Milligan v. Ottumwa Police Department
Annotate this Case
Justia Opinion Summary
Want to stay in the know about new opinions from the Iowa Supreme Court?
Sign up for free summaries delivered directly to your inbox. Learn More ›
You already receive new opinion summaries from Iowa Supreme Court. Did you know we offer summary newsletters for even more practice areas and jurisdictions? Explore them here.
The Supreme Court reversed the judgment of the district court granting Plaintiff's petition for mandamus and ordering the City of Ottumwa to disclose names of all persons who had and had not been issued automated traffic enforcement (ATE) citations by the City after their vehicles were detected as speeding by an ATE camera, holding that the district court erred in ordering the production of records whose disclosure was prohibited by the Driver's Privacy Protection Act of 1994 (DPPA), 18 U.S.C. 2721-2725, and a corresponding Iowa state law, Iowa Code 321.11.
In denying the request for names, the City argued that the DPPA and section 321.11 prohibited disclosure of the requested information. The district court disagreed, concluding that the names of speed regulation violators was information on driving violations and therefore was not confidential information under the DPPA or section 321.11. The Supreme Court reversed, holding that where the personal identifying information sought by Petitioner came from a vehicle registration and driver's license database, its public disclosure was presumptively prohibited under the DPPA and section 321.11.
Download PDF
IN THE SUPREME COURT OF IOWA No. 17–1961 Filed January 3, 2020 MARK LEONARD MILLIGAN, Appellee, vs. OTTUMWA POLICE DEPARTMENT and CITY OF OTTUMWA, IOWA, Appellants. Appeal from the Iowa District Court for Wapello County, Randy DeGeest, Judge. A city appeals a district court judgment ordering it to release to a citizen the identities of all individuals detected as speeding by its automated traffic enforcement program under the Iowa Open Records Act. REVERSED AND REMANDED. David E. Schrock and Skylar J. Limkemann of Smith Mills Schrock Blades Monthei P.C., Cedar Rapids, for appellants. Steven Gardner of Denefe, Gardner & Zingg, P.C., Ottumwa, for appellee. Brent L. Hinders, Eric M. Updegraff, and Alex E. Grasso of Hopkins & Huebner, P.C., Des Moines, for amicus curiae Iowa League of Cities. 2 George F. Davison Jr., Des Moines, for amicus curiae Iowa Freedom of Information Council. 3 MANSFIELD, Justice. I. Introduction. This case requires us to interpret provisions of the Driver’s Privacy Protection Act of 1994 (DPPA), 18 U.S.C. §§ 2721–2725 (2012), and a corresponding Iowa state law, Iowa Code § 321.11 (2017), to decide whether they overcome the general rule of public disclosure set forth in the Iowa Open Records Act, id. §§ 22.1–.14. A city police sergeant was driving a patrol vehicle while off-duty. He received an automated traffic enforcement (ATE) citation for speeding from the city. As a private citizen, he then served a chapter 22 open records request. He specifically asked for the names of all persons who had and had not been issued ATE citations by the city after their vehicles were detected as speeding by an ATE camera. The city denied the request for the names, contending the DPPA and Iowa Code section 321.11 prohibited disclosure of the requested information. This citizen went to district court, and the court granted his petition for mandamus, ordered the city to disclose the names, and awarded attorney fees and expenses. The city appealed. On appeal, the city contends that the district court erred in ordering the production of records whose disclosure is prohibited by the DPPA and Iowa Code section 321.11. Additionally, the city contends the district court abused its discretion in awarding the citizen an unreasonable amount of attorney fees and costs. We agree with the city’s first argument. Because the personal identifying information sought by this citizen comes from a vehicle registration and driver’s license database, its public disclosure is presumptively prohibited under the DPPA and Iowa Code section 321.11. Although both statutes allow disclosure under certain limited 4 circumstances, none of those circumstances apply here. Accordingly, we determine that the city did not commit an open records violation, and we reverse the judgment of the district court and remand for further proceedings consistent with this opinion. II. Facts and Procedural Background. The facts in this case are largely undisputed. To enforce its speeding ordinances, the City of Ottumwa uses an unmanned ATE vehicle provided by RedSpeed, a third-party contractor. After the ATE vehicle detects and photographs a speeding vehicle including its license plate number, RedSpeed documents the violation, accesses the National Law Enforcement Telecommunications System (NLETS) database to obtain the name of the registered owner of the vehicle, and uploads that information to an Internet portal. This enables a City police officer to review the materials and approve or reject the issuance of a citation. The reviewing officer also verifies the vehicle owner information. If the officer approves the issuance of a citation, RedSpeed relies on the registered owner’s information obtained from NLETS to mail the owner a citation, including the photographs of the violation and information on the vehicle’s speed. As noted, the City’s ATE enforcement program is supported by use of the NLETS database. The NLETS database is a clearinghouse used nationally by law enforcement agencies. It contains motor vehicle, registration, and driver information submitted by state departments of motor vehicles. On the night of May 24, 2016, an ATE camera detected an off-duty patrol car going forty-one miles per hour in a twenty-five miles-per-hour zone. It was later determined that the driver was Mark Milligan, a police sergeant who worked for the City. After discovering that Milligan was the driver, the City forwarded the citation to him, although the City was of 5 course the registered owner of the vehicle and the citation was actually issued to “Ottumwa PD.” On August 1, Milligan—acting as a private citizen—submitted a written public records request to the City under Iowa Code chapter 22. He sought various records relating to the City’s ATE program. Among other things, he requested the following: The names of violators issued citations from the Ottumwa Police Department once the violation is reported by Red Speed to the City of Ottumwa[,] Iowa. The names of violators not issued citations after being reported as violations by Ottumwa Police Department. 1 1Milligan also placed eight other requests: o The contractual agreement between Red Speed and the City of Ottumwa. o All information provided to the City of Ottumwa, Ottumwa Police Department regarding all speed violations from Red Speed. .... o Any and all policies and procedures established by the City of Ottumwa in regards to the issuance of citations by the Ottumwa Police Department once the violation is reported to the City by Red Speed. o Any records or recorded conversations of Ottumwa Police Department personnel issuing verbal warnings for Red Speed Violations in lieu of actual citations. o The individuals authorized to determine whether a citation is to be issued or not to be issued and any criteria established for such issuance or non-issuance of the citation. o The calibration records of the Red Speed vehicle. o The personnel authorized and trained to set up, calibrate, and have access to the Red Speed vehicle deployed in Ottumwa, Iowa by the Ottumwa Police Department. o Any training records, and or certificates of training, specific to the set up and use of the Red Speed vehicle deployed in Ottumwa, Iowa. 6 Milligan later testified that he asked for this information “to see that the City of Ottumwa was enforcing their automated speed car enforcement fairly across the board between all citizens.” On the advice of counsel, the City refused to release either set of requested names. The reason it gave for the denial was that “[i]nformation obtained by Red Speed is accessed through the NLETS portal and is confidential information under state and federal law.” The City did, however, provide the other requested items. On September 12, Milligan filed in the Wapello County District Court a petition in equity and request for an order of mandamus pursuant to Iowa Code sections 22.5 and 22.10. He asserted that the City and its police department violated chapter 22 by withholding the information without “any lawful basis.” 2 He asked the court to order the City to provide the withheld information and reimburse his costs and attorney fees. On February 9, 2017, the City filed a motion for summary judgment. It asserted it was entitled to judgment as a matter of law because Milligan’s “requests seek confidential information that is prohibited from being disclosed under federal and state law”—meaning, the disclosure is prohibited by the DPPA, 18 U.S.C. §§ 2721 and 2725, and Iowa Code sections 22.7(66) and 321.11. The City also asked for summary judgment because Milligan had not provided any reasons for requesting the “confidential names of persons cited or not cited by the City.” Following a hearing, the district court denied the City’s motion. Later, the district court also denied a revised version of the City’s motion for summary judgment. 2Milligan named both the City and its police department as defendants, but for purposes of this opinion, we will refer to the defendants collectively as “the City.” 7 On November 2, the case was tried to the court. On November 28, the court issued its ruling. Implicitly, the court’s ruling recognized that the DPPA and Iowa Code section 321.11 limit disclosure of documents that would otherwise have to be produced under the Open Records Act. However, the court reasoned that both the DPPA and Iowa Code section 321.11 “exempt information on driving violations from their general prohibition on personal information disclosure.” It continued that “[t]he name[s] of speed regulation violators, which w[ere] requested, [are] information on driving violations, and [are] therefore, not confidential information under the DPPA or Iowa Code § 321.11.” Accordingly, the court concluded the City had failed to comply with chapter 22 and ordered the City to provide Milligan the requested information. The court also announced it would award attorney fees and invited a fee application. On December 5, the City filed a timely notice of appeal from the district court’s November 28 order and ruling. Two days later, on December 7, Milligan submitted an application for attorney fees and nontaxable expenses. See Iowa Code § 22.10(3)(c). The City resisted the application, challenging both the hours billed and the hourly rates. On February 22, 2018, the court granted Milligan’s application in full, awarding $57,315.75 in attorney fees and expenses. The City timely appealed this order as well. We consolidated the appeals and retained them. III. Standard of Review. We review the district court’s interpretations of the DPPA, chapter 22 of the Iowa Code, and Iowa Code section 321.11 for correction of errors at law. Iowa Film Prod. Servs. v. Iowa Dep’t of Econ. Dev., 818 N.W.2d 207, 217 (Iowa 2012); Press–Citizen Co. v. Univ. of Iowa, 817 N.W.2d 480, 484 (Iowa 2012). 8 We review fact findings in chapter 22 actions, which are triable in equity, de novo. ACLU Found. of Iowa, Inc. v. Records Custodian, Atlantic Cmty. Sch. Dist., 818 N.W.2d 231, 232 (Iowa 2012); Press–Citizen Co., 817 N.W.2d at 484; Gannon v. Bd. of Regents, 692 N.W.2d 31, 37 (Iowa 2005). We review the amount of an award of attorney fees and costs for an abuse of discretion. City of Riverdale v. Diercks, 806 N.W.2d 643, 652 (Iowa 2011). IV. Did the District Court Err in Ordering the City to Produce the Names of Individual Vehicle Owners Requested by Milligan? We must determine whether the DPPA and its Iowa counterpart, Iowa Code section 321.11, prohibit the City from releasing the names of individuals who were and were not cited for ATE speeding violations. To resolve this issue, we need to review closely the exceptions found in the DPPA and section 321.11. A. The Iowa Open Records Act. At the outset, we acknowledge that the Open Records Act embodies “a liberal policy in favor of access to public records.” Mitchell v. City of Cedar Rapids, 926 N.W.2d 222, 229 (Iowa 2019) (quoting Hall v. Broadlawns Med. Ctr., 811 N.W.2d 478, 485 (Iowa 2012)). The Act provides, “Every person shall have the right to examine and copy a public record and to publish or otherwise disseminate a public record or the information contained in a public record.” Iowa Code § 22.2(1). Also, “[a] government body shall not prevent the examination or copying of a public record by contracting with a nongovernment body to perform any of its duties of functions.” § 22.2(2). Id. Although the 2017 version of the Act contained sixty-eight enumerated exemptions from the disclosure requests, see Iowa Code § 22.7, they “are to be construed narrowly.” Mitchell, 926 N.W.2d at 229 (quoting Iowa Film Prod. Servs., 818 N.W.2d at 219). 9 Yet, this case does not concern one of those exemptions. Instead, our focus is on a federal statute and a state statute that independently prohibit the disclosure of certain government records under certain circumstances. The Federal DPPA, if it applies, would preempt any state law to the contrary, such as the Open Records Act. See Collier v. Dickinson, 477 F.3d 1306, 1312 & n.3 (11th Cir. 2007) (rejecting a qualified immunity defense because “[t]he law was clear at the relevant time that the DPPA preempted any conflicting state law that regulates the dissemination of motor vehicle record information”). In addition, specific state law prohibitions on disclosure located outside of chapter 22, such as Iowa Code section 321.11, can overcome the disclosure provisions in the Open Records Act. See Burton v. Univ. of Iowa Hosps. & Clinics, 566 N.W.2d 182, 189 (Iowa 1997) (“[C]hapter 22 does not trump or supersede specific statutes like sections 135.40–.42 on confidentiality of records.”). B. The Driver’s Privacy Protection Act of 1994. The DPPA “regulates the disclosure and resale of personal information contained in the records of state motor vehicle departments (DMVs).” Reno v. Condon, 528 U.S. 141, 143, 120 S. Ct. 666, 668 (2000); see also Locate.Plus.Com, Inc. v. Iowa Dep’t of Transp., 650 N.W.2d 609, 614 (Iowa 2002) (“Congress also sought to curb the common practice by many states of selling information in motor vehicle records to businesses, marketers, and individuals.”). The genesis of the DPPA was the 1989 murder of a television actor at her home. Locate.Plus.Com, 650 N.W.2d at 614 n.2; Maureen Maginnis, Note, Maintaining the Privacy of Personal Information: The DPPA and the Right of Privacy, 51 S.C. L. Rev. 807, 809 (2000) [hereinafter Maginnis]. The actor was killed by a stalker who had hired a private detective to obtain her unlisted apartment address from the California Department of Motor Vehicles. Locate.Plus.Com, 650 N.W.2d at 614 n.2; 10 Maginnis, 51 S.C. L. Rev. at 809; William J. Watkins, Jr., Note, The Driver’s Privacy Protection Act: Congress Makes a Wrong Turn, 49 S.C. L. Rev. 983, 984 (1998) [hereinafter Watkins]. Congress enacted the DPPA, first, to address public safety concerns regarding stalkers’, domestic abusers’, and other criminals’ easy access to the personal information in state department of transportation records. See, e.g., Locate.Plus.Com, 650 N.W.2d at 614 & n.2; Watkins, 49 S.C. L. Rev. at 984–85. Second, the DPPA was intended to restrain many states’ practices of selling personal information in state DMV records to businesses and individuals. Condon, 528 U.S. at 143–44, 120 S. Ct. at 668; Locate.Plus.Com, 650 N.W.2d at 614; Maginnis, 51 S.C. L. Rev. at 808. In pertinent part, the DPPA provides, (a) In general.—A State department of motor vehicles, and any officer, employee, or contractor thereof, shall not knowingly disclose or otherwise make available to any person or entity: (1) personal information, as defined in 18 U.S.C. § 2725(3), about any individual obtained by the department in connection with a motor vehicle record, except as provided in subsection (b) of this section[.] 18 U.S.C. § 2721(a)(1). For DPPA purposes, the “State department of motor vehicles” in Iowa is the Iowa Department of Transportation (IDOT). See Iowa Code § 307.27; Locate.Plus.Com, 650 N.W.2d at 611 (noting the IDOT maintains all motor vehicle records in Iowa, including personal information people disclose when obtaining a license or registering a vehicle). The DPPA defines “personal information” as information that identifies an individual, including an individual’s photograph, social security number, driver identification number, name, address (but not the 5-digit zip code), telephone number, and medical or disability 11 information, but does not include information on vehicular accidents, driving violations, and driver’s status. 18 U.S.C. § 2725(3). The DPPA also defines “motor vehicle record” as “any record that pertains to a motor vehicle operator’s permit, motor vehicle title, motor vehicle registration, or identification card issued by a department of motor vehicles.” Id. § 2725(1). Thus, the name of an individual derived from a driver’s license or a motor vehicle registration constitutes confidential personal information. See id. This means that under federal law, the name typically may not be disclosed by the IDOT or an IDOT contractor. Section 2721(b) of the DPPA, however, carves out several exceptions to the nondisclosure rule. Id. § 2721(b). In some instances, such as vehicle recalls, disclosure of the personal information upon request is mandatory: (b) PERMISSIBLE USES.—Personal information referred to in subsection (a) shall be disclosed for use in connection with matters of motor vehicle or driver safety and theft, motor vehicle emissions, motor vehicle product alterations, recalls, or advisories, performance monitoring of motor vehicles and dealers by motor vehicle manufacturers, and removal of nonowner records from the original owner records of motor vehicle manufacturers to carry out the purposes of titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure Act (15 U.S.C. 1231 et seq.), the Clean Air Act (42 U.S.C. 7401 et seq.), and chapters 301, 305, and 321–331 of title 49 . . . . Id. In other instances, disclosure is permitted but not required. Relevant to our inquiry are the following permissible-use exceptions: (b) PERMISSIBLE USES.—Personal information referred to in subsection (a) . . . subject to subsection (a)(2), may be disclosed as follows: (1) For use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions. 12 .... (4) For use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any selfregulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a Federal, State, or local court. .... (14) For any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety. 18 U.S.C. § 2721(b)(1), (4), (14). In addition to restricting the initial disclosure and sale of personal information derived from motor vehicle records by state motor vehicle departments and their contractors, the DPPA “regulates the resale and redisclosure of drivers’ personal information by private persons who have obtained that information from a state DMV.” Condon, 528 U.S. at 146, 120 S. Ct. at 669. Simply stated, an authorized recipient may redisclose personal information in connection with a motor vehicle record obtained directly or indirectly from a state motor vehicle department only for a use that would have been a permissible basis for obtaining the information in the first place. See 18 U.S.C. § 2721(c) (“An authorized recipient of personal information (except a recipient under subsection (b)(11) or (12)) may resell or redisclose the information only for a use permitted under subsection (b) (but not for uses under subsection (b)(11) or (12)).”). Finally, the DPPA establishes civil and criminal penalties for violations. E.g., id. § 2722(a) (“It shall be unlawful for any person knowingly to obtain or disclose personal information, from a motor vehicle record, for any use not permitted under section 2721(b) of this title.”); id. § 2723(a) (“A person who knowingly violates this chapter shall be fined 13 under this title.”); id. § 2724(a) (“A person who knowingly obtains, discloses or uses personal information, from a motor vehicle record, for a purpose not permitted under this chapter shall be liable to the individual to whom the information pertains, who may bring a civil action in a United States district court.”). C. Iowa Code § 321.11. Iowa Code section 321.11 provides, in pertinent part, 1. All records of the department [of other than those made confidential or not open in accordance with 18 U.S.C. § 2721 et of a specific date by rule of the department, public inspection during office hours. transportation], permitted to be seq., adopted as shall be open to 2. Notwithstanding subsection 1, personal information shall not be disclosed to a requester, except as provided in 18 U.S.C. § 2721, unless the person whose personal information is requested has provided express written consent allowing disclosure of the person’s personal information. As used in this section, “personal information” means information that identifies a person, including a person’s photograph, social security number, driver’s license number, name, address, telephone number, and medical or disability information, but does not include information on vehicular accidents, driving violations, and driver’s status or a person’s zip code. 3. Notwithstanding other provisions of this section to the contrary, the department shall not release personal information to a person, other than to an officer or employee of a law enforcement agency, an employee of a federal or state agency or political subdivision in the performance of the employee’s official duties, a contract employee of the department of inspections and appeals in the conduct of an investigation, or a licensed private investigation agency or a licensed security service or a licensed employee of either, if the information is requested by the presentation of a registration plate number. In addition, an officer or employee of a law enforcement agency may release the name, address, and telephone number of a motor vehicle registrant to a person requesting the information by the presentation of a registration plate number if the officer or employee of the law enforcement agency believes that the release of the information is necessary in the performance of the officer’s or employee’s duties. 14 Iowa Code § 321.11(1)–(3). This section essentially incorporates the strictures of the DPPA into the Iowa Code. See Locate.Plus.Com, 650 N.W.2d at 615–16. D. Answering the Question. As the foregoing demonstrates, the DPPA limits the City’s ability to redisclose personal information obtained by its contractor from NLETS, a clearinghouse of state department of motor vehicle information. Generally speaking, redisclosure is allowed only when initial disclosure would have been permitted on that basis. See 18 U.S.C. § 2721(c); Condon, 528 U.S. at 146, 120 S. Ct. at 669–70. To put the matter another way, information that started out as protected personal information under the DPPA does not lose that character just because it has been disclosed for a permissible use. Each redisclosure must be supported by its own permissible use. Is there a permissible use for the redisclosure sought by Milligan? As we have already noted, relevant to our inquiry are the DPPA exceptions “[f]or use by any government agency,” “[f]or use in connection with any civil, criminal, administrative, or arbitral proceeding,” and “[f]or any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety.” 18 U.S.C. § 2721(b)(1), (4), (14). The United States Supreme Court has directed that DPPA exceptions should be construed narrowly. Maracich v. Spears, 570 U.S. 48, 60, 133 S. Ct. 2191, 2200 (2013). In Maracich, the Court held that § 2721(b)(4) does not authorize the disclosure of vehicle owners’ names and addresses to attorneys who wanted to use the information to solicit persons to join pending South Carolina litigation. 570 U.S. at 52, 133 S. Ct. at 2196. The Court acknowledged that § 2721(b)(4)’s “language, in literal terms, could be interpreted to its broadest reach to include the personal information 15 that respondents obtained here.” Id. at 59, 133 S. Ct. at 2200. Yet, the Court emphasized that “[a]n exception to a ‘general statement of policy’ is ‘usually read . . . narrowly in order to preserve the primary operation of the provision.’ ” Id. at 60, 133 S. Ct. at 2200 (quoting Comm’r v. Clark, 489 U.S. 729, 739, 109 S. Ct. 1455, 1463 (1989)). Accordingly, the Court said that “these exceptions ought not operate to the farthest reach of their linguistic possibilities if that result would contravene the statutory design.” Id. We believe none of these three exceptions applies here. First, Milligan is not a government agency, and he does not seek the records to carry out a governmental function. See 18 U.S.C. § 2721(b)(1). In fact, it is undisputed that Milligan was requesting the records in his capacity as a private citizen, using his personal home address, email, and telephone number. Second, there is insufficient proof that the names were needed for use in another proceeding. See id. § 2721(b)(4). Milligan did testify in a conclusory fashion that he had a secondary purpose for seeking this information: Q. And did you also seek this information for purposes of having it available for your federal lawsuit against the City of Ottumwa and the Chief of Police? A. Yes. However, there was no testimony explaining why the names of persons cited or not cited for ATE violations were relevant or how they would be used in that case. No information about the federal lawsuit was offered into evidence. Third, Milligan’s use of the records was not specifically authorized by a state law relating to motor vehicle or public safety. See id. § 2721(b)(14). Certainly the Open Records Act itself is not such a law. 16 In this regard, we note that the DPPA authorizes disclosure of information pertaining to “vehicular accidents” and “driving violations.” 18 U.S.C. § 2725(3). Likewise, Iowa Code section 321.11(2) authorizes disclosure of information pertaining to “vehicular accidents” and “driving violations.” Iowa Code § 321.11(2). This enables an insurance company, for example, to obtain a customer’s driving record—his or her past car accidents and traffic tickets. 3 In this case, the district court did not rely on any of the three exceptions found in §§ 2721(b)(1), (4), or (14) of the DPPA. Instead, it relied on the DPPA’s and section 321.11(2)’s language permitting disclosure of “driving violations.” We disagree with the district court. ATE camera citations do not involve “driving violations.” Our court has recognized several features of ATE camera citations that distinguish them from traditional tickets for moving violations issued in person by a law enforcement officer. Most importantly, the ATE camera citation is issued to the vehicle owner, not the driver. See City of Davenport v. Seymour, 755 N.W.2d 533, 537 (Iowa 2008). The cited individual may or may not be a driver. In addition, citations “are not reported to the Iowa Department of Transportation (IDOT) for the purpose of the vehicle owner’s driving record.” Id. By contrast, traditional citations are issued to the driver and reported to the IDOT, and go on the recipient’s driving record, which can result in higher auto insurance premiums or suspension of driving privileges after multiple moving violations. 4 In Seymour, we relied on these 3The DPPA permits personal information to be disclosed anyway for use by insurers in rating or underwriting. See 18 U.S.C. § 2721(b)(6). 4Here, for example, the City’s citation form states prominently, “PAYMENT OF THIS PENALTY AMOUNT WILL NOT RESULT IN POINTS AND CANNOT BE USED TO INCREASE YOUR INSURANCE RATES.” In other words, a person who is cited for violating 17 differences in holding that municipal ATE camera tickets were an alternative “system” for enforcing speeding or red light laws and therefore were not preempted by the uniformity requirement in Iowa Code section 321.235. Id. at 543. For the same reason, such citations cannot be considered driving violations within the meaning of the DPPA and section 321.11(2). 5 Accordingly, the redisclosure of the names of vehicle owners is prohibited by federal and state law. We find persuasive the court’s reasoning in New Richmond News v. City of New Richmond, 881 N.W.2d 339 (Wis. Ct. App. 2016). In that case, a police department relied on the DPPA in redacting personal identifying information such as names and addresses from two accident reports and one incident report it produced to a newspaper under the Wisconsin public records law. Id. at 347–48. The newspaper sued challenging the redactions. Id. at 348. The Wisconsin Court of Appeals framed the issue as follows: It is undisputed that the Wisconsin DMV disclosed personal information from motor vehicle records to the police department. It is further undisputed that this initial disclosure of personal information was for a permissible use under the DPPA—namely, the police department’s officers used the information in the course of their duties to complete accident and incident reports. See 18 U.S.C. § 2721(b)(1) (disclosure of personal information permitted “[f]or use by any government agency . . . in carrying out its functions”). The disputed issue is whether the police department’s subsequent redisclosure to the Newspaper of personal information contained in two accident reports and one incident report created by its officers would have been permissible under § 2721(c), which regulates the “redisclosure” of personal information by an “authorized recipient.” As relevant here, the City’s ATE ordinance is not a “violator of the traffic laws” within the meaning of Iowa Code section 321.210, which authorizes IDOT to suspend a driver’s license when a person is “an habitual violator of the traffic laws.” Iowa Code § 321.210(1)(a)(2). 5Certainly, there can be no driving violation when no citation was issued. 18 such redisclosure is permissible “only for a use permitted under subsection (b).” Id. § 2721(c). Id. at 350–51. The court went on to hold that the police department’s redisclosure of the personal information in the accident reports was authorized by § 2721(b)(14) of the DPPA because Wisconsin had a separate law specifically mandating that law enforcement agencies provide the public with access to uniform accident reports. Id. at 352; see 18 U.S.C. § 2721(b)(14) (“For any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety.”). However, the newspaper could not obtain the unredacted version of the incident report because the only legal basis for its release in unredacted form was the Wisconsin public records law. Id. at 352–55. The court rejected the newspaper’s argument that releasing public records was an agency function for purposes of § 2721(b)(1): [A]ccepting the Newspaper’s argument would lead to untenable results. If disclosure of personal information in response to public records requests constituted a “function” of government agencies, for purposes of the DPPA’s agency functions exception, then any time an “authority” under the public records law received a public records request for personal information protected by the DPPA, it could disclose that information. This would include the Wisconsin DMV, which is an authority under the public records law. Permitting the DMV to disclose personal information every time a public records request was made would eviscerate the protection provided by the DPPA, which was enacted to limit the circumstances in which state DMVs could disclose drivers’ personal information in order to protect their safety and privacy. Id. at 354 (citation omitted). The court also found unpersuasive the newspaper’s argument that “redaction of personal information in police reports would prevent the public from verifying, and law enforcement from 19 demonstrating, that criminal and traffic laws are fairly enforced against all persons.” Id. at 355. In sum, [T]he agency functions exception to the DPPA cannot be interpreted to permit the disclosure of personal information based solely on the fact that a public records request has been made. . . . [A] public records request is not, in and of itself, a sufficient basis to obtain personal information protected by the DPPA. Id. “Thus, in circumstances where the DPPA prohibits the release of personal information obtained from DMV records, the public records law exempts that information from disclosure.” Id. at 356. An Arkansas Supreme Court opinion upholding disclosure in Arkansas State Police v. Wren, 491 S.W.3d 124 (Ark. 2016), spotlights the same distinction between accident reports and other motor-vehicle-related records. In Wren, the requester sought access to certain accident reports under the Arkansas Freedom of Information Act (AFOIA) to solicit clients for his law practice. Id. at 125. Prior to disclosure of the reports to the requester, the Arkansas State Police redacted the names from the reports as personal information protected by the DPPA. Id. The Arkansas Supreme Court agreed with the requester that this was improper because vehicle accident reports created by police officers were not “motor vehicle records,” and therefore, names and addresses in such reports were not protected from disclosure by the DPPA. Id. at 128. Our case is different from Wren. Milligan did not seek information on accident reports. 6 As already discussed, he did not seek information 6Additionally, there is authority contrary to Wren. See Pavone v. Law Offices of Anthony Mancini, Ltd., 118 F. Supp. 3d 1004, 1006 (N.D. Ill. 2015) (concluding that the DPPA exclusion for accident reports “refers to information about the accident, not the personal information that is included in accident reports”); see also Wilcox v. Batiste, 360 F. Supp. 3d 1112, 1125 (E.D. Wash. 2018) (noting that the law is “unsettled” on whether personal information within accident reports is or is not protected by the DPPA). 20 on driving violations. Therefore, the names he requested would be considered “personal information” as defined by § 2725(3) of the DPPA. Those names were subject to the overall shield on the disclosure of such information set forth in DPPA § 2721(a)(1). When a legal proceeding for a traffic violation is initiated in the Iowa courts, then subject to certain redactions the record is and should be publicly available from the courts. See Lucas v. Moore, ___ F. Supp. 3d ___, 2019 WL 4346344, at *4 (S.D. Ohio Sept. 12, 2019) (holding that a municipal court’s disclosure of certain personal information relating to a minor misdemeanor traffic offense on the public judicial website was permissible under the DPPA exceptions found in § 2721(b)(1) and (b)(4)), appeal docketed, No. 19-4010 (6th Cir. Oct. 17, 2019). This principle applies when a city brings a municipal infraction proceeding in court for violation of an ATE ordinance. Court dockets historically in Iowa have been open to the public, predating the Open Records Act. See Judicial Branch v. Iowa Dist. Ct., 800 N.W.2d 569, 575 (Iowa 2011), superseded in part by statute, 2015 Iowa Acts ch. 83, § 1 (codified at Iowa Code § 901C.2 (2016)), as recognized in State v. Doe, 903 N.W.2d 347, 351 (Iowa 2017). And they continue to be open to the public. But our case presents the different question whether a motorist’s personal information that is shielded from public disclosure by the DPPA and that is not filed in court can be obtained from a governmental entity. We conclude that it cannot be. Note also that if we were to adopt Milligan’s position, then law enforcement in Iowa could be required under the Open Records Act to Also, in Iowa, a separate statute makes accident reports filed by a law enforcement officer confidential subject to certain exceptions. See Iowa Code § 321.271(2); see also Shannon ex rel. Shannon v. Hansen, 469 N.W.2d 412, 415 (Iowa 1991) (discussing this statute). 21 disclose the names of persons issued warnings who never received traffic tickets. Also, in a case like Milligan’s, the requester would be able to obtain not just the names of individuals, but the actual vehicle license plate associated with each individual. 7 Iowans, we think. These things would surprise many A mass production of license-plate-and-name combinations could be used to facilitate stalking—exactly the situation the DPPA was enacted to prevent. Because we are reversing the district court’s order that the names of individuals cited and not cited for ATE violations must be disclosed by the City to Milligan, we also reverse the supplemental order awarding attorney fees and costs to Milligan. V. Conclusion. For the foregoing reasons, we reverse the district court’s judgment and remand the case for further proceedings consistent with this opinion. REVERSED AND REMANDED. All justices concur except Wiggins, C.J., and Appel, J., who dissent. 7As we have discussed, Milligan wanted the names of persons cited and not cited “to see that the City of Ottumwa was enforcing their automated speed car enforcement fairly across the board between all citizens.” But logically, to determine if enforcement was occurring “fairly across the board,” one would need to see the photographs of the violation transmitted by RedSpeed to the City, which include the vehicle license plates. 22 #21/17–1961, Milligan v. Ottumwa Police Dep’t WIGGINS, Chief Justice (dissenting). I respectfully dissent. Because I conclude that the Iowa Open Records Act requires the City to disclose the information Milligan sought and that neither the Driver’s Privacy Protection Act of 1994 (DPPA), 18 U.S.C. §§ 2721–2725 (2012), nor Iowa Code section 321.11 (2017) precludes the City from disclosing the requested information, I would affirm the district court’s order to produce. My analysis begins with an examination of the Iowa Open Records Act, Iowa Code chapter 22. On appeal, the City does not dispute that the information Milligan requested qualifies as a public record under chapter 22 nor does it claim that any part of chapter 22 makes that information confidential. However, the inquiry does not end there but must involve review of the DPPA and Iowa Code section 321.11 and their effects on disclosure. The DPPA limits the City’s ability to redisclose personal information it obtained from the Iowa Department of Transportation (IDOT). In order for the City to redisclose the information sought by Milligan, which it obtained from the IDOT, redisclosure must be allowed under the permissible use section of the DPPA. See 18 U.S.C. § 2721(c); Reno v. Condon, 528 U.S. 141, 146, 120 S. Ct. 666, 669–70 (2000). The DPPA allows the disclosure or redisclosure of personal information for the following purposes: (1) For use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions. .... 23 (4) For use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a Federal, State, or local court. .... (14) For any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety. 18 U.S.C. § 2721(b)(1), (4), (14). It is clear to me that under any one of these exceptions, the City is allowed to disclose the information sought by Milligan. Under § 2721(b)(1), disclosure is allowed because the City is exercising a lawful function under its ordinances when it issues a notice of violation to a person accused of or under investigation for failing to obey a speed limit. See City of Tallahassee v. Federated Publ’ns, Inc., No. 4:11cv395–RH/CAS, 2012 WL 5407280, at *2 (N.D. Fla. Aug. 9, 2012) (finding a city’s issuance of “a violation notice to a person accused of, or under investigation for, running a red light” was a lawful function of the city and, therefore, § 2721(b)(1) allowed the disclosure of the person’s name on the notice). The names of the persons not given a notice of violation are persons under investigation for failing to obey the speed limit. Under § 2721(b)(4), disclosure is allowed because the City initiates an administrative proceeding, albeit as an informal process. See id.; see also Gilday v. City of Indianapolis, 54 N.E.3d 378, 384–85 (Ind. Ct. App. 2016) (holding § 2721(b)(4) allowed disclosure of a vehicle owner’s name and address on a parking ticket left on the vehicle because the disclosure was “for use in connection with” the administrative proceeding whereby the city finds parking violations and imposes fines). 24 Finally, under § 2721(b)(14), disclosure is allowed because the City’s ATE program is permitted by Iowa law and relates to motor vehicles and public safety. See Federated Publ’ns, Inc., 2012 WL 5407280, at *2 (finding § 2721(b)(14) allowed disclosure of the violators’ names on the notices of violation because the red-light program at issue was specifically authorized by Florida law and related to motor vehicle operation). We previously held that Iowa law allows a city to operate a speed camera program under its home rule authority. City of Davenport v. Seymour, 755 N.W.2d 533, 537–39, 543–44, 545 (Iowa 2008). Undoubtedly, the speed camera program relates to the operation of motor vehicles. Further, supporters of speed camera programs justify their operation as promoting public safety, id. at 544, even when no notice of violation is issued. The majority concludes that ATE citations are not “driving violations” under the DPPA and, impliedly, that ATE citations are, therefore, not “personal information.” See 18 U.S.C. § 2725(3) (excluding “information on . . . driving violations” from the definition of personal information). In doing so, it relies on vehicular-accident-report cases. I disagree with this approach. The accident-report cases are inconsistent—some allow disclosure, some do not. See Wilcox v. Batiste, 360 F. Supp. 3d 1112, 1125 (E.D. Wash. 2018) (acknowledging the unsettled question of whether personal information in accident reports is protected under the DPPA). Compare Mattivi v. Russell, No. Civ.A. 01–WM–533(BNB), 2002 WL 31949898, at *4 (D. Colo. Aug. 2, 2002) (holding disclosure of an accident report did not violate the DPPA because such reports are not a “motor vehicle record” under § 2725(1) of the DPPA), Ark. State Police v. Wren, 491 S.W.3d 124, 128 (Ark. 2016) (same), and New Richmond News v. City of New Richmond, 881 N.W.2d 339, 352 (Wis. Ct. App. 2016) (finding disclosure of 25 unredacted accident report to newspaper was allowed under § 2721(b)(14)’s exception for a use as authorized by state law), with Pavone v. Law Offices of Anthony Mancini, Ltd., 118 F. Supp. 3d 1004, 1006–07 (N.D. Ill. 2015) (holding accident reports are not motor vehicle records under the DPPA but § 2722(a), nonetheless, protects any personal information in such reports that is obtained from a motor vehicle record). They are also distinguishable from the factual situation in this case. Here, Milligan was not looking for all the details contained in accident reports—e.g., license plate numbers; driver’s date of birth, sex, license number, or home address; or the vehicle owner’s home address. See, e.g., Iowa Dep’t of Transp., Investigating Officer’s Crash Reporting Guide 3–4, 11–12 (2015), https://iowadot.gov/mvd/driverslicense/ InvestigatingOfficersCrashReportingGuide.pdf (providing instruction to law enforcement on completing accident reports, including what personal information to obtain); Iowa Dep’t of Transp., Form 433003, Investigating Officer’s Report of Motor Vehicle Accident 1 https://one.nhtsa.gov/nhtsa/stateCatalog/states/ia/crash.html (2013), (follow “Iowa Crash Report Form 433003, Rev. 11/2013” hyperlink) (IDOT’s accident report form for law enforcement). Rather, he just wanted the names of vehicle owners who were and were not issued ATE citations following a report of a violation. See Federated Publ’ns, Inc., 2012 WL 5407280, at *3 (noting redaction of some personal information on a violation notice may be required if that personal information is not necessary to the administrative proceeding or to the violation notice). In any event, because I find that the information Milligan sought could be disclosed under the exceptions found in § 2721(b)(1), (4), and (14), my analysis does not change regardless of whether the information sought is personal information because, as the majority reasons, it does 26 not qualify as driving violations. Thus, I find the DPPA allows the City to redisclose the information sought by Milligan. Accordingly, I also find that Iowa Code section 321.11 allows the City to redisclose the information sought by Milligan. Section 321.11 essentially codifies the DPPA into the Iowa Code. See Locate.Plus.Com, Inc. v. Iowa Dep’t of Transp., 650 N.W.2d 609, 615–16 (Iowa 2002). In this way, any prohibition against disclosure or redisclosure of personal information under section 321.11 is governed by the DPPA. As the DPPA does not prohibit redisclosure of the information Milligan sought, neither does Iowa Code section 321.11. Having found that the Iowa Open Records Act requires the City to redisclose the information sought by Milligan and that neither the DPPA nor Iowa Code section 321.11 precludes the City from making such a redisclosure, I would hold the district court was correct in requiring the City to disclose the requested information to Milligan. See Federated Publ’ns, Inc., 2012 WL 5407280, at *2–3 (requiring the city to disclose the names of violators to a private party when the DPPA did not prohibit such disclosure and the state’s public records law required disclosure). I also emphasize that Milligan is asking for only the names of persons, not extraneous information such as license numbers, plate numbers, or addresses. The release of this limited information will not be contrary to the purpose of the DPPA, which is to address public safety concerns regarding stalkers’ and other criminals’ easy access to the personal information in IDOT records and to restrain the sale of that information to businesses and individuals. Cf. Senne v. Village of Palatine, 784 F.3d 444, 447–48 (7th Cir. 2015) (balancing the utility of the disclosure against the risk of the harm that was the impetus for the DPPA); Ark. State Police, 491 S.W.3d at 128 (considering Congress’s intent in 27 enacting the DPPA when holding that accident reports are not motor vehicle records under the DPPA regardless of whether information in the report may have been obtained from the state department of motor vehicles). Accordingly, I would hold the Iowa Open Records Act requires disclosure of the information sought and neither the DPPA nor Iowa Code section 321.11 protects the information requested from disclosure. Appel, J., joins this dissent.
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
