Russell v. ChoicePoint Services, Inc., 300 F. Supp. 2d 450 (E.D. La. 2004)

*451 Dawn Adams Wheelahan, Dawn Adams Wheelahan, Attorney at Law, New Orleans, LA, for Plaintiffs.

Daniel Lund, Nathan T. Gisclair, Jr., Montgomery, Barnett, Brown, Read, Hammond & Mintz, New Orleans, LA, Kumiki Gibson, Raymond W. Bergan, Laurie S. Fulton, Williams & Connolly, Washington, DC, for Defendants.

DUVAL, District Judge.

Before this Court is a Rule 12(b) (6) Motion to Dismiss (Rec.Doc. No. 5) filed by defendant Choicepoint Services, Inc., After reviewing the pleadings, memoranda, and relevant law, and after hearing oral argument, the Court GRANTS IN PART and DENIES IN PART the motion. Additionally, the Court recognizes from a related motion filed by defendant Reed Elsevier, Inc. that standing may be an issue in this matter, however the Court will defer addressing this issue until its ruling in the Reed Elsevier, Inc. matter is rendered.

Plaintiff Betty D. Russell brought the instant suit against defendant ChoicePoint Services, Inc. ("ChoicePoint") on July 16, 2003, claiming that defendant violated the Driver's Privacy Protection Act ("DPPA" or the "Act"), 18 U.S.C. § 2721, et seq. The Complaint alleges that defendant illegally obtained plaintiff's and other proposed class members' highly personal information from the Louisiana Department of Motor Vehicles ("DMV") for the impermissible purpose of disclosure and distribution by resale to ChoicePoint customers. Plaintiff further alleges that defendant disclosed and distributed said information without any purpose permissible under the DPPA. The DMV and ChoicePoint disclosed said information without the consent of plaintiff or other proposed class members. Plaintiff claims to have sustained injury as contemplated by the DPPA as a result of defendant obtaining *452 and disclosing said information and seeks relief and damages under 18 U.S.C. § 2721, et seq.

To determine whether a motion to dismiss has merit, Jefferson v. Lead Ind. Ass'n. Inc., 106 F.3d 1245, 1250 (5th Cir. 1997) instructs that "[t]he standard to be applied to a motion to dismiss under Federal Rule 12(b) (6) is a familiar one." The district court must take the factual allegations of the complaint as true and resolve any ambiguities or doubts regarding the sufficiency of the claim in favor of the plaintiff. Fernandez-Montes v. Allied Pilots Ass'n., 987 F.2d 278, 284 (5th Cir.1993). The complaint should not be dismissed for failure to state a claim unless it appears beyond doubt that the plaintiff cannot prove any set of facts in support of her claim that would entitle her to relief. Fernandez-Montes, 987 F.2d at 284, 285; Leffall v. Dallas Independent School District, 28 F.3d 521, 524 (5th Cir.1994). However, conclusory allegations or legal conclusions masquerading as factual conclusions will not suffice to prevent a motion to dismiss. Fernandez-Montes, 987 F.2d at 284; Tuchman v. DSC Communications Corp., 14 F.3d 1061, 1067 (5th Cir.1994).

State DMVs obtain personal information by requiring drivers and automobile owners to provide an address, telephone number, vehicle description, Social Security number, medical information, and photograph as a condition of obtaining a driver's license or registering an automobile. Reno v. Condon, 528 U.S. 141, 143, 120 S. Ct. 666, 668, 145 L. Ed. 2d 587 (2000). Largely in response to mounting public safety concerns over stalkers' and other criminals' access to the personal information maintained in state DMV records, Congress enacted the Driver's Privacy Protection Act of 1994, 18 U.S.C. § 2721-2725, to regulate the disclosure of such information. See 139 Cong. Rec. H1785-01 (1992); 139 Cong. Rec. E2742-02 (1993). The DPPA's regulatory scheme restricts the States' ability to disclose a driver's personal information without the driver's consent. Reno, 528 U.S. at 144, 120 S. Ct. 666.

The DPPA generally prohibits a state DMV, its agent, or its contractor from "knowingly disclos[ing] or otherwise mak[ing] available to any person or entity personal information about any individual obtained by the department in connection with a motor vehicle record." 18 U.S.C. § 2721(a). The Act states further that "[it] shall be unlawful for any person knowingly to obtain or disclose personal information, from a motor vehicle record, for any use not permitted under section 2721(b) of this title." 18 U.S.C. § 2722(a). The DPPA defines "personal information" as "information that identifies an individual, including an individual's photograph, social security number, driver identification number, name address (but not the 5-digit zip code), telephone number, and medical or disability information, but does not include information on vehicular accidents, driving violations, and driver's status." 18 U.S.C. § 2725(3). "[M]otor vehicle record" is defined as "any record that pertains to a motor vehicle operator's permit, motor vehicle title, motor vehicle registration, or identification card issued by a department of motor vehicles." 18 U.S.C. § 2725(1).

The DPPA's ban on obtainment and disclosure of personal information is subject to a number of statutory exceptions. Reno, 528 U.S. at 145, 120 S. Ct. 666. Personal information disclosure is permitted for mandated for a number of authorized *453 purposes. "Permissible uses" of personal information are listed in 18 U.S.C. § 2721(b):

Permissible uses. Personal information referred to in subsection (a) shall be disclosed for use in connection with matters of motor vehicle or driver safety and theft, motor vehicle emissions, motor vehicle product alterations, recalls, or advisories, performance monitoring of motor vehicles and dealers by motor vehicle manufacturers, and removal of non-owner records from the original owner records of motor vehicle manufacturers to carry out the purposes of titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure Act (15 U.S.C. 1231 et seq.), the Clean Air Act (42 U.S.C. 7401 et seq.), and chapters 301, 305, and 321-331 of title 49, and, subject to subsection (a) (2), may be disclosed as follows:

(1) For use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions.

(2) For use in connection with matters of motor vehicle or driver safety and theft; motor vehicle emissions; motor vehicle product alterations, recalls, or advisories; performance monitoring of motor vehicles, motor vehicle parts and dealers; motor vehicle market research activities, including survey research; and removal of non-owner records from the original owner records of motor vehicle manufacturers.

(3) For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only

(A) to verify the accuracy of personal information submitted by the individual to the business or its agents, employees, or contractors; and

(B) if such information as so submitted is not correct or is no longer correct, to obtain the correct information, but only for the purposes of preventing fraud by, pursuing legal remedies against, or recovering on a debt or security interest against, the individual.

(4) For use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a Federal, State, or local court.

(5) For use in research activities, and for use in producing statistical reports, so long as the personal information is not published, redisclosed, or used to contact individuals.

(6) For use by any insurer or insurance support organization, or by a self-insured entity, or its agents, employees, or contractors, in connection with claims investigation activities, antifraud activities, rating or underwriting.

(7) For use in providing notice to the owners of towed or impounded vehicles.

(8) For use by any licensed private investigative agency or licensed security service for any purpose permitted under this subsection.

(9) For use by an employer or its agent or insurer to obtain or verify information relating to a holder of a commercial driver's license that is required under chapter 313 of title 49.

(10) For use in connection with the operation of private toll transportation facilities.

(11) For any other use in response to requests for individual motor vehicle records if the State has obtained the *454 express consent of the person to whom such personal information pertains.

(12) For bulk distribution for surveys, marketing or solicitations if the State has obtained the express consent of the person to whom such personal information pertains.

(13) For use by any requester, if the requester demonstrates it has obtained the written consent of the individual to whom the information pertains.

(14) For any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety.

18 U.S.C. § 2721(b)

In addition to state DMV actions, the provisions of the DPPA apply to the further disclosure of drivers' personal information by private citizens who have obtained that information from a DMV. Reno, 528 U.S. at 146, 120 S. Ct. 666. 18 U.S.C. § 2721(c) provides for the resale and redisclosure of personal information obtained by "authorized recipients":

Resale or redisclosure. An authorized recipient of personal information (except a recipient under subsection (b) (11) or (12)) may resell or redisclose the information only for a use permitted under subsection (b) (but not for uses under subsection (b) (11) or (12)). An authorized recipient under subsection (b) (11) may resell or redisclose personal information for any purpose. An authorized recipient under subsection (b) (12) may resell or redisclose personal information pursuant to subsection (b) (12). Any authorized recipient (except a recipient under subsection (b) (11)) that resells or rediscloses personal information covered by this chapter must keep for a period of 5 years records identifying each person or entity that receives information and the permitted purpose for which the information will be used and must make such records available to the motor vehicle department upon request.

18 U.S.C. § 2721(c). The DPPA does not define "authorized recipient."

The DPPA establishes criminal and civil penalties to be imposed on those who fail to comply with its provisions. Reno, 528 U.S. at 146, 120 S. Ct. 666. Violators are subject to a criminal fine. 18 U.S.C. §§ 2723(a), 2725(2). Also, private persons who knowingly obtain, disclose, or use personal information from a DMV for a purpose not permitted under the DPPA may be subject to liability in civil action brought by the driver to whom the information pertains. 18 U.S.C. § 2724(a). DPPA violators may be liable for the following: (1) actual damages (not less than liquidated damages in the amount of $2,500); (2) punitive damages; (3) attorneys' fees and other litigation costs; and (4) preliminary and equitable relief. 18 U.S.C. § 2724(b).

According to defendant ChoicePoint, plaintiff Betty D. Russell alleges three possible bases for liability under 18 U.S.C. § 2724(a): (1) improper use, (2) improper disclosure, and (3) improper obtainment. ChoicePoint avers that plaintiff fails to state a valid claim under each prong. The Court agrees in part. Although Russell's Complaint clearly sets forth an improper disclosure claim, it fails to adequately assert an improper use claim. Furthermore, as a matter of law, plaintiff's claim that defendant obtained personal information in violation of the DPPA does not entitle her to relief.

Defendant's allegations that plaintiff neglected to assert a DPPA improper use claim under 18 U.S.C. § 2724(a) are meritorious. Paragraphs 6 and 7 of the Complaint speak to ChoicePoint's obtainment *455 and disclosure of plaintiff's personal information and to a lack of permissible purpose, but they stop short of alleging that defendant used the information in violation of the Act. Plaintiff's argument that improper use was implicitly plead by reference to unauthorized resale is unconvincing because such language does not make improper use claims clear from the language of the Complaint. Plaintiff's improper use claim, if any, folds into her improper obtainment claim and improper disclosure claim. If the defendant is an "authorized recipient," then its use of information for resale is proper unless its resale is in violation of the statute, in which case the proper claim would be one for improper disclosure. Plaintiff contends that the defendant obtains the information solely for resale. Considering the Court's holding, any implicit improper use claim is unavailing. Accordingly, an amendment to the Complaint alleging improper use would be vain and useless.

ChoicePoint's attack on plaintiff's improper disclosure claims is entirely without merit. Defendant asserts that "[n]owhere in Paragraph 7 or in the remainder of her Complaint does plaintiff ever allege that ChoicePoint has in fact ever disclosed any information pertaining to her." Defendant's Reply Memorandum at 5 (emphasis omitted). However, the Complaint clearly sets forth an improper disclosure claim: "ChoicePoint obtained personal information ... as defined in the DPPA, of plaintiff ... without any permissible purpose ... [and] ChoicePoint disclosed and distributed said information pertaining to plaintiff...." Complaint Paragraph 6. Consequently, defendant's contention that plaintiff has failed to allege an improper disclosure claim must fail.

Although the plaintiff has alleged improper disclosure, the allegation is conclusory in nature. In the Reed Elsevier case, supra, the defendant challenged the standing of the plaintiff to bring an action based on improper disclosure where no actual injury was alleged. The Court will revisit the adequacy of the improper disclosure claim after it renders its ruling in the Reed Elsevier matter.

Finally, the Court agrees with defendant ChoicePoint that plaintiff may not maintain a DPPA claim for improper obtainment under 18 U.S.C. § 2724(a) without alleging an accompanying impermissible use. The plain language of the DPPA permits entities like ChoicePoint to obtain drivers' personal information from DMVs and subsequently resell that information to third parties with a permissible use.

When interpreting a statute, courts must begin with an analysis of the statute's actual words because when "the language of the federal statute is plain and unambiguous, it begins and ends [the court's] inquiry." United States v. Osborne, 262 F.3d 486, 490 (5th Cir.2001). The court may only refer to legislative history for congressional intent when the statute is unclear or ambiguous. Free v. Abbott Laboratories, 51 F.3d 524, 528 (5th Cir.1995). "[A]s in any case of statutory interpretation, we look to the plain language of the statute, reading it as a whole and mindful of the linguistic choices made by Congress." In re: Universal Seismic Assocs., 288 F.3d 205, 207 (5th Cir.2002) (quoting Whatley v. Resolution Trust Corp., 32 F.3d 905, 909 (5th Cir.1994)). Statutory language reflects the intention of Congress, and "Congress' intention is the law and must be followed." Blue Cross & Blue Shield v. Shalala, 995 F.2d 70, 73 (5th Cir.1993).

The language of 18 U.S.C. § 2721(c) permitting resale and redisclosure by "authorized recipients" instead of "authorized users" or "permissible users" indicates *456 Congress' anticipation that entities such as ChoicePoint would obtain drivers' personal information from DMVs strictly to redistribute it to persons with permissible uses. Because the DPPA neglects to define "authorized recipient," the Court must look to the words' ordinary meaning for guidance. "In all cases involving statutory construction, [the court's] starting point must be the language employed by Congress .... and [the court] assume[s] that the legislative purpose is expressed by the ordinary meaning of the words used." INS v. Phinpathya, 464 U.S. 183, 189, 104 S. Ct. 584, 589, 78 L. Ed. 2d 401 (1984). "The canons of statutory construction dictate that when construing a statute, the court should give words their ordinary meaning and should not render as meaningless the language of the statute." White v. Black, 190 F.3d 366, 368 (5th Cir.1999). Dictionaries provide a "principle source for ascertaining the ordinary meaning of statutory language." Thompson v. Goetzmann, 337 F.3d 489, 498 n. 20 (5th Cir.2003).

"Recipient," as commonly defined in dictionaries, is not synonymous with "user." "Recipient" is generally defined as "one that receives" or "[a] person who or thing which receives something." Webster's Third New International Dictionary Unabridged (3rd Ed.1993); The American Heritage Dictionary of the English Language (4th Ed.2000). "User" means "one that uses." Webster's Third New International Dictionary; The American Heritage Dictionary. One "receives" by "tak[ing] ... [or] acquir[ing]" and "uses" by "put[ting] into service" The American Heritage Dictionary. Clearly, the two terms have separate meanings, as Congress knew well when it drafted the DPPA. Any interpretation of "authorized recipient" to mean "authorized user" runs afoul of the words' common definitions and, in effect, renders the term "recipient" meaningless under the DPPA.

The term "authorized" is defined as "marked by authority ... [or] sanctioned by authority" Webster's Third New International Dictionary."Authorize" means "to endorse, empower, justify, or permit by or as if by some recognized or proper authority" or "[t]o give permission for ... [or to] sanction." Webster's Third New International Dictionary; The American Heritage Dictionary. The American Heritage Dictionary supplements the above definition of "authorize" with the following example of its usage: "city agency that authorizes construction projects." (emphasis omitted). The definitions of "authorize" and "authorized" make clear that the terms are commonly used in reference to a grant of permission by a state or municipal agency. This common usage would apply to a DMV resale authorization just as it would a city council construction authorization. It is doubtful that Congress employed the term "authorized" to refer to the DPPA directly sanctioning a recipient because the Act otherwise speaks in terms of "use" rather than "user" and provides no process or guidelines for authorization. More likely, Congress intended to leave the recipient authorization process to the states.

Congress could have limited resale and redisclosure to "permissible users." keeping in line with 18 U.S.C. § 2721(b)'s theme of permissible use, but instead Congress employed the term "authorized recipient" in § 2721(c). This deliberate word choice reveals congressional intent to allow states and their DMVs to authorize persons and entities to receive drivers' information for resale. In enacting the DPPA, Congress intended to strike "a critical balance between legitimate governmental and business needs for this information, and the fundamental right of our people to privacy and safety." 139 Cong. Rec. S15, 763 (1993). Congress was well *457 aware of the economic value of DMV records and of the common state practice of selling drivers' personal information to private resellers. The inclusion of the term "authorized recipient" and the exclusion of any reference to "users" in DPPA § 2721(c) indicates an intent on behalf of Congress to delegate authorization to the states and thereby permit personal information resellers like ChoicePoint who are authorized by the state or its DMV to obtain drivers' personal information for the purpose of redistribution to persons with "permissible uses."

The plain language of the DPPA is written in terms of permissible "uses" rather than permissible "users."^[1] Defendant contends that this congressional linguistic choice, among others, reveals an intent to allow companies like ChoicePoint to obtain and resell drivers' personal information to parties with a permissible use under the DPPA. The Court agrees. Congress' intent to regulate the use of drivers' personal information rather than the user is evident from its DPPA word choice as well as the language it employed in several other privacy-related statutes. If Congress had intended to require that the "authorized recipient" of personal information also be a user of that information, it could have written the DPPA exceptions explicitly to that effect. Congress could have referred to "permissible users" rather than "permissible uses" in 18 U.S.C. § 2721(b). Instead, Congress opted to describe DPPA exceptions in terms of use.

Indeed, in other privacy acts Congress has restricted disclosure exceptions to specific persons. For example, in the 1998 Video Privacy Protection Act, 18 U.S.C. § 2710, et seq., Congress wrote:

A video tape service provider may disclose personally identifiable information concerning any consumer

(A) to the consumer;

(B) to any person with the informed, written consent ...

(C) to a law enforcement agency ...

(D) to any person if the disclosure is solely of the names and addresses ...

(E) to any person if the disclosure is incident to the ordinary course of business ...

18 U.S.C. § 2710(b) (2) (emphasis added). Similarly, in the Family Education Rights Privacy Act, U.S.C. § 1232g, et seq., Congress explicitly limited personal information *458 release to school officials, teachers, authorized federal representatives, state and local officials, parents, and others rather than merely regulating the types of use those persons might undertake. 20 U.S.C. § 1232g(b) (1).^[2] Also, in the 1974 Privacy Act, 5 U.S.C. § 552a(b), Congress selected language that specifically provided for disclosures to certain users or types of users:

Conditions of disclosure. No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be

(1) to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties;

(2) required under section 552 of this title;

(3) for a routine use as defined in subsection (a) (7) of this section and described under subsection (e) (4) (D) of this section;

(4) to the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of title 13;

(5) to a recipient who has provided the agency with advance adequate written assurance that the record will be used solely as a statistical research or reporting record, and the record is to be transferred in a form that is not individually identifiable;

(6) to the National Archives and Records Administration as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Archivist of the United States or the designee of the Archivist to determine whether the record has such value;

(7) to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought;

(8) to a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if upon such disclosure notification is transmitted *459 to the last known address of such individual;

(9) to either House of Congress, or, to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee;

(10) to the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the General Accounting Office;

(11) pursuant to the order of a court of competent jurisdiction; or

(12) to a consumer reporting agency in accordance with section 3711(e) of title 31.

5 U.S.C. § 552a(b) (emphasis added). The aforementioned privacy acts make clear that, upon drafting the DPPA, Congress knew how to write a privacy statute that limited disclosures to certain privileged persons, or users. However, Congress instead chose to limit Drivers' personal information disclosures to certain types of use.

Plaintiff's reliance on the Iowa Supreme Court opinion in Locate.Plus.Com. Inc. v. Iowa D.O.T, 650 N.W.2d 609, 617-8 (Iowa 2002), is misplaced. Locate.Plus.Com does not bind this Court. That decision is both factually and procedurally distinguishable from the case at hand. Furthermore, Locate.Plus.Com neglects to provide a meaningful analysis of the DPPA's statutory language and corresponding congressional intent, especially as they relate the common definitions of key DPPA terms and to other federal privacy acts. As a result, the Locate.Plus.Com holding cannot apply to the instant plaintiff's improper obtainment claims, which must be dismissed.

