Errant Email Defeats Motion To Dismiss DPPA Claims

Mere possibility of incorrect response does not render DPPA claims implausible

Lopez v. Don Herring Ltd
Class certified – Don Herring allegedly obtained sales leads from third-party data suppliers who allegedly obtained personal identifying information of motor vehicle owners from the Texas Department of Motor Vehicles (TXDMV). Plaintiff claimed a direct marketing letter from Don Herring included his name, address, make, model and year of his vehicle. Plaintiff claimed he had no prior commercial relationship with Don Herring, and never consented to access, directly or indirectly, of his motor vehicle records. Plaintiff claimed an email exchange with a Don Herring employee confirmed the practice of using third parties to obtain vehicle registration records (see FAC Exhibits 2 & 3).

On defendant’s motion to dismiss, the court found Herring’s own email made it plausible that Herring (or its agents) knowingly obtained plaintiff’s information from the TXDMV. The mere possibility the email respondent may have been incorrect about the source of plaintiff’s information did not render the claim implausible. Although Herring may have attestations from its agents stating plaintiff’s information was obtained through other sources, consideration of those attestations was better suited for a motion for summary judgement, after plaintiff had a chance to gather and submit evidence in response.
[N.D. TX; 3:16-cv-02663]
jbho: the old list broker conundrum. When relying on third parties for lead generation, you must adequately vet your data providers to ensure data is collected in a fair and legal manner.

Also, make sure to train your employees how to handle privacy complaints, and make sure complaints are directed to individuals who are qualified to answer them. Here, an off-the-cuff response will likely lead to a costly discovery process.

Finally, a reminder of the criticality of data attribution, and knowing with certainty the collection point through which data was obtained, thus guaranteeing you know:
• the legitimate (an legally permissible) purposes of use
• the consents obtained at the point of collection
• the agreement(s) under which any disputes will be resolved (e.g., can arbitration be compelled?)
Make sure your systems use appropriate metadata tagging, so you know the Who/What/Where/When/How (WWWWH) of information collected.

For the record, DPPA remedies are as follows:
(b) Remedies.–The court may award–
(1) Actual damages, but not less than liquidated damages in the amount of $2,500;
(2) Punitive damages upon proof of willful or reckless disregard of the law;
(3) Reasonable attorneys’ fees and other litigation costs reasonably incurred; and
(4) Such other preliminary and equitable relief as the court determines to be appropriate.

Leave a Reply

%d bloggers like this: