Gordon v. Softech International, Inc.
726 F.3d 42
2d Cir.2013Background
- In Oct. 2009 Aron Leifer obtained Erik Gordon’s NY license-plate info via Docusearch.com (an Arcanum/Reseller service powered by Softech) and received Gordon’s name and home address after selecting "Insurance Other."
- Leifer used the information to identify and harass Gordon and his family; Gordon later settled his claims against Leifer.
- Gordon sued Arcanum (Docusearch), Softech (gateway/data broker), and principals under the Driver’s Privacy Protection Act (DPPA), alleging improper disclosure and reseller liability; the district court granted summary judgment for both resellers.
- On appeal the Second Circuit affirmed summary judgment for Softech but vacated and remanded as to Arcanum, finding material facts about whether Arcanum reasonably verified Leifer’s asserted insurance purpose.
- The court held (1) resellers are not strictly liable for downstream misuse, but (2) resellers owe a duty to exercise reasonable care before re‑disclosing DPPA-protected motor-vehicle information, and (3) whether that duty was breached is a fact question as to Arcanum but not Softech.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether resellers are strictly liable for downstream misuse of DPPA data | Resellers should be strictly liable for harm caused by downstream recipients (no fault requirement). | DPPA contains no strict‑liability rule; imposing strict liability would frustrate statute and industry. | No strict liability for resellers; statute and history do not support fault‑free liability. |
| Whether Softech’s disclosure to Arcanum violated the DPPA | Softech improperly disclosed because it relied on Arcanum’s stated uses and agreement rather than verifying each end‑use. | Softech disclosed to a licensed private investigative agency under §2721(b)(8) and followed its procedures. | Softech’s disclosure was permitted and summary judgment for Softech affirmed. |
| Whether Arcanum’s disclosure to Leifer was permitted ("Insurance Other") | "Insurance Other" did not necessarily fall within §2721(b)(6); Arcanum failed to verify Leifer’s eligibility to invoke the insurance exception. | The drop‑down and end‑user certifications bound users to permissible purposes; Arcanum relied on those representations. | Material issues of fact exist (whether Leifer qualified for insurance exception, whether collision/claim existed); summary judgment for Arcanum vacated and remanded. |
| Whether resellers owe a duty of reasonable care under the DPPA | Resellers must exercise reasonable care (reasonable inquiry) before re‑disclosing to ensure the recipient’s use is permitted. | DPPA’s civil remedy requires a "knowing" violation; imposing negligence/duty of inquiry alters statutory scheme and unduly burdens resellers. | Resellers owe a duty to exercise reasonable care; actual‑damage liability can attach for unreasonable disclosures. Whether Arcanum breached that duty is for the jury. |
Key Cases Cited
- Reno v. Condon, 528 U.S. 141 (upholding DPPA constitutionality and describing the statute's regulation of state DMVs and private resellers)
- United States v. U.S. Gypsum Co., 438 U.S. 422 (disfavoring imposition of strict liability absent clear congressional intent)
- Dep’t of Revenue of Or. v. ACF Indus., Inc., 510 U.S. 332 (same‑words‑same‑meaning canon of statutory interpretation)
- Pichler v. UNITE, 542 F.3d 380 (3d Cir. 2008) (end user liable for misuse even if it did not know at time its use would be improper)
- Taylor v. Acxiom Corp., 612 F.3d 325 (5th Cir. 2010) (resellers restricted to redisclosures for permitted DPPA uses)
- Graczyk v. W. Publ’g Co., 660 F.3d 275 (7th Cir. 2011) (discussing reseller obligations and DOJ advisory letter)
- Cook v. ACS State & Local Solutions, Inc., 663 F.3d 989 (8th Cir. 2011) (addressing reseller practices and reasonableness under DPPA)
- Roth v. Guzman, 650 F.3d 603 (6th Cir. 2011) (discussing state DMV liability and standards for knowledge and verification)