Locate.Plus.com, Inc. is a licensed private investigation agency who resells DMV information to law enforcement agencies and other persons and entities who utilize the information in the course of their work. Locate.Plus.Com, 650 N.W.2d at 611. When Locate.Plus.com, Inc. requested DMV records from the Iowa Department of Transportation, the department refused to release the records, maintaining that Locate.Plus.com, Inc. was not entitled to the personal information under the DPPA and similar Iowa law. Id. Locate.Plus.com, Inc. brought a declaratory judgment action against Iowa seeking judicial review of the information refusal. The district court affirmed the decision of the Iowa Department of Transportation, as did the Iowa Supreme Court in Locate.Plus.Com. Id. The Locate.Plus.Com court stated:

The language of the DPPA as a whole makes it plain that Congress and, in turn, our legislature, sought to limit access to personal information in state motor vehicle records by both protecting citizens from the improper use of such information, while allowing access for legitimate purposes or uses. At the same time, it imposed a gatekeeping function on the state departments of motor vehicles to exercise discretion to disclose personal information when used for the purposes described in subsection (b). Thus, disclosure essentially depends on the use sought for the information, and the states are charged with the responsibility to ensure that disclosure is limited to those circumstances where Congress determined that the use for the information trumps the competing privacy interest ... We think this approach taken by Congress to the dissemination of personal information in motor vehicle records contemplates that the person or entity requesting disclosure of the personal information also be the person or entity that will use the information for the statutory purpose. Thus, nonconsensual disclosure of information is permitted only for approved uses, and disclosure is not permitted if the requester *460 is not seeking to use the information for the statutory purpose. The statute does not permit disclosure to a nonuser, who only seeks information to redisclose it for use under a permitted purpose.

Id. at 616-17.

The Iowa Supreme Court accurately observed that Congress enacted the DPPA to protect citizens from improper use of personal DMV information while allowing access for legitimate purposes. However, the Locate.Plus.Com court failed to fully consider the plain language Congress employed in drafting the DPPA. The Iowa court held that a private reseller "must itself be an `authorized user'" to be permitted access to DMV records. Locate.Plus.Com, 650 N.W.2d at 618 (emphasis added). That court insinuated that the "authorized user" requirement of the DPPA meant that "the person or entity requesting disclosure of the personal information also be the person or entity that will use the information for the statutory purpose." Id. at 617. However, the term "authorized user" does not appear in the DPPA. Rather, as mentioned above, Congress employed the term "authorized recipient" in reference to permissible resale and distribution. The Locate.Plus.Com decision's mandate that DMV information resellers be "authorized users" ignores the plain language of the DPPA and the common usages of its chosen terms. As discussed previously, "recipient" does not mean "user." Locate.Plus.Com' s conclusion that "authorized recipient" means "authorized user" under the DPPA erroneously renders meaningless the term that Congress chose, "authorized recipient."

The Iowa Supreme Court's DPPA interpretation also belies congressional intent. As discussed above, Congress has opted to regulate personal information "users" on several occasions. such as the Video Privacy Protection Act, 18 U.S.C. § 2710, et seq., the Family Education Rights Privacy Act, U.S.C. § 1232g, et seq., and the 1974 Privacy Act, 5 U.S.C. § 552a(b). Locate.Plus.Com characterizes the DPPA as an act that regulates uses and users, however, it failed to recognize that the Act overwhelmingly regulates uses. This distinction from numerous privacy acts that regulate end users, along with the DPPA's plain reference to "authorized recipients," provides a clear intent by Congress to permit resale by recipients authorized by the state or its DMV.

Finally, the Locate.Plus.Com decision mistakenly concludes that "any other interpretation would render the statute impractical, and essentially render the state incapable of performing its gatekeeping function under the statute." Locate.Plus.Com, 650 N.W.2d at 617. This reasoning again ignores the plain language of the statute and also overlooks the import of the DPPA enforcement provisions and the information refusal discretion afforded DMVs under the Act. DPPA § 2721(c) requires any "authorized recipient" to maintain records documenting the identity and permitted uses for which drivers' resold personal information will be used. Sections 2723-2724 further demonstrate that Congress intended for persons and entities other than states to act as gatekeepers by including a private right of action against the violator. Such a private right of action would not be necessary if Congress had sought to limit gatekeeping to states. Also, unlike the mandatory disclosure sought in the Locate.Plus.Com declaratory judgment action, the instant dispute does not hinder the state's gatekeeping role because the permissive language of 18 U.S.C. § 2721(b) (1-14) vests the state with vast discretion regarding the initial disclosure of DMV records. Unlike Locate.Plus.Com, the situation at bar involves a state voluntarily disclosing information to a business the state authorizes *461 to possess and redisclose DMV information. In effect, the state has already performed its gatekeeping role without hindrance and has opted to authorize ChoicePoint for receipt. Also, the Locate.Plus.Com rationale provides no greater gatekeeping role to the state. Indeed, that decision limits, rather than empowers, the state as a gatekeeper in the instant procedural context. In either case, the state is one step removed from the resale process. The DPPA gatekeeper has no more control over a direct user reseller than nonuser reseller such as ChoicePoint.

Plaintiff also cites to language in Reno v. Condon, 528 U.S. 141, 120 S. Ct. 666, 145 L. Ed. 2d 587 (2000), to support her claim. Reno upheld the constitutionality of the DPPA, but the issue of improper obtainment was not before the court. In Reno, the Supreme Court focused on the principles of federalism and the Tenth Amendment, not on the precise meaning and scope of the statute, and certainly not as applied to the facts in this case. This Court finds plaintiff's reliance on Reno to be unavailing.

For the reasons stated above, defendant's motion must be granted in part and denied in part. Plaintiff has neglected to allege an improper use claim and her improper obtainment allegations do not entitle her to relief under the law. However, because the Complaint advances an improper disclosure claim, albeit a conclusory one, defendant's motion shall be denied as to that allegation. Accordingly,

IT IS ORDERED that defendants Motion to Dismiss (Rec. Doc. No. 5) is hereby GRANTED IN PART as to plaintiff's improper use claim.

IT IS FURTHER ORDERED that defendant's motion is hereby DENIED IN PART as to plaintiff's improper disclosure claim.

IT IS FURTHER ORDERED that defendant's motion is hereby GRANTED IN PART as to plaintiff's improper obtainment claim. Finally,

IT IS FURTHER ORDERED that plaintiff's claims against defendant Choicepoint for improper use and improper obtainment of personal information are hereby DISMISSED WITH PREJUDICE.

[1] 18 U.S.C. § 2721(b) provides in pertinent part:

Permissible uses. Personal information referred to in subsection (a) shall be disclosed for use in connection with matters of motor vehicle or driver safety ... and, subject to subsection (a) (2), may be disclosed as follows:

(1) For use by any government agency ... in carrying out its functions ...

(2) For use in connection with matters of motor vehicle or driver safety ...

(3) For use in the normal course of business ...

(4) For use in connection with any civil, criminal, administrative, or arbitral proceeding ...

(5) For use in research activities ...

(6) For use by any insurer ... in connection with claims investigation activities ...

(7) For use in providing notice to the owners of towed or impounded vehicles ...

(8) For use by any licensed private investigative agency ... for any purpose permitted ...

(9) For use by an employer or its agent or insurer to obtain or verify information ...

(10) For use in connection with the operation of private toll transportation facilities.

(11) For any other use ... if the State has obtained the express consent ...

(12) For bulk distribution ... if the State has obtained the express consent ...

(13) For use by any requester, if the requester demonstrates it has obtained the written consent ...

(14) For any other use specifically authorized ... if such use is related to ... public safety.

18 U.S.C. § 2721(b) (emphasis added).

[2] 20 U.S.C. § 1232g(b) (1) provides in relevant part:

No funds shall be made available under any applicable program to any educational agency or institution which has a policy or practice of permitting the release of education records (or personally identifiable information contained therein other than directory information, as defined in paragraph (5) of subsection (a) of this section) of students without the written consent of their parents to any individual, agency, or organization, other than to the following

(A) other school officials, including teachers ...

(B) officials of other schools ...

(C) (i) authorized representatives of (1) the Comptroller General of the United States ...

(D) in connection with a student's application for, or receipt of, financial aid;

(E) State and local officials ...

(F) organizations conducting studies ...

(G) accrediting organizations ...

(H) parents ...

(I) ... in connection with an emergency ...

(J) ... entity or persons designated in a Federal grand jury subpoena ...

20 U.S.C. § 1232g(b) (1) (emphasis added).