balance Congress sought to strike between protecting privacy and accommodating the interests of government agencies in carrying out their functions. The Act's legislative history, together with the broad government function exception under § 2721(b)(1), establish that Congress expressly intended to steer clear of any intrusion upon the operations of government agencies that use the information to perform government functions. Imposing liability here, where the violations resulted from willful employee misconduct despite proper training and where the data was not publicly disseminated, would result in imposing strict liability upon a municipal entity required to provide its employees with access to the DVS database to carry out mandated government functions. Nothing in the text of the DPPA supports saddling government entities with strict liability, and the Act's legislative history and exception under § 2721(b)(1) weigh strongly against such a result.
Moreover, this case is distinguishable from other cases that have allowed for vicarious liability under the DPPA because there are no allegations here that private information was disseminated to the public or used for the types of harm the DPPA sought to prevent. The purpose of the Act was to prevent stalking, domestic violence, and similar crimes by discontinuing the DMV's practice of freely disseminating private and personal information to the general public. See Margan, 250 F. Supp. 2d 78 n.4 ("[T]he DPPA was a crime fighting measure; not a general privacy protection measure."). In Margan, a police officer obtained the plaintiffs' addresses from motor vehicle records and gave them to a friend who used them to threaten, harass, and vandalize the victims. See Margan, 250 F. Supp. 2d at 66-67. In Schierts, a police officer acquired the plaintiff's address from the DMV and disclosed it to the plaintiff's former girlfriend. 868 F. Supp. 2d at 819-20. In Menghi, a police officer obtained an arrestee's phone number and made threatening and harassing phone calls to her. 745 F. Supp. 2d at 96. Significantly, Weitgenant makes no allegation that her personal information was disclosed to the public or used to stalk, harass, or otherwise cause harm.
To be sure, a person who obtains drivers' information without a permissible purpose violates the DPPA, regardless of whether that information is subsequently used. McDonough, 799 F.3d at 945. However, to the extent that Patten and the Does directly violated the statute, holding LLMHS vicariously liable for those violations upsets the intended balance of the Act where: (1) LLMHS was required to provide its employees access to DVS records to carry out its government functions, (2) employees received sufficient training about impermissible uses of personal information, (3) personal information was never disclosed to a member of the general public, and (4) personal information was not used for any of the types of danger that Congress sought to prevent by enacting the DPPA.
D. Minnesota Government Data Practices Act
The MGDPA regulates the state's "collection, creation, storage, maintenance, dissemination, and access to government data in government entities." Minn. Stat. § 13.01, subd. 3. The statute applies to government entities and imposes duties on responsible government authorities, including the duty to protect non-public data. Minn. Stat. § 13.01, subd. 1; Minn. Stat. § 13.05, subd. 5.
Weitgenant alleges that Patten and the Does' conduct in accessing her motor vehicle records was knowing and willful and violated the MGDPA, and that LLMHS and the Counties are directly and vicariously liable for those violations. Am. Compl. ¶ 71. Weitgenant also alleges that Sorensen, as the "responsible authority" for LLMHS, "failed to establish appropriate security safeguards, procedures, and other measures to prevent misuse of DVS motor vehicle records, in violation of the MGDPA." Id. ¶ 72. The Counties argue that they are not directly or vicariously liable for the alleged MGDPA violations. The Counties further argue that Weitgenant fails to plausibly allege that she is entitled to damages under the MGDPA.
1. Direct Liability
The Counties argue that the Amended Complaint fails to sufficiently state a claim for a direct violation of the MGDPA by LLMHS and the Counties. The Court agrees. Under Minnesota law, "[d]ata on individuals provided to obtain a driver's license or Minnesota identification card . . . shall be disclosed as required or permitted by [§ 2721 of the DPPA]." Minn. Stat. § 171.12, subd. 7(a). Because LLMHS's alleged disclosure of DVS records to its employees was permitted under § 2721(b)(1) of the DPPA, it was also permitted under the MGDPA. Therefore, Weitgenant has failed to allege a direct violation of the MGDPA by LLMHS and the Counties.
2. Vicarious Liability
Weitgenant also alleges LLMHS and the Counties are vicariously liable for violations of the MGDPA by LLMHS employees Patten, Does, and Sorensen.
a. Patten and Does
The MGDPA does not impose civil liability on individual government employees such as Patten and the Does. See generally Minn. Stat. § 13.08; Walker v. Scott Cty., 518 N.W.2d 76, 78 (Minn. Ct. App. 1994), review denied (Minn. Aug. 24, 1994). Rather, civil actions for MGDPA violations may only be brought against a "responsible authority or government entity." Minn. Stat. § 13.08, subd. 1.
Exceptions to municipal tort liability under Minn. Stat. § 466.03 do not apply to lawsuits under the MGDPA. See Minn. Stat. § 13.08, subd. 1 (allowing suits against a government entity "[n]otwithstanding section 466.03").
No Minnesota Supreme Court decisions address the applicable scope of employment test for holding a government entity liable for its employees' MGDPA violations. However, the Minnesota Court of Appeals has held that an employee's unlawful use of private data under the MGDPA falls outside the scope of employment if the employee "totally deviates from his employment for reasons that are entirely personal." Walker, 518 N.W.2d at 78. An employer will not be liable for an employee's impermissible use of private data if the data was not used for purposes related to the employment and if the employer did not benefit from the employee's actions. Id. at 78-79. Here, Weitgenant contends Patten accessed her motor vehicle records out of personal curiosity, knowingly disregarding her training. There are no allegations that LLMHS benefitted from Patten and the Does' allegedly illegal accesses. Therefore, LLMHS is not vicariously liable for Patten and the Doe's allegedly unlawful accesses.
Weitgenant argues that the scope of employment test applied in Walker should not be followed because Walker has no binding effect on this Court and was wrongly decided. "Although federal courts are not bound to follow the decisions of intermediate state courts when interpreting state law, state appellate court decisions are highly persuasive and should be followed when they are the best evidence of state law." Baxter Int'l, Inc. v. Morris, 976 F.2d 1189, 1196 (8th Cir. 1992). In the absence of Minnesota Supreme Court cases analyzing vicarious liability under the MGDPA, Walker is the best source of Minnesota law on this issue.
Moreover, the Court is not convinced that the state's highest court would apply a different scope of employment test for determining whether a municipality should be vicariously liable for its employee's MGDPA claims. The general policy of the Minnesota Supreme Court regarding vicarious liability is to "not impose such liability unless there is some connection between the tort and the business such that the employer in essence assumed the risk when it chose to engage in the business." Hagen v. Burmeister & Assoc., 633 N.W.2d 497, 504 (Minn. 2001). Here, it is questionable whether the assumption of risk rationale underlying the general policy would apply to a municipal entity that has no choice but to provide required services for the state under Chapter 393 of the Minnesota Statutes.
b. Sorensen
To the extent that the Amended Complaint alleges that LLMHS and the Counties are vicariously liable for Sorensen's alleged MGDPA violation, this claim fails because the Amended Complaint does not plausibly allege that Sorensen violated the statute. Weitgenant alleges Sorensen (the "responsible authority" for LLMHS) violated the MGDPA by "fail[ing] to establish appropriate security safeguards, procedures, and other measures to prevent misuse of DVS motor vehicle records, in violation of the MGDPA." Am. Compl. ¶ 72. However, this allegation directly contradicts Weitgenant's admission in the Amended Complaint that Patten and the Does received appropriate training but ignored this training and proceeded to willfully violate the law. See Am. Compl. ¶ 49 ("Based on their training, Defendant Patten and/or Defendant Does knew that their actions . . . were unlawful but they proceeded to willfully violate Plaintiff's and the Class's statutory privacy rights."). The Amended Complaint does not allege that Sorensen or other LLMHS or County officials knew of the alleged illegal behavior and failed to respond appropriately.
Moreover, at the time of the events giving rise to this litigation, the MGDPA did not expressly require a responsible authority to establish "procedures for ensuring that data that are not public are only accessible to persons whose work assignment reasonably requires access to the data, and is only being accessed by those persons for purposes described in the procedure." Minn. Stat. § 13.05, subd. 5(a)(2). This heightened standard for responsible authorities was added to the MGDPA on August 1, 2014, years after the events at issue here.
Because the Amended Complaint fails to plausibly allege an MGDPA violation by Sorensen, LLMHS and the Counties cannot be held vicariously liable for such a violation.
3. Damages
Weitgenant's MGDPA claim also fails for the additional reason that she has not plausibly alleged that she or any potential class member suffered damages as a result of the alleged MGDPA violations. "In order to prevail on a claim under the MGDPA, the plaintiff must prove not only a violation of the statute, but that the plaintiff has sustained damage, and the damage was a direct result of the unlawful disclosure." Anderson v. Indep. Sch. Dist., 357 F.3d 806, 810-11 (8th Cir. 2004) (emphasis added). A plaintiff who does not allege damages fails to state a claim under the MGDPA. Johnson v. Carroll, 658 F.3d 819, 828 (8th Cir. 2011).
The allegations related to damages in the Amended Complaint are conclusory and merely recite the statutory language of the MGDPA. See Am. Compl. ¶ 73 ("Plaintiff and the Class suffered 'any damage' within the meaning of Minn. Stat. § 13.08, subd. 1 . . . in an amount to be determined by a jury."). There are no factual allegations that Weitgenant or any of the proposed class members suffered reputational harm, emotional distress, economic harm, or any other harm. Weitgenant does not allege that Patten or the Does disclosed information to anyone outside LLMHS, and her motor vehicle information was allegedly accessed only one time. Am. Compl. ¶ 45. Indeed, Weitgenant did not even know about the allegedly illegal access of her motor vehicle information until she received a letter notifying her of the access over a year later.
Weitgenant argues that she has sufficiently pled emotional distress damages which can include a loss of trust in government. However, the Minnesota Supreme Court has "been careful to limit the availability of such damages to those plaintiffs who prove that emotional injury occurred under circumstances tending to guarantee its genuineness." Navarre v. S. Washington Cty. Schools, 652 N.W.2d 9, 30 (Minn. 2002) (quoting Lickteig v. Alderson, Ondov, Leonard & Sween, P.A., 556 N.W.2d 557, 560 (Minn. 1996) (internal quotations omitted). The circumstances alleged here—a single viewing of Weitgenant's driver license information with no further disclosure or other action—do not constitute circumstances tending to guarantee the genuineness of the alleged emotional distress. Therefore, Weitgenant has failed to plausibly allege the damages element of her MGDPA claim.
IV. CONCLUSION
Based upon all the files, records, and proceedings herein, IT IS HEREBY ORDERED that:
1. Defendants Lincoln County, Lyon County, and Murray County's Motion for Judgment on the Pleadings [Docket No. 74] is GRANTED. The claims against Defendants Lincoln, Lyon, and Murray Human Services; Lincoln County; Lyon County; and Murray County are DISMISSED with prejudice; and
2. Defendants Lincoln, Lyon, and Murray Human Services; Lincoln County; Lyon County; and Murray County are dismissed as Defendants in this action.
BY THE COURT:
s/Ann D. Montgomery
ANN D. MONTGOMERY
U.S. DISTRICT JUDGE Dated: April 12, 2016.