Damages under the Privacy Act: sovereign immunity and a call for legislative reform.

AuthorKardon, Alex

INTRODUCTION I. THE NARROW CONSTRUCTION CANON: HISTORY, CRITIQUE, AND RECENT USE II. STATUTORY CONSTRUCTION AND STARE DECISIS III. THE PRIVACY ACT CONTEXT A. The District Court Decision in Cooper B. The Ninth Circuit Decision in Cooper C. The Reasonableness of Both Cooper Decisions D. Pre-Cooper Decisions and Residual Ambiguity 1. Actual Damages and the Text 2. Beyond the Damages Provision Text a. Deterrence, Compensation, and Citizen Enforcement b. Limited Government Liability c. Broad Protection from Dignitary Harms d. Shared Purpose with Privacy Torts e. Vindication of the Constitutional Right to Privacy f. Additional Explicit Legislative History g. Inferences from Legislative History: Punitive Damages and Theories of Compromise h. Legislative History and the Privacy Protection Study Commission 3. Analogies to Other Statutes 4. Recap: Actual Damages Under the Standard Modes of Interpretation IV. DOE V. CHAO A. Combining the Chao Holding with a Narrow Reading of Actual Damages B. The Chao Methodology and Its Possible Implications 1. Justice Souter on the Text 2. Justice Ginsburg on the Text 3. Possible Implications of Chao for Interpreting Actual Damages CONCLUSION: A CALL FOR LEGISLATIVE REFORM INTRODUCTION

In 1974, in the wake of Watergate, Congress passed the Privacy Act (the Act). (1) Broadly, the purpose of the Act is to regulate the treatment of personal information by the federal government. While the Act places certain requirements on the government, (2) it also enables individuals to take affirmative steps to ensure that their information is being protected. (3) Specifically, individuals may generally access personal records stored by the government, (4) request that the government correct errors in personal records, (5) request review of government refusals to correct alleged errors, (6) and bring civil lawsuits for any failures by the government to comply with the Act that result in an individual adverse effect. (7)

While the general distrust of the federal government in the aftermath of Watergate created a political climate ripe for passing the Act, (8) concerns about the federal government's increasing use of computers to collect, store, manipulate, and distribute personal information also played a role in Congress approving the Act. (9) The Act received strong bipartisan support (10) and passed with unusual speed because of time pressure created by the stormy political climate. (11) Considering the politics of urgency surrounding the Act when it was passed, it is perhaps no surprise that the Act is both supported by limited legislative history (12) and commonly targeted by critics, (13) a situation bound to produce work for the courts.

Among the provisions of the Act that have generated significant litigation, perhaps the most important for the Act's efficacy is the provision explaining the damages available to an adversely affected individual who brings suit against the federal government for mistreatment of personal information or other failures to comply with the Act. (14) This damages provision reads:

In any suit brought under the provisions of subsection g(1)(C) or (D) of this section in which the court determines that the agency acted in a manner which was intentional or willful, the United States shall be liable to the individual in an amount equal to the sum of--(A) actual damages sustained by the individual as a result of the refusal or failure, but in no case shall a person entitled to recovery receive less than the sum of $1,000; and (B) the costs of the action together with reasonable attorney fees as determined by the court. (15) One ongoing debate about the damages provision is whether "actual damages" is limited to "pecuniary," "out-of-pocket" losses, or whether a more expansive definition of "actual damages" is appropriate. (16) This question has been brought to court repeatedly since at least 1982, (17) and the circuits remain split. (18) The Supreme Court acknowledged this split while deciding another case involving interpretation of the Privacy Act damages provision, but declined to offer the circuits any guidance because the issue of defining actual damages was not properly before the Court. (19)

