9 F. Supp. 3d 1046
D. Minnesota2014Background
- Plaintiff (Brook Mallak), a Minnesota attorney, learned in March 2013 from a DVS audit that her DMV record had been accessed ~190 times from 2003–2012 by various Minnesota city and county actors. She alleges searches were by name, not license number, and she had no criminal conduct justifying the lookups.
- Plaintiff sued multiple counties, cities, DPS Commissioners (in their individual capacities), and unnamed actors asserting: (1) violations of the Drivers Privacy Protection Act (DPPA); (2) § 1983 claims (statutory and constitutional); and (3) Minnesota intrusion-upon-seclusion (invasion of privacy).
- Defendants moved to dismiss (and some for summary judgment) arguing statute-of-limitations problems, failure to plead DPPA elements (including “obtained” and “impermissible purpose”), lack of § 1983 remedy for DPPA violations, qualified immunity, and failure to state an intrusion claim.
- The court held the four-year federal limitations period applies and adopted the standard accrual rule (claims accrue at time of impermissible access), dismissing DPPA claims for accesses before August 5, 2009, as time-barred.
- The court denied dismissal of post-August 2009 DPPA claims against several city and county defendants, finding Mallak’s allegations (frequency, searches by name, odd hours, lack of criminality, and audit detail) plausibly support an impermissible-purpose inference and thus survive Rule 12(b)(6).
- The court dismissed all § 1983 claims (statutory and constitutional), invasion-of-privacy claims, and DPPA claims against the DPS Commissioners and certain municipalities for failure to plead required elements or a protected privacy interest; limited discovery to permissibility of the remaining accesses and ordered settlement talks.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Statute of limitations for DPPA claims | DPPA claims accrue at discovery; clock began March 2013 | Standard accrual: claim accrues when access occurred | Standard accrual applies; claims for accesses before Aug 5, 2009 dismissed |
| What constitutes “obtaining” under the DPPA | Viewing/accessing DMV data suffices as obtaining | “Obtain” requires more than passive viewing or transient access | Viewing can constitute obtaining (information can be possessed/memorized); fact-specific inquiry required |
| Element: access “for a purpose not permitted” under DPPA | Multiple suspicious facts (name searches, hours, audit volume, plaintiff’s prominence) make impermissible purpose plausible | Mere access/volume insufficient; many searches are for permitted law‑enforcement purposes | Plaintiff pleaded enough facts cumulatively to plausibly infer impermissible purpose for post‑2009 accesses; those claims survive pleading stage |
| Availability of § 1983 remedy for DPPA violations | DPPA creates enforceable rights that can be vindicated under § 1983 | DPPA’s comprehensive remedial scheme displaces § 1983 for DPPA-based claims | § 1983 claims based on DPPA are precluded; § 1983 constitutional privacy claims dismissed for failure to plead a cognizable privacy interest |
Key Cases Cited
- Bell Atl. Corp. v. Twombly, 550 U.S. 544 (pleading must state a plausible claim)
- Ashcroft v. Iqbal, 556 U.S. 662 (no acceptance of conclusory legal statements at pleading)
- Maracich v. Spears, 133 S. Ct. 2191 (DPPA framework and permissible-purpose focus)
- Gabelli v. S.E.C., 133 S. Ct. 1216 (meaning of "accrue" and accrual rule discussion)
- Cook v. ACS State & Local Solutions, 663 F.3d 989 (focus of DPPA claim is on eventual use/permitted purpose)
- Saucier v. Katz, 533 U.S. 194 (qualified immunity two-step and clearly established rights analysis)
- Reno v. Condon, 528 U.S. 141 (constitutionality of DPPA and limits on state‑immunity for private suits)