James Andrews v. Sirius Xm Radio, Inc.
932 F.3d 1253
9th Cir.2019Background
- Andrews bought a used car from a dealership and presented his California driver’s license and completed DMV Form 262; the dealer entered his information into its dealer management system (DMS).
- The dealership (via its DMS vendor AutoManager) and a change-of-address contractor provided Andrews’s name and address to Sirius XM, which sent renewal solicitations and calls.
- Andrews sued Sirius XM under the Driver’s Privacy Protection Act (DPPA), alleging Sirius XM obtained his personal information "from a motor vehicle record." He sought statutory damages and class relief.
- The district court granted summary judgment for Sirius XM, finding the DPPA does not cover a license or forms held by an individual or dealer rather than DMV records; it also denied leave to amend to add a CFAA claim as futile.
- Andrews appealed; the Ninth Circuit affirmed, holding that a driver’s license in the owner’s possession (and the dealer’s Form 262) are not DPPA "motor vehicle records," and that Andrews could not plausibly allege a CFAA "loss" meeting the statute’s $5,000 threshold.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether DPPA §2722 applies when personal info was taken from a driver’s license and dealer form (not obtained from DMV records) | Andrews: DPPA covers personal information derived from a driver’s license or dealer records containing DMV-issued information; liability should attach when info originates from a DMV-issued license | Sirius XM: DPPA limits liability to information obtained from DMV-maintained records; a license in an owner’s hands and dealer forms are not DMV records | Held: DPPA does not apply; a driver’s license in the owner’s possession and Form 262 are not "motor vehicle records" under the DPPA; summary judgment for Sirius XM affirmed |
| Whether leave to amend to add a CFAA claim is proper because defendant accessed dealer DMS and caused plaintiff loss | Andrews: Sirius XM’s access to dealer DMS misappropriated valuable lead data; lost opportunity/profit from sale of that data meets CFAA "loss" threshold | Sirius XM: CFAA "loss" is narrowly defined (costs of response, damage assessment, restoration, or revenue lost from interruption of service) and Andrews pleads no such computable loss | Held: Denial of leave to amend not an abuse of discretion; the alleged lost-sale value does not constitute a CFAA "loss"; amendment would be futile |
Key Cases Cited
- Maracich v. Spears, 570 U.S. 48 (2013) (DPPA enacted to protect against DMV disclosure/resale of driver information)
- Reno v. Condon, 528 U.S. 141 (2000) (DPPA regulates disclosure/resale of state DMV records)
- Davis v. Michigan Dep’t of Treasury, 489 U.S. 803 (1989) (statutory text interpreted in context of overall scheme)
- United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (CFAA is primarily an anti‑hacking statute)
- Creative Computing v. Getloaded.com LLC, 386 F.3d 930 (9th Cir. 2004) (distinguishes recoverable damages under CFAA from what qualifies as a predicate "loss")