Court to Hear Privacy Case Next Term
The more interesting question is whether the Supreme Court values privacy. I will avoid the boring legal and grammatical issues here, but some of the basics are relevant.
The case is Doe v. Chao, and it arose under the Privacy Act of 1974. The act requires federal agencies to comply with principles of fair information practices. The law establishes comprehensive privacy rules, including a provision for lawsuits by individuals harmed by improper agency actions. The act is one of several privacy laws that allows an award of minimum statutory damages to successful plaintiffs.
The plaintiffs are coal miners who brought black lung disease compensation claims to the Department of Labor for adjudication. The department used the Social Security numbers of the miners as case numbers. The numbers were later published in a report that became part of legal databases. The result was that the Social Security numbers effectively became public. The basic argument is that this public disclosure of Social Security numbers violated the Privacy Act of 1974.
The specific issue that caught the court's attention is the section of the law establishing liquidated damages for individuals who suffer an adverse effect because of a willful or intentional violation of the Privacy Act. Most circuit courts have held that a Privacy Act plaintiff asserting emotional distress as an adverse effect could recover minimum statutory damages of $1,000.
In the present case, however, the Fourth Circuit held that a greater showing of harm was required in order to qualify for liquidated damages. The court wanted to see evidence of medical, psychological or psychiatric treatment, loss of income or other effects on conduct or lifestyle. The Fourth Circuit did not find that the plaintiff met the burden and it overturned the award to the only plaintiff found by the lower court to meet the standard.
The Supreme Court presumably took the case because of the split in the rulings of the circuit courts. Disagreements among lower courts are a traditional part of the court's jurisdiction.
The case may turn on a point of grammar rather than a substantive point of law. However, the legal and policy issues are more interesting. Regardless of what the court's decision ultimately says, it is the broader issues that are likely to influence the result.
One of the biggest impediments to privacy litigation is the difficulty of proving damages. In some cases, it may be relatively easy to show actual harm. An improper disclosure may result in someone being fired. Incorrect information may cause someone to be denied for a mortgage and lose an opportunity to buy a house.
In other cases, showing actual physical or monetary damages is harder. If information is improperly disclosed so that people in your office or in your neighborhood learn that you suffer from heart disease, AIDS or cancer, how do you translate the sense of embarrassment, humiliation or shame into monetary damages? The disclosure may change the way that people treat you, but it can be difficult to put a specific dollar figure on it. Even worse, when monetary damages are so uncertain, it can be hard to find a lawyer willing to handle a lawsuit unless the facts are likely to be particularly appealing to a jury.
The difficulty of proving monetary damages is one reason that privacy laws sometimes provide for liquidated damages. The general model is that anyone who can prove a violation of the law receives the greater of actual damages or liquidated damages. For cases that involve hard-to-prove damages, an award of liquidated damages ensures some recovery and simplifies the litigation. Liquidated damages are particularly helpful in class action lawsuits, where even small statutory awards are enough to attract lawyers when the class is large enough.
One of the more perverse developments in privacy damages comes from the rise of identity theft. The prevalence of identity theft makes it easier to show harm in some privacy cases. Identity theft offers a real-world example of the type of harm that results from disclosure. If someone casually and improperly discloses your Social Security number, you are at greater risk for identity theft. One measure of damages might be the cost of an insurance policy to protect against the consequences of identity theft. An additional measure might be the cost of reviewing credit reports and of subscribing to credit watch services. Other effects of identity theft - or the possibility of identity theft - may give rise to other types of damages.
In the end, I think that the case may turn less on the narrow issue of grammar and more on the court's evaluation of the value of privacy. Because availability of Social Security numbers makes it more likely that someone will be a victim of identity theft, the connection between disclosure and harm should be more apparent. On the other hand, the court often decides cases in a way that reduces the amount of litigation.
I'd bet a nickel that privacy wins this case, but I wouldn't bet much more than that. Whether the case will eventually have major implications for private sector litigation remain to be seen, but I would bet that it does because Supreme Court decisions in privacy lawsuits are rare.