The Nature of Privacy Harms: Financial and Physical Harm vs. Emotional and Mental Harm

You may also like...

6 Responses

  1. “In a decision I find wrongheaded–both as a matter of statutory interpretation as well as normative policy…”

    Why should we be looking to the Supreme Court for “normative policy”? When did that become part of the job descripton?

    Obviously the normative policy of the Labor Department was not to give away $1,000 just because they screwed up on a Privacy matter. The courts, in this instance, agreed with that policy.

    And this is apparently a bi-partisan policy. The case originated as a result of the Clinton administration’s DOL screwup. And it was that DOL that fought the original suit by Doe and his co-plaintiffs. Absent legislative language (not history – the Great One was correct to opt out of that part of the decision), the decision squares with what Congress wrote.

    And if you really believe that this:

    “Agencies could violate the Privacy Act, improperly sharing and disseminating information, and in a large number of cases, then be able to argue that there’s no harm.”

    …is a real fear then I’m sure you’re with me in rooting on Scott Brown in Massachusetts as a potential way to stop the so-called Heath Care bills being considered. Think of the privacy nightmare such legislation could encourage.

  2. Daniel Solove says:

    Maryland Conservatarian,

    Note that the Privacy Act damages provision applies only to willful violations of the Act. This requirement was put in the act to ensure mere “screwups” would not suffice for damages. Negligence won’t be sufficient. Accordingly, your argument that Doe v. Chao was to ensure agencies wouldn’t be socked with damages for mere screwups is not really valid since the damages provision at issue already doesn’t apply to mere screwups.

  3. okay – I read “willfull’ or “intentional” to include screwups, as in “I screwed up – I made a bad decision” – the decision was intentional – i.e. the decision to include the SS #s, although I’m sure it wasn’t malicious or ill-intended.

    And I don’t think Doe v. Chao really stands for anything more than the agency reading of the law is a correct one – note, not the only correct one, but a correct one. Had Clinton’s DOL agreed with Plaintiffs that it should get a $1,000, I doubt the District Court would have overruled both parties. I further believe, although I’m not positive, that if the Obama administration thought this reading of the law was unfair or wrong it could expand the Feds reading and give Cooper a $1,000 or even $10,000…and then, of course, blame it on Bush.

  4. Daniel Solove says:

    Maryland Conservatarian,

    For the definition of “intentional” or “willful” under the Privacy Act, I’m relying on Andrews v. Veterans Administration, 838 F.2d 418 (10th Cir. 1988):

    [T]he term “willful or intentional” clearly requires conduct amounting to more than gross negligence. We are persuaded by the District of Columbia Circuit’s definitions of willful or intentional that contemplate action “so ‘patently egregious and unlawful’ that anyone undertaking the conduct should have known it ‘unlawful,’” or conduct committed “without grounds for believing it to be lawful” or action “flagrantly disregarding others’ rights under the Act,” and we adopt those definitions, and add the view . . . that the conduct must amount to, at the very least, reckless behavior. Those, and similar definitions, describe conduct more extreme than gross negligence.

    If there is caselaw supporting an alternative less restrictive approach to “intentional or willful” under the Privacy Act, I’d be very pleased to learn about it.

  5. According to Justice Ginsburg’s dissent, she took note of the Magistrate Judge’s finding (FN 5):

    “The undisputed evidence shows that the Department took little, if any, action to see that it complied with the Privacy Act… . Several of the Administrative Law Judges responsible for sending out the multi-captioned hearing notices testified that they had received no training on the Privacy Act.”).”

    …is that “patently unlawful and egregious”? I’m not going to argue if you so think but dislaying a lax attitude toward monitoring compliance…eh. I’m certainly no Privacy Act maven but my instinct remains: they screwed up.

  6. Stan Cooper says:

    Significant evidence that the Privacy Act violations were willful and intentional in this case was obtained as a result of the District Court’s order compelling production of further discovery by the defendants (over the defendants’ strenuous objections).

    This was no unintentional screw-up.