The question of how to define actual damages may seem like a minor point, but it has real importance for the remedial efficacy of the Act. Privacy Act violations often cause nonpecuniary harms, like fear and anxiety, without resulting in any out-of-pocket losses. (20) Identity theft, a possible result of many Privacy Act violations, results in no pecuniary loss in most cases, even in cases where victims must deal with hours of frustration and endless worries before the wrong done by the government can be righted. (21) Similarly, reputational harm--often permanent and wide-reaching in today's computerized world (22)--is a predictable result of Privacy Act violations and can be difficult to translate into pecuniary loss. If actual damages are limited to only pecuniary losses, many individuals who are significantly harmed by Privacy Act violations may receive no compensation from the government. According to one commentator, a sufficiently narrow interpretation of actual damages could render the entire Act "[t]oothless." (23) According to Daniel Solove, a narrow reading of actual damages would "mak[e] a total mockery of the Privacy Act." (24) Unless our trust in the government has changed so much since Watergate that there is no longer any concern about how the government treats personal information, the definition of actual damages really matters.

The question returned to court most recently in August 2008, when the District Court for the District of Northern California decided Cooper v. Federal Aviation Administration. (25) This Article is not about the Cooper case, but the case will be used as a lens for considering the general issue of how to interpret the "actual damages" language of the Act. The facts in Cooper are compelling. (26)

The plaintiff, Stanmore Cawthon Cooper, was a recreational pilot (27) who first obtained his pilot's license in 1964. (28) In order to fly legally, most pilots must have a valid "airman medical certificate" in addition to a pilot certificate, (29) and obtaining such a medical certificate requires the completion of an application to be filed with the Federal Aviation Administration (FAA). (30) Airman medical certificates must be renewed periodically, with an individual's renewal period depending on various factors. (31)

Cooper regularly renewed his medical certificate until about 1981, when he began to fear he was HIV-positive and no longer wanted to share his medical information. (32) His fears were confirmed in 1985 when he was diagnosed as HIV-positive, (33) and he did not again apply to renew his medical certificate until 1998. (34) In the interim, due to worsening HIV symptoms, he began collecting Social Security disability benefits in 1996. (35) When his symptoms eased in 1998, Cooper stopped collecting disabil- ity benefits. (36) On his application for a renewed medical certificate from the FAA in 1998, his first such application since 1985, Cooper failed to disclose his HIV status or the medication he was taking on account of the infection. (37) Similarly, he failed to disclose any of this information on his subsequent applications in 2000, 2002, and 2004. (38)

In 2002, the Department of Transportation (DOT) and Social Security Administration (SSA) began considering a joint investigation, know as Operation Safe Pilot, which would involve the interagency sharing of information (between DOT and SSA, and eventually the FAA as well) to prevent various types of fraud against the agencies. (39) Among the frauds targeted by the proposed investigation was one that described Cooper's situation: "Pilots that are claiming a debilitating condition with the SSA and claim good health to obtain a FAA medical certificate." (40)

Operation Safe Pilot was eventually implemented as a regional investigation in Northern California, (41) and the information sharing eventually implicated Cooper. (42) Cooper's pilot certificate was revoked, and he was indicted, eventually pleading guilty to a misdemeanor, "making and delivering a false official writing." (43)

Cooper brought a suit in the Northern District of California, claiming that the interagency sharing of his personal information violated [section] 552a(b) of the Privacy Act, (44) which requires written consent from an individual before an agency may share his records with another person or agency, with some exceptions, most notably the "routine use" exception. (45) The only damages that Cooper tried to demonstrate were emotional damages, largely resulting from the public disclosure of his HIV-positive status by the press after his indictment. (46) He offered no evidence of any pecuniary damages. (47)

In Cooper, the district court held that actual damages are limited to pecuniary harms. (48) Given the circuit split, this result was not overwhelmingly surprising. The district court's rationale for its decision, however, was surprising. While most courts attempting to define actual damages under the Act have treated the inquiry like a routine question of statutory interpretation, the district court found it dispositive that the damages provision of the Act is, at least to some extent, a waiver of federal sovereign immunity. Citing the long-debated canon of statutory construction that says federal waivers of sovereign immunity must be narrowly construed in favor of the government, (49) the district court held that, because the text of the damages clause is ambiguous, (50) a ruling in favor of the government was compelled. (51) In so holding, the court asserted that the narrow construction canon precludes any recourse to legislative history even when the text is ambiguous. (52) The court looked at the statutory language, decided it was ambiguous, and thus ruled for the government. The issue of defining...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT