February 27, 2021

Volume XI, Number 58

Advertisement

February 26, 2021

Subscribe to Latest Legal News and Analysis

February 25, 2021

Subscribe to Latest Legal News and Analysis

February 24, 2021

Subscribe to Latest Legal News and Analysis

JUST OUT: Federal Court Grants Preliminary Approval of Litigation Settlement Involving Alleged Unauthorized Disclosure of Driver Information

Data privacy litigation comes in all shapes and sizes.  One federal privacy statute that CPW readers may not have heard of is the Driver’s Privacy Protection Act (“DPPA”).  A class action settlement which just received a federal court’s preliminary approval provides a good “vehicle” for discussing the contours of this law and its impact on data privacy litigation.  Gaston v. Lexisnexis Risk Solutions, 2021 U.S. Dist. LEXIS 12872 (W.D.N.C. Jan. 25, 2021).  More broadly, the case is yet another example of a defendant agreeing to adopt privacy-related measures to resolve litigation.  Read on below.

What is the DPPA?  Good question.  Generally speaking, the DPPA is a federal statute governing the sale and resale of certain “personal information” from motor vehicle records.  Following the well-publicized murder of an actress in 1989 by a stalker (who had obtained her unlisted home address from a state DMV), the DPPA was enacted for the purpose of protecting drivers from violent crime.  The DPPA was also intended to curb certain direct marketing and solicitation practices.  Notably, the statute contains a private right of action.

In Gaston, Plaintiffs filed a putative class action complaint alleging that after they had been involved in car accidents, their driver information had been electronically transmitted by investigating officers and law enforcement agencies to the North Carolina DMV in order to create a “DMV-349 crash report”.  They alleged that information in those crash reports was then accessed and used by PoliceReports.US LLC and LexisNexis Risk Solutions to solicit business in violation of the DPPA.  (Following the accidents at issue, Plaintiffs allegedly received numerous mailers from personal injury law firms).

In the litigation, Defendants argued that crash reports do not fall within the scope of the DPPA as they are not a “motor vehicle record” as the term is defined by statute.  They additionally argued that even if the disclosures at issue were covered by the DPPA, they were for a “permissible purpose” (and therefore could not provide a basis for Plaintiffs’ lawsuit).  Following discovery, both parties moved for summary judgment.  The court held that the DMV-349 crash reports are “motor vehicle records” under the DPPA.  Additionally, “based on Defendants’ admission that they disclosed the reports without regard to whether the personal information in the reports would be used for a purpose permitted by the DPPA as well as the undisputed evidence that at least some of those reports were used for an impermissible purpose,” the court awarded Plaintiffs summary judgment on their claim for declaratory and injunctive relief.

In the wake of the court’s summary judgment ruling, the parties had a mediation.  The result of that was a joint settlement.  The settlement agreement defined members of the settlement class to include:

All persons who: (i) at any time within the four years prior to the date the Complaint was filed through the date of Final Judgment, (ii) had his or her personal information (including a driver identification number, name, address, or telephone number) appear on a Crash Report, and (iii) that Crash Report was available for purchase via an online solution supported, owned or operated by or on behalf of PoliceReports.US, LLC or LexisNexis Claims Solutions Inc.

As part of the settlement, Defendants agreed to business changes to govern the disclosure of crash reports going forward.  This included certain prohibitions on marketing and soliciting, as well as disclosing the information contained in the crash reports only under limited circumstances (including disclosures protected under the DPPA).  In granting preliminary approval of the settlement, the court accepted the parties’ shared argument that it was a “fair, reasonable, and adequate resolution of the claims brought in this action” and that the settlement also represents a new standard for the treatment of information contained in crash reports nationwide.

A final approval hearing in the litigation has been scheduled for May 24, 2021.  While the issues raised by this litigation are unique to the DPPA, the case is consistent with the trend of defendants in litigation adopting privacy-related measures to settle out claims (as was also seen with the Hanna Andersson settlement last year).  Keep an eye out for more of the same going forward.  And as those developments occur, CPW will be there to keep you informed in real time.  Stay tuned.

Advertisement
© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 27
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

216-479-8070
Advertisement
Advertisement