American Federation of Government Empl. v. Hawley

Decision Date31 March 2008
Docket NumberCivil Action No. 07-00855 (HHK).
Citation543 F.Supp.2d 44
PartiesAMERICAN FEDERATION OF GOVERNMENT EMPLOYEES, et al., Plaintiffs, v. Kip HAWLEY, in his official capacity as Administrator, et al., Defendants.
CourtU.S. District Court — District of Columbia

Mark D. Roth, Charles Arthur Hobbie, American Federation Of Government Employees, Washington, DC, for Plaintiffs.

Jacqueline E. Coleman, U.S. Department of Justice, Washington, DC., for Defendants.

MEMORANDUM OPINION

KENNEDY, District Judge.

Plaintiffs, four transportation security officers employed by the Transportation Security Administration ("TSA") and the unions that represent them, bring this action against defendants TSA, Kip Hawley in his capacity as Administrator of the TSA, the Department of Homeland Security ("DHS"), and Michael Chertoff in his capacity as Secretary of the DHS. Plaintiffs allege that defendants violated the Aviation and Transportation Security Act ("ATSA"), 49 U.S.C. §§ 44901 and 44935, and the Privacy Act, 5 U.S.C. § 552a, by failing to establish appropriate safeguards to insure the security and confidentiality of personnel records.

Before the court is defendant's motion to dismiss [# 3]. Upon consideration of the motion, defendants' opposition thereto, and the record of this case, the court concludes that the defendants' motion should be granted in part and denied in part.

I. BACKGROUND

On May 3, 2007, TSA discovered that a hard drive was "missing from a controlled area at the TSA Headquarters Office of Human Capital." Compl. ¶¶ 28-29. The hard drive contained personnel data for approximately 100,000 individuals employed by TSA between January 2002 and August 2005, including names, social security numbers, birth dates, payroll information, financial allotments. Compl. ¶¶ 28, 29, 31. On May 4, 2007, Administrator Kip Hawley issued a broadcast email to all TSA employees providing notice of the incident and stating that TSA would provide employee with free credit monitoring for one year free of charge. Id.; Defs.' Mot. Dismiss, Exh. 1 (Decl. of Holmes), Att. 1 at 1 (5/4/2007 TSA Broadcast).1

II. ANALYSIS

On May 8, 2007, four TSA security officers ("individual plaintiffs") and their unions'("union plaintiffs") filed this class action complaint,2 alleging that defendants violated ATSA and the Privacy Act by failing to ensure the security of the missing hard drive. In their motion to dismiss, defendants argue (1) ATSA does not provide a private right of action; (2) the union plaintiffs lack standing to bring their Privacy Act claim under both the act and the requirements of associational standing; (3) the individual plaintiffs lack standing because they do not allege a cognizable injury; (4) plaintiffs' Privacy Act claim is unripe; and (5) plaintiffs' allegations are insufficient to state a Privacy Act claim. To these arguments the court now turns.

I. Plaintiffs' ATSA Claim

In response to the events of September 11, 2001, Congress enacted the Aviation and Transportation Security Act, Pub.L. No. 107-71, 115 Stat. 597 (2001), which created TSA and a federal workforce to screen passengers and cargo at commercial airports. 49 U.S.C. § 114. Among other things, ATSA requires the Administrator to "enforce security related regulations and requirements" and "oversee the implementation, and ensure the adequacy, of security measures at airports." §§ 114(f)(7), (11). Plaintiffs claim' defendants violated ATSA by "fail[ing] to maintain personnel data from loss consistent with security-related regulations" and by "fail[ing] to ensure the adequacy of security measures at airports resulting in the loss of personnel data." Compl. ¶¶ 45-46.

Defendants move to dismiss plaintiffs' ATSA claim, arguing that the statute does not provide a private cause of action, either express or implied. Plaintiffs admit that ATSA contains no express grant of a private cause of action, but contend that the court should find the act contains an implied cause of action because it "was enacted specifically to create a secure workforce of TSA screeners such as the Plaintiffs" and "protecting screeners' personnel data is vital to the protection of a secure workforce and security at the airports." Pls.' Opp'n to Defs.' Mot. Dismiss ("Opp'n") at 4. Plaintiffs further argue that "[t]here can be no doubt that the Plaintiffs ... are within the zone of interests created by the ATSA" because "the main purpose of the ATSA was to create this federal, security screening workforce." Id. The court agrees with defendants and finds that ATSA does not provide plaintiffs with a cause of action.

"[P]rivate rights of action to enforce federal law must be created by Congress." Alexander v. Sandoval, 532 U.S. 275, 286, 121 S.Ct. 1511, 149 L.Ed.2d 517 (2001) (citing Touche Ross & Co. v. Redington, 442 U.S. 560, 578, 99 S.Ct. 2479, 61 L.Ed.2d 82 (1979)). "The judicial task is to interpret the statute Congress has passed to determine whether it displays an intent to create not just a private right but also a private remedy." Id. (citing Transamerica Mortgage Advisors, Inc. v. Lewis, 444 U.S. 11, 15, 100 S.Ct. 242, 62 L.Ed.2d 146 (1979)). The court's analysis "must begin with the language of the statute itself." Touche Ross & Co. v. Redington, 442 U.S. at 568, 99 S.Ct. 2479. Absent statutory language that expressly grants a private right of action, the court must determine whether the statute contains an implied right of action. Anderson v. USAir, Inc., 818 F.2d 49, 54 (D.C.Cir. 1987). Four factors are relevant to discerning congressional intent to provide a private remedy:

(1) [W]hether the plaintiff is one of the class for whose benefit the statute was enacted;

(2) whether some indication exists of legislative intent, explicit or implicit, either to create or to deny a private remedy; (3) whether implying a private right of action is consistent with the underlying purposes of the legislative scheme; and (4) whether the cause of action is one traditionally relegated to state law, such that it would be inappropriate for the court to infer a cause of action based solely on federal law.

Tax Analysts v. IRS, 214 F.3d 179, 185-186 (D.C.Cir.2000) (citing Cort v. Ash, 422 U.S. 66, 78, 95 S.Ct. 2080, 45 L.Ed.2d 26 (1975)). Of the four factors, "the most important consideration is whether the legislature intended to create a private right of action." Dial A Car, Inc. v. Transportation, Inc., 132 F.3d 743, 744 (D.C.Cir.1998).

As to the first factor, the court finds that Congress did not enact ATSA for the special benefit of TSA employees,3 but rather for purposes of national security:

Recognizing that "the terrorist hijacking and crashes of passenger aircraft on September 11, 2001, which converted civil aircraft into guided bombs for strikes against the United States, required a fundamental change in the way [the government] approaches the task of ensuring the safety and security of the civil air transportation system," Congress enacted [ATSA] to improve security in the nation's transportation system. H.R. Conf. Rep. No. 107-296, at 53 (2001), reprinted in 2001 U.S.C.C.A.N. 589, 590. In order to achieve this goal, Congress created the Transportation Security Administration within the Department of Transportation and charged it with assuring "security in all modes of transportation." 49 U.S.C. § 114(d) (Supp. III 2003).

Coalition of Airline Pilots Ass'n v. FAA, 370 F.3d 1184, 1186 (D.C.Cir.2004); see also Springs v. Stone, 362 F.Supp.2d 686, 694, 705 (E.D.Va.2005) ("ATSA is a legislative initiative aimed a strengthening the security of this Nation's transportation infrastructure — the civil air transportation system in particular — and nothing else.... ATSA was not promulgated in order to protect the employment interests of federal screeners, but instead to address national security and passenger safety.... Security was Congress's paramount concern.").4

Turning to the second factor — whether some indication exists of legislative intent, explicit or implicit, either to create or to deny a private remedy — the court finds none. The text of § 114 creates the Transportation Security Administration and outlines the responsibilities of the Under Secretary of Transportation for Security. The specific sections plaintiffs allege defendants failed to implement are subparts of § 114(f),5 which is titled "[a]dditional duties and powers" and provides that "[i]n addition to carrying out the functions specified in subsections (d) and (e), the Under Secretary shall ..." perform specific additional duties. 49 U.S.C. § 114(f). The Supreme Court has held that statutes like this, which focus on the person regulated rather than the individuals protected, create "no implication of an intent to confer rights on a particular class of persons." Alexander, 532 U.S. at 288-89, 121 S.Ct. 1511.

Additionally, § 114 contains no "rightscreating language," Alexander, 532 U.S. at 288, 121 S.Ct. 1511, or any other indication that any individual or any entity may file a suit to enforce its provisions. See Anderson, 818 F.2d at 54 (recognizing that "phrasing a statute in general terms rather than specifically identifying the benefited class indicates a lack of intent to create a private right of action.") (internal quotation omitted). The court finds no congressional intent to allow individuals to bring an action against the TSA for violating § 114 and concludes that no private right of action exists to enforce ATSA.6 Accordingly, plaintiffs' ATSA claim will be dismissed.7

II. Privacy Act Claim

The Privacy Act of 1974, 5 U.S.C. § 552a, regulates the collection, maintenance, use, and dissemination of an individual's personal information by federal government agencies. See 5 U.S.C. § 552a. Plaintiffs claim that defendants violated § 552a(e)(10), which requires that

Each agency that maintains a system of records shall ... establish appropriate administrative, technical, and physical safeguards to insure the...

To continue reading

Request your trial
13 cases
  • Nat'L Treasury Employees Union v. Whipple
    • United States
    • U.S. District Court — District of Columbia
    • July 20, 2009
    ...is required as would be the case if the Court needed to measure specific individual damages"). Cf. Am. Fed'n of Gov't Employees v. Hawley, 543 F.Supp.2d 44, 50 (D.D.C.2008) (stating that in a Privacy Act case, the sole remedy is actual damages and individual member participation is required......
  • Am. Fed'n of Gov't Emps. v. Office of Pers. Mgmt. (In re U.S. Office of Pers. Mgmt. Data Sec. Breach Litig.), 17-5217
    • United States
    • United States Courts of Appeals. United States Court of Appeals (District of Columbia)
    • June 21, 2019
    ...to establish appropriate safeguards that makes out a claim under the Privacy Act. See American Fed'n of Gov't Employees v. Hawley, 543 F. Supp. 2d 44, 52 (D.D.C. 2008) (Department of Homeland Security's failure to establish appropriate safeguards to prevent losing a computer hard drive was ......
  • In re U.S. Office of Pers. Mgmt. Data Sec. Breach Litig.
    • United States
    • U.S. District Court — District of Columbia
    • September 19, 2017
    ...finding that defendants were warned of the deficiencies in their information security but failed to establish proper safeguards." Hawley , 543 F.Supp.2d at 52 (holding that allegations that the Office of Inspector General "repeatedly informed" the agency of problems with its information sec......
  • Kelley v. Fed. Bureau of Investigation
    • United States
    • U.S. District Court — District of Columbia
    • September 15, 2014
    ...not declaratory or injunctive relief, are available to § 552a(g)(1)(D) plaintiffs ....”) (citation omitted); Am. Fed'n of Gov't Emps. v. Hawley, 543 F.Supp.2d 44, 54 (D.D.C.2008) (same). Moreover, when a Privacy Act claim is asserted under section 552a(g)(1)(C) or (D) and is therefore broug......
  • Request a trial to view additional results
1 firm's commentaries
  • Data Breaches And Litigation: It's The American Way
    • United States
    • Mondaq United States
    • February 21, 2012
    ...not sustain a claim under New York law for negligence or breach of fiduciary duty. See also Am. Fed'n of Gov't Employees v. Hawley, 543 F. Supp. 2d 44, 45-46, 50-51 (D.D.C. 2008) (plaintiff, who alleged that hard drive containing personal information was lost but did not allege misuse, had ......

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT