Court Stiffs Veterans Caught in Privacy Breach: Via Threat Level.

Veterans suffering anxiety and paranoia following the theft of a government hard drive containing the medical histories and Social Security numbers of 198,000 of their brethren cannot recover financial damages, a federal appeals court says.

The 11th U.S. Circuit Court of Appeals, in largely dismissing a class-action, ruled Wednesday that the veterans could recoup at least $1,000 under the Privacy Act if they could show financial damages, not mental anguish.

What’s more, the Atlanta-based court noted that the veterans — some already suffering post-traumatic stress syndrome from their Vietnam War days – likely could recover damages for mental anguish associated with the data breach if the lawsuit was before a different court.

That’s because the courts of appeal across the nation have issued conflicting interpretations of the Privacy Act of 1974, which allows people to sue the government for privacy breaches and recover “actual damages.” Precedent in the 11th Circuit, which includes Alabama, Florida and Georgia, interprets “actual damages” as money losses only.

So 198,000 veterans — whose life history was on a hard drive that vanished from a Birmingham, Alabama Veterans Administration hospital — are out of luck, even if their war-time paranoia was exacerbated by the breach.

The 11th Circuit noted (.pdf) that the 5th U.S. Circuit Court of Appeals and the 10th U.S. Circuit Court of Appeals “do not restrict ‘actual damages’ under the Privacy Act to pecuniary losses.” And the Supreme Court has refused to resolve the circuit splits.

A lawsuit weighing the meaning of “actual damages” under the Privacy Act is pending in the San Francisco-based 9th U.S. Circuit Court of Appeals, in a case targeting the Federal Aviation Administration. In that case, the Obama administration, which is pushing to digitize all health records, is adopting (.pdf) the Bush administration’s position that mental anguish does not qualify as “actual damages” under the act.

Stephen Gidiere, the Alabama plaintiff’s lawyer on the case decided Wednesday, said in a telephone interview that he would ask the full circuit court to hear the case. Court rules, he noted, allow a so-called en banc panel to change circuit precedent.  “The 11th Circuit decision is a relic and does not reflect the realities of technology or the Privacy Act,” he said.

A three-judge panel of the 11th Circuit wrote Wednesday that it must stand by its 1982 precedent in which it denied money damages surrounding an Internal Revenue Service privacy breach that caused sleeplessness, anxiety, isolation and anger.

“But any number of assaults from other circuits cannot overrun one binding precedent from our own circuit,” Judge Edward Carnes wrote.

The court said the hospital’s missing hard drive contained a “treasure trove of private data” and a “gold mine for identity thieves.”

The two lead plaintiffs in the case, both Vietnam veterans, were already under a doctor’s supervision and taking medication for post-traumatic stress disorder.

Their medication was increased following the February 2, 2007 hard-drive theft. The pair alleged the event aggravated their paranoia, depression and withdrawal.

See Also:

• Data Breach Exposes RAF Staff to Blackmail
• In Legal First, Data-Breach Suit Targets