====================================================================== [1] Supreme Court Sides With Government on Privacy Act Damages ====================================================================== The Supreme Court has ruled in a 6-3 decision that an individual must prove he has suffered actual harm before he can receive a $1,000 minimum award guaranteed by law when the government wrongfully discloses personal information. The case, Doe v. Chao, arose from the Department of Labor's use of miners' Social Security numbers to identify their black lung claims on official agency documents, some of which were made public. Several miners sued the agency, arguing that they were entitled to $1,000 minimum damages from the government provided under the Privacy Act. The United States District Court for the Western District of Virginia found that only one miner, Buck Doe, was entitled to damages because he had shown that he suffered sufficient emotional distress as a result of the disclosure of his Social Security Number to be awarded damages. The United States Court of Appeals for the Fourth Circuit disagreed, concluding that Doe was not entitled to damages under the Privacy Act because he failed to show that any tangible harm resulted from the disclosure of his Social Security Number. EPIC collaborated with numerous consumer and privacy organizations, legal scholars and technical experts to submit a "friend of the court" brief to the Supreme Court on Doe's behalf, arguing that the Privacy Act provides damages for those who suffer "adverse effects," which does not require actual harm. The brief pointed to the dangers of Social Security Number disclosure, the tradition of providing similar awards under other privacy laws, and the history of the Privacy Act to show that actual harm is not necessary to recover the $1,000 award under the Privacy Act. The Supreme Court concluded, however, that an individual must prove actual damages to receive the $1,000 award from the government. Justice Souter (joined by the Chief Justice and Justices O'Connor, Scalia, Thomas, and Kennedy) found that the most straightforward reading of the Privacy Act supported the conclusion that an individual must prove actual harm to collect minimum damages under the Privacy Act, noting that it is unusual for a law not to require proof of harm suffered before an individual is awarded of damages. In a dissenting opinion, Justice Ginsburg (joined by Justices Stevens and Breyer) argued that the majority's interpretation of the law failed to take into account each word of the section of the Privacy Act that provides for damages. Justice Ginsburg pointed out that the majority's decision is at odds with the Office of Management and Budget's guidelines for interpreting the Privacy Act, which were issued just six months after the law was passed. She asserted that the majority's holding encourages individuals to "arrange or manufacture" actual damages, such as paying a fee to run a credit report, in order to be allowed to recover the minimum $1,000 under the Privacy Act. She also noted that the Privacy Act's language is similar to that of other federal laws that do not require proof of actual harm for an individual to collect the minimum award provided under the law. In a separate dissent, Justice Breyer found "no support in any of the statute's basic purposes for the majority's restrictive reading of the damages provision." Doe v. Chao, Supreme Court Docket No. 02-1377: http://www.supremecourtus.gov/opinions/03pdf/02-1377.pdf EPIC's amicus brief filed in Doe v. Chao: http://www.epic.org/privacy/chao/Doe_amicus.pdf For more information about the case, see EPIC's Doe v. Chao Page: http://www.epic.org/privacy/chao/ _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Thu Feb 26 2004 - 21:32:17 PST