Opinion
No. 08-4582.
Argued: October 13, 2010.
Decided and Filed: April 21, 2011.
Appeal from the United States District Court for the Northern District of Ohio, Patricia A. Gaughan, J.
ARGUED: Kurt R. Hunt, Dinsmore Shohl, Cincinnati, Ohio, for Appellant. Sharon Swingle, United States Department of Justice, Washington, D.C., for Appellees. ON BRIEF: Kurt R. Hunt, Michael J. Newman, Dinsmore Shohl, Cincinnati, Ohio, for Appellant. Sharon Swingle, Douglas N. Letter, United States Department of Justice, Washington, D.C., for Appellees. Julia A. Shearson, Geneva, Ohio, pro se.
OPINION
Plaintiff Julia Shearson appeals the district court's grant of summary judgment to Defendants Department of Homeland Security (DHS) and Customs and Border Protection (CBP) dismissing her claims brought under the Privacy Act, 5 U.S.C. § 552a. The district court held that the relevant systems of records were properly exempted under § 552a(j)(2) from several provisions Shearson alleged were violated, and that Defendants had also properly exempted the systems from the civil-remedies provision of the Privacy Act, § 552a(g). We VACATE the dismissal of Shearson's claims under §§ 552a(b) and (e)(7), provisions which are non-exemptible under § 552a(j). We AFFIRM the dismissal of Shearson's claims brought under substantive provisions from which Defendants could and did properly exempt pertinent systems of records under § 552a(j), specifically §§ 552a(d), (e)(1), and (e)(5). We also affirm the dismissal of Shearson's claim under § 552a(e)(4).
I
Shearson and her four-year-old daughter, United States citizens by birth and Muslims, returned by car from a weekend in Canada at around 8:30 p.m. on January 8, 2006, via the Peace Bridge in the Buffalo, New York/Fort Erie area. On scanning their United States passports, the CBP computer flashed "ARMED AND DANGEROUS," and CBP agents asked Shearson to turn over her car keys and step out of the car. Shearson was handcuffed, and, after several hours of questioning in the terminal, she and her daughter were released without explanation. As they left, Shearson inquired whether her vehicle had been searched and was told no search had been conducted. This proved to be false; Shearson's vehicle had been searched and was damaged in the course of the search.
Shearson resides in the Northern District of Ohio and is a regional office director for a national Muslim non-profit civil rights and educational organization.
After Shearson wrote several Ohio congressional representatives, who in turn contacted the CBP, the CBP advised the legislators that its agents had acted "in response to what later proved to be a false computer alert."
Shearson submitted requests under the Privacy Act to the DHS/CBP. The CBP searched the TECS, formerly known as the Treasury Enforcement Communications System, a computerized information system containing information from a variety of federal, state, and local sources, and provided nine pages of greatly-redacted documents pertinent to the border stop. Shearson v. Dep't of Homeland Sec, 2007 WL 764026, at *1 (N.D.Ohio March 9, 2007), reversed in part on other grounds on reconsideration 2008 WL 928487 (N.D.Ohio April 4, 2008). At some point, the CBP performed a second search of its records, which uncovered three additional documents. Defendants withheld these documents. Shearson believed the response constituted a denial of her statutory rights and filed an administrative appeal on April 21, 2006, requesting that all information be reissued unredacted. Id.
Shearson also made requests under the Freedom of Information Act, 5 U.S.C. § 552 (FOIA). Her FOIA claims are not at issue in this appeal.
No action having been taken on her administrative appeal, Shearson filed a complaint pro se on June 15, 2006, and an amended complaint pro se, on August 23, 2006, seeking a declaration that Defendants violated the Privacy Act by refusing to provide unredacted records, access to all documentation held, and amendment of erroneous information. See Shearson, 2007 WL 764026, at *10. Shearson's amended complaint alleged denial of records and disclosure (Count I) and improper dissemination (Count II). Shearson alleged inter alia that Defendants failed to make reasonable efforts to ensure the accuracy of the records, improperly maintained records pertaining to her First Amendment activity, and failed to properly account for certain disclosures. Id., at *12 n. 14.
As the district court recognized, Shearson alleged improper dissemination, i.e., wrongful disclosure, and improper maintenance of records of First Amendment activity, among other claims. See Shearson, 2007 WL 764026, at *10, 12 n. 14. We thus reject Defendants' argument that Shearson's allegations as to these two claims "are too generalized, speculative, and insubstantial to state a valid claim for the alleged violation of those provisions." Defs.' Suppl. Br. at 25.
On Defendants' motion for summary judgment, the district court dismissed Shearson's Privacy Act claims, concluding that Defendants were not subject to various subsections from which they had properly exempted the systems of records. As to Shearson's claims under §§ 552a(b) and 552a(e)(7), the district court concluded that even though those provisions are non-exemptible under § (j)(2), Defendants' exemption of the systems of records from § (g), the civil-remedies provision, barred the claims. This appeal ensued.
II
This court reviews a district court's grant of summary judgment de novo, viewing all evidence and drawing all reasonable inferences therefrom in the light most favorable to the nonmoving party. Helms v. Zubaty, 495 F.3d 252, 255 (6th Cir. 2007). Statutory interpretation questions are also reviewed de novo. United States v. Miami Univ., 294 F.3d 797, 812 (6th Cir. 2002). The plain language of the statute is the starting point for interpretation, but the structure and language of the statute as a whole can aid in interpreting the plain meaning. Fullenkamp v. Veneman, 383 F.3d 478, 483 (6th Cir. 2004).
A.
The Privacy Act's civil-remedies provision, 5 U.S.C. § 552a(g), provides in pertinent part:
(g)(1) Civil remedies. — Whenever any agency
(A) makes a determination under subsection (d)(3) of this section not to amend an individual's record in accordance with his request, or fails to make such review in conformity with that subsection;
(B) refuses to comply with an individual request under subsection (d)(1) of this section;
(C) fails to maintain any record concerning any individual with such accuracy, relevance, timeliness, and completeness as is necessary to assure fairness in any determination relating to the qualifications, character, rights, or opportunities of, or benefits to the individual that may be made on the basis of such record, and consequently a determination is made which is adverse to the individual; or
(D) fails to comply with any other provision of this section, or any rule promulgated thereunder, in such a way as to have an adverse effect on an individual, the individual may bring a civil action against the agency, and the district courts of the United States shall have jurisdiction in the matters under the provisions of this subsection.
(2)(A) In any suit brought under the provisions of subsection (g)(1)(A) of this section, the court may order the agency to amend the individual's record in accordance with his request or in such other way as the court may direct. In such a case the court shall determine the matter de novo.
. . . .
(3)(A) In any suit brought under the provisions of subsection (g)(1)(B) of this section, the court may enjoin the agency from withholding the records and order the production to the complainant of any agency records improperly withheld from him. In such a case the court shall determine the matter de novo. . . .
. . . .
The Act's general exemptions provision, § 552a(j), provides:
(j) General exemptions. — The head of any agency may promulgate rules, in accordance with the requirements (including general notice) of sections 553(b)(1), (2), and (3), (c), and (e) of this title, to exempt any system of records[] within the agency from any part of this section except subsections (b), (c)(1) and (2), (e)(4)(A) through (F), (e)(6), (7), (9), (10), and (11), and (i) if the system of records is —
"[T]he term `system of records' means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual[.]" 5 U.S.C. § 552a(a)(5).
. . . .
(2) maintained by any agency or component thereof which performs as its principal function any activity pertaining to the enforcement of criminal laws. . . .
At the time rules are adopted under this subsection, the agency shall include in the statement required under section 553(c) of this title, the reasons why the system of records is to be exempted from a provision of this section.
5 U.S.C. § 552a(j) (emphasis added).
B
Discussing the Privacy Act's purpose, the Supreme Court has stated: "[I]n order to protect the privacy of individuals identified in information systems maintained by Federal agencies, it is necessary . . . to regulate the collection, maintenance, use, and dissemination of information by such agencies." Doe v. Chao, 540 U.S. 614, 618, 124 S.Ct. 1204, 157 L.Ed.2d 1122 (2004) (quoting Privacy Act of 1974, § 2(a)(5), 88 Stat. 1896). The Act "allows the Government to maintain records `about an individual' only to the extent the records are `relevant and necessary to accomplish' a purpose authorized by law." Nat'l Aeronautics and Space Admin, v. Nelson, ___ U.S. ___, 131 S.Ct. 746, 762, 178 L.Ed.2d 667 (2011) (quoting 5 U.S.C. § 552a(e)(1)). "The Act requires written consent before the Government may disclose records pertaining to any individual." Id. (citing § 552a(b)). Regarding the civil-remedies provision, § 552a(g), Doe v. Chao states:
Subsection (g)(1) recognizes a civil action for agency misconduct fitting within any of four categories . . ., 5 U.S.C. §§ 552a(g)(1)(A)-(D), and then makes separate provision for the redress of each. The first two categories cover deficient management of records: subsection (g)(1)(A) provides for the correction of any inaccurate or otherwise improper material in a record, and subsection (g)(1)(B) provides a right of access against any agency refusing to allow an individual to inspect a record kept on him. . . .
The two remaining categories deal with derelictions having consequences beyond the statutory violations per se. Subsection (g)(1)(C) describes an agency's failure to maintain an adequate record on an individual, when the result is a determination "adverse" to that person. Subsection (g)(1)(D) speaks of a violation when someone suffers an "adverse effect" from any other failure to hew to the terms of the Act. . . .
Doe, 540 U.S. at 618-19, 124 S.Ct. 1204.
III
This case presents an issue of first impression in this Circuit: whether the Privacy Act's general exemptions provision, § 552a(j), permits an agency to wholly exempt systems of records from the civil-remedies provision, § 552a(g), and thereby avoid all civil liability, even for violations of non-exemptible provisions.
A
We look first to the Act's plain language. The civil-remedies provision, § 552a(g), is conspicuously absent from § 552a(j)'s list of non-exemptible provisions, thus supporting the view that an agency can exempt systems of records from the civil-remedies provision. At the same time, however, § 552a(j) precludes an agency from exempting systems of records from certain enumerated substantive provisions, violations of which would be vindicated through the civil-remedies provision, thus implying that the agency is without authority to relieve itself from civil liability for violating these non-exemptible provisions.
Against this backdrop, the parties put forth statutory interpretations on opposite ends of the spectrum — Shearson argues that an agency cannot exempt itself from the general civil-remedies provision under § 552a(j), and Defendants argue that because the systems of records were properly exempted from § 552a(g), all of Shearson's claims are barred.
This issue implicates a Circuit split in authority. In Alexander v. United States, 787 F.2d 1349, 1351-52 (9th Cir. 1986), the Ninth Circuit concluded that because the agency had promulgated rules exempting the records system at issue from § 552a(g)(1), the plaintiff was barred from taking advantage of the civil remedies afforded by the Privacy Act and thus failed to state a claim thereunder. In Kimberlin v. Department of Justice, 788 F.2d 434, 436 n. 2 (7th Cir. 1986), the Seventh Circuit stated that although information systems can be exempted from the civil-remedies provision pursuant to § 552a(j), the exemption did not apply because the agency had not stated reasons for the exemption in its exempting rule. In Ryan v. Department of Justice, 595 F.2d 954, 958 (4th Cir. 1979), the Fourth Circuit recognized that an agency may exempt a system of records from the application of the § 552a(g) civil-remedies provision, but concluded that the agency had not properly done so for the system of records at issue. All three cases simply stated that an agency can exempt itself from § 552a(g) by properly promulgating rules. In none of these cases was that authority challenged.
Conversely, the District of Columbia Circuit in Doe v. F.B.I., 936 F.2d 1346, 1352 (D.C. 1991) (discussing and clarifying Tijerina v. Walters, 821 F.2d 789 (D.C. 1987)), held that an agency cannot escape liability for violating non-exemptible Privacy Act obligations simply by exempting itself from the Act's civil-remedy provisions; rather, an agency may exempt a system of records from the civil-remedies provision only to the extent that the underlying substantive duty is exemptible under § 552a(j).
Although Tijerina may be read as precluding an agency from exempting itself from any civil liability ("[w]e . . . hold that a governmental agency cannot employ subsection (j) to exempt itself from subsection (g)'s [civil-remedies] provision for civil liability for violations of the Act"), Tijerina, 821 F.2d at 797, the D.C. Circuit in Doe clarified that Tijerina held that an agency may not exempt itself from civil liability if the underlying duty allegedly violated is non-exemptible under § 552a(j), the "general exemption" provision. See Doe v. F.B.I., 936 F.2d at 1352 (" Tijerina merely held that an agency cannot escape liability for violating non-exemptible Privacy Act obligations simply by exempting itself from the Act's remedial provisions. . . . In sum, as both Tijerina and our decision today recognize, the touchstone for an agency's liability to suit under the Act is the substantive obligation underlying the plaintiff's claim.")
Defendants assert that the plain language of the Privacy Act supports their interpretation, and focus on the Act's inclusion of § 552a(i), the criminal-penalties provision, in the list of non-exemptible provisions, to the exclusion of § 552a(g). Admittedly, this gives us pause. But, § 552a(g) and § 552a(i) are not parallel provisions. Section 552a(i) makes certain Section 552a(h) also does not impose substantive conduct a crime; if Congress intended that these offenses and penalties be non-exemptible, it had to include § 552a(i) in the list of § 552a(j)'s non-exemptible provisions because there is no other place in § 552a where conduct is made criminal and subject to penalty. In contrast, § 552a(g) is strictly an enforcement section. Sections 552a(g)(1)(A) and (B) refer specifically to duties set forth in § 552a(d)(3) and (1), respectively. Section 552a(g)(1)(C) incorporates language from § 552a(e)(5) requiring accuracy, relevance, timeliness and completeness. Section 552a(g)(1)(D) refers to a failure to comply with any other provision of § 552a. The remainder of § 552a(g) deals with jurisdiction, venue, the limitations period and available remedies. In sum, § 552a(g) provides for civil remedies; it does not impose substantive obligations. Congress's omission of § 552a(g) from the list of non-exemptible provisions in § 552a(j) is therefore not instructive. Had Congress included § 552a(g) in the list of non-exemptible provisions, it might have caused confusion with respect to exemptible obligations. Because § 552a(g) provides the general civil remedies for both exemptible and non-exemptible obligations, it is reasonable to conclude that Congress intended that the remedy follow the violation, i.e., § 552a(g) is applicable to non-exempted violations. We note that Congress similarly omitted § 552a(h) from the list of non-exemptible obligations. Section 552a(h) also does not impose substantive duties; it simply provides that a guardian may act on behalf of a minor or incapacitated person. Presumably, all would agree that Congress did not intend that agencies be permitted to exempt themselves from this provision through their rule-making authority.
Thus, we believe that Doe v. F.B.I., expresses the better view. Under Doe v. F.B.I., an agency is permitted to exempt a system of records from the civil-remedies provision if the underlying substantive duty is exemptible under § 552a(j): "the touchstone for an agency's liability to suit under the Act is the substantive obligation underlying the plaintiffs claim." Doe, 936 F.2d at 1352. We hold, in line with Doe, that the district court improperly dismissed Shearson's claims alleging violation of non-exemptible Privacy Act provisions, specifically, § 552a(b) (improper disclosure), and § 552 a(e)(7) (records of First Amendment activity).
B
We also question whether Defendants' efforts to exempt the systems of records from § 552a(g) were procedurally adequate. Under the Act, agencies seeking to promulgate exemptions under § 552a(j) must publish the justification for doing so. See, e.g., Ryan, 595 F.2d at 956-58; Kimberlin, 605 F.Supp. at 82. In this regard, Defendants' rule stated:
The Department hereby exempts the systems of records . . . from the following provisions of 5 U.S.C. 552a, pursuant to 5 U.S.C. 552a(j)(2): 5 U.S.C. 552a(c)(3) and (4), 5 U.S.C. 552a(d)(1), (2), (3), (4), 5 U.S.C. 552a(e)(1), (2), and (3), 5 U.S.C. 552a(e)(4)(G), (H), and (I), 5 U.S.C. 552a(e)(5) and (8), 5 U.S.C. 552a(f), and 5 U.S.C. 552a(g).
. . . .
(d) Reasons for exemptions under 5 U.S.C. 552a(j)(2).
. . . .
(12) 5 U.S.C. 552a(g) provides for civil remedies to an individual when an agency wrongfully refuses to amend a record or to review a request for amendment, when an agency wrongfully refuses to grant access to a record, when an agency fails to maintain accurate, relevant, timely, and complete records which are used to make a determination adverse to the individual, and when an agency fails to comply with any other provision of 5 U.S.C. 552a so as to adversely affect the individual. The systems of records should be exempted from this provision to the extent that the civil remedies may relate to provisions of 5 U.S.C. 552a from which these rules exempt the systems of records, since there should be no civil remedies for failure to comply with provisions from which the Department is exempted. Exemption from this provision will also protect the Department from baseless civil court actions that might hamper its ability to collate, analyze, and disseminate investigative, intelligence, and law enforcement data.
31 C.F.R. § 1.36(c)(2), (d)(12) (emphasis added).
31 C.F.R. § 1.36 so provided through June 30, 2006 (Shearson filed her complaint pro se on June 15, 2006).
Although this promulgated rule lists the civil-remedies provision among those from which the TECS was exempted, it clearly does not purport to exempt the TECS from §§ 552a(b) and 552a(e)(7), which are non-exemptible. The agency's stated justification for exempting the TECS from § 552a(g) is ambiguous regarding the extent to which the rule exempts the TECS from the civil-remedies provision. It is unclear whether the rule exempts the system of records from the entire provision, or only "to the extent that the civil remedies may relate to provisions of 5 U.S.C. 552a from which these rules exempt the systems of records."
IV
Several of Shearson's remaining claims involve Privacy Act provisions from which Defendants properly could, and did, exempt the TECS under § 552a(j), specifically, §§ 552a(d)(1)-(4), (e)(1), and (e)(5). See 31 C.F.R. 1.36 (quoted in part supra, also setting forth justifications for exempting the TECS from §§ 552a(d)(1)-(4), (e)(1), and (e)(5)). Where an agency properly exempts a system of records from exemptible provisions under § 552a(j), no civil liability can attach for violation of those provisions. See 76 C.J.S. Records § 100 ("Where an agency properly exempts itself from a provision of the Act, it is also exempt from the availability of judicial relief for violations of such provision," citing Ryan, 595 F.2d at 956-58, and Doe v. F.B.I., 936 F.2d 1346 (footnotes omitted)). Thus, we affirm the district court's dismissal of Shearson's claims under §§ 552a(d)(1)-(4), (e)(1) and (e)(5).
V
Shearson's remaining claim regards the Automated Targeting System (ATS) (as opposed to the TECS) and § 552a(e)(4).
A
Shearson had initially requested information from the TECS. After the district court dismissed Shearson's Privacy Act claims in March 2007, DHS disclosed additional records. DHS did not indicate that certain documents were from the ATS until March 2008. In June 2008, Shearson moved for an order permitting her to seek redress under the Privacy Act, arguing that Defendants' belated acknowledgment (in their Reply brief filed on March 20, 2008) that three of five additional documents pertinent to her claims were part of the ATS hindered her ability to "assert certain rights under the Privacy Act." Her memorandum in support argued that had she known before the issuance of the August 6, 2007, System of Records Notice (SORN) that Defendants maintained pertinent ATS records, she would have had an opportunity to seek civil remedies for violations of § 552a(e)(7). Shearson argued that during the period in which Defendants refused to name the system of records as ATS, November 2, 2006, to August 6, 2007, the ATS SORN listed in the Federal Register did not claim an exemption from § 552a(g), the civil-remedies provision. Shearson also argued that if, as Defendants maintained, the ATS was previously covered by the October 18, 2001, TECS SORN, and if Defendants had notified her that additional documents were part of the ATS, she may have been able to argue successfully that using the TECS SORN to cover the ATS was a direct violation of the § 552a(e)(4) notice requirements. The district court denied Shearson's request for an order permitting her to seek redress under the Privacy Act as procedurally defective and untimely.
B
We have reversed the dismissal of Shearson's claims under § 552a(e)(7) because Defendants cannot relieve themselves from liability for violating this section; thus we need not further address Shearson's § 552a(e)(7) claim. Shearson's request to pursue a claim under § 552a(e)(4) was properly denied because she failed to allege or show the requisite "adverse effect" from Defendants' alleged failure to provide notice specifically regarding the ATS at an earlier date.
"Adverse effect" is a term of art identifying a potential plaintiff who satisfies the injury-in-fact and causation requirements of Article III standing. Doe v. Chao, 540 U.S. at 624, 124 S.Ct. 1204. Although Shearson alleges adverse effects from the various alleged substantive breaches, these effects did not result from the failure to follow the rule-making requirements of § 552a(e)(4). Because Shearson failed to allege an adverse effect both in the district court and on appeal, a claim under § 552a(e)(4) cannot succeed under § 552a(g)(1)(D), which requires an adverse effect. And, because Shearson does not allege effects
VI
We VACATE the dismissal of Shearson's claims under §§ 552a(b) and (e)(7) because Defendants could not properly exempt the TECS and ATS from civil liability for violating these sections. We REMAND these claims for further proceedings consistent with this opinion. We AFFIRM the dismissal of Shearson's claims brought under substantive provisions of the Act from which Defendants could and did properly exempt the TECS under § 552a(j), specifically §§ 552a(d), (e)(1), and (e)(5). We also affirm the dismissal of Shearson's claim under § 552a(e)(4).
It is unclear whether Shearson alleges separate violations under each system of records. However, we note that Defendants asserted below that the ATS was part of the TECS for notice purposes.