McDonough v. Anoka Cnty., No. 14-1754 (8th Cir. 2015)
Annotate this CaseTo obtain a driver’s license or motor vehicle registration from a state motor vehicle department (DMV), individuals must disclose personal information. The 1994 Driver’s Privacy Protection Act (DPPA), 18 U.S.C. 2721-2725, prohibits disclosure of personal information, “that identifies an individual, including an individual’s photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability information,” except for use by a government agency, in carrying out its functions; by a private person acting on behalf of a government agency in carrying out its functions; in connection with any civil, criminal, administrative, or arbitral proceeding; or for investigation in anticipation of litigation. DPPA establishes penalties for improper use. Drivers alleged that the Minnesota Department of Public Safety databases were accessible to law enforcement officers, government agents, and other individuals through an internet portal, and that the information was being accessed for improper purposes. Drivers requested audits detailing past accesses of their motor vehicle records. Audits showed that each Driver’s’ personal information had been accessed hundreds of times, primarily through police departments, sheriff’s offices, or other agencies. District courts dismissed Drivers’ suits. The Eighth Circuit affirmed in part, noting that several claims were untimely, but reversed in part, finding that certain claims alleged patterns of access sufficient to establish improper purpose.
Court Description: Wollman, Author, with Beam and Colloton, Circuit Judges. Civil Cases - Driver's Privacy Protection Act. Driver's Privacy Protection Act prohibits state motor vehicle departments from disclosing personal information in a motor vehicle record except for uses explicitly enumerated in the statute. District court dismissed complaint alleging that named entities and individuals violated the Act by accessing or disclosing personal information. Based on policy considerations and the text and structure of 28 U.S.C. sec. 1658(a), the statute of limitations for violations of the Driver's Privacy Protection Act began to run when the violations occurred, not when they were discovered. The district court's dismissal of claims that occurred more than four years prior to the filing of the complaint are affirmed. Under the Act, obtaining the information includes accessing and observing the data; the data, once obtained for a purpose not permitted, need not be actually used for an improper purpose to violate the Act. The number of accesses alone do not create an inference of impermissible purpose. Upon review of plaintiff's complaint against each defendant, Bass asserted sufficient accesses by 31 of the 69 agencies to state a facially plausible claim for relief and dismissal as to those agencies is reversed; dismissal of the other 38 agencies is affirmed. McDonough stated facially plausible claims by seven local entities and their dismissal is reversed; the dismissal of that claims against the remaining eight agencies are affirmed. Similarly, the dismissal of Mitchell's claims against four law enforcement agencies are reversed. The dismissal of Potocnik's claims are affirmed. The dismissal of claims against the Commissioners is affirmed.
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.