Jonathan C. Bond · August 2008
76 GEO. WASH. L. REV. 1232 (2008)
For most unsuccessful administrative plaintiffs, losing on appeal is the end of a long and arduous ordeal. For John Doe, however, the decision of the administrative agency denying his claim for work-related health benefits was only the beginning of his troubles. Like a number of Peace Corps Volunteers sent abroad, Doe contracted a disease during his service overseas. Although he sought and received treatment for his condition, the ailment resurfaced two years later while he was employed by a different federal government entity. This time, however, his request for health benefits was denied by the U.S. Department of Labor’s Office of Workers’ Compensation Programs (“OWCP”). Doe appealed the OWCP’s decision, but it was upheld by the Employee Compensation Appeals Board (“ECAB”). The ECAB mailed Doe a copy of its decision and retained a copy in its own files, which are officially open to public inspection.
As far as Doe was concerned, the matter was closed. What Doe did not expect was that the ECAB’s opinion denying his claim would be posted on the Internet for the “‘world’ to see.” Five years after the decision was issued, Doe discovered that the decision—complete with his name and private medical history—was available on the Department of Labor’s public Web site, Westlaw, and other subscription services.
After the ECAB denied his repeated requests to remove his decision from its Web site, Doe brought suit against the Department of Labor under the Privacy Act of 1974. Designed as the counterpart to the Freedom of Information Act (“FOIA”), the Privacy Act prohibits federal government agencies from “disclos[ing]” certain kinds of personally identifiable information. It fails, however, to define “disclose.” The meaning of the term is critical for at least three reasons: (1) whether a suit can be brought at all turns entirely on whether an agency’s actions amount to disclosure; (2) an agency’s liability for damages depends on whether the disclosure was “intentional or willful”; and (3) the time an alleged disclosure occurs determines when the statute of limitations begins to run. Without guidance from the statute or the implementing regulations, courts, administrative agencies, and the public are left in the dark as to whether and when agency action violates the statute.
Cases like Doe that present difficult questions of what agency actions constitute disclosure have become increasingly prevalent in recent years. This is especially true as agencies have begun to make vast amounts of data available online. Courts around the country have developed several diverging approaches to the problem, but none is ultimately satisfactory. Specifically, none of the approaches applied to date is both fully consistent with the Privacy Act’s current text and yet able to account for the practical realities of modern agency disclosure practices. Moreover, the few approaches that come closest to dealing with these practical realities also involve the most difficult, fact-intensive inquiries by the court and the parties, and they also open the door to what might be termed the “third party disclosure loophole” latent in Doe.
In the end, the absence of a definition of disclosure in the Privacy Act has led to unnecessary confusion and even conflict among federal courts applying the Act, especially where electronic disclosure is involved. This Note proposes an amendment to the Privacy Act to resolve this problem. The proposed amendment defines “disclose” to encompass (1) the direct transmission of a record to a recipient previously unaware of its contents (and not otherwise authorized to know it), and (2) any action by a federal agency that substantially increases the public accessibility of such a record. Beyond resolving the confusion and conflict among the courts, the proposed definition will provide much-needed clarity and guidance to federal agencies and the public while furthering the underlying policy goals at which the Privacy Act was aimed.