203 F.Supp.3d 48
D.D.C.2016Background
- In April 2005 OFAC designated Richard Chichakli as a Specially Designated National (SDN) under Executive Order 13348, publishing identifying information (including SSN and other identifiers) on its SDN List to effectuate sanctions. OFAC also sent identifying information to financial institutions and the public to enable blocking of assets.
- Chichakli left the U.S. in 2005; criminal indictments followed and he was later extradited and convicted in federal court on multiple counts related to sanctions evasion and fraud.
- Chichakli filed this civil suit under the Privacy Act, alleging OFAC and the State Department unlawfully disclosed his personal records (SSN, DOB, aliases, addresses, driver’s license number, etc.), which led to identity theft and fraudulent accounts; he sought damages and removal of the information.
- Defendants moved to dismiss, arguing the disclosures fell within published routine uses in each agency’s System of Records Notices (SORNs), and that Chichakli failed to plead cognizable actual damages required for Privacy Act recovery.
- The Court treated claims against individual officials as claims against the United States, held that OFAC’s and State’s disclosures were permitted routine uses (consistent with their published SORNs), and found Chichakli failed to plead quantifiable pecuniary damages.
- The Court granted the motion to dismiss, concluding the complaint failed to state a Privacy Act claim and noting injunctive relief was largely moot because Chichakli had been removed from the SDN List.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether FOIA applies | Plaintiff referenced FOIA exemptions as a basis for relief | Defendants: no FOIA request was made and FOIA is inapplicable | FOIA not applicable |
| Whether constitutional claims lie outside the Privacy Act | Chichakli alleged First and Fifth Amendment violations from disclosures | Defendants: constitutional claims are subsumed by the Privacy Act remedial scheme | Court dismissed constitutional claims as encompassed by Privacy Act remedies |
| Whether OFAC/State disclosures violated the Privacy Act (unauthorized disclosure) | Chichakli: publication of SSN, DOB, DL#, etc., was improper and caused identity theft | Defendants: SORNs for OFAC and State identify these records and list routine uses permitting disclosure to public, foreign orgs, and law enforcement | Court held disclosures were permissible routine uses under published SORNs |
| Whether plaintiff pleaded actual (pecuniary) damages attributable to Privacy Act violation | Chichakli alleged identity theft, fraudulent accounts, tax fraud, and potential credit harm but could not quantify losses | Defendants: plaintiff failed to plead special, pecuniary damages as required; sanctions would have limited active U.S. accounts | Court held plaintiff failed to allege concrete, quantifiable actual damages required for recovery |
Key Cases Cited
- Holy Land Found. for Relief & Dev. v. Ashcroft, 333 F.3d 156 (D.C. Cir. 2003) (describing IEEPA authority and scope of sanctions)
- Chichakli v. Szubin, 546 F.3d 315 (5th Cir. 2008) (prior challenge to OFAC designation discussed)
- Kissinger v. Reporters Comm. for Freedom of the Press, 445 U.S. 136 (U.S. 1980) (FOIA remedies and scope)
- In re Crawford, 194 F.3d 954 (9th Cir. 1999) (public disclosure of SSN did not violate constitutional privacy right)
- Chung v. U.S. Dep’t of Justice, 333 F.3d 273 (D.C. Cir. 2003) (constitutional claims encompassed by Privacy Act remedies)
- Martinez v. Bureau of Prisons, 444 F.3d 620 (D.C. Cir. 2006) (Privacy Act claims target agencies, not individual employees)
- FAA v. Cooper, 132 S. Ct. 1441 (U.S. 2012) (definition of "actual damages" under Privacy Act as pecuniary loss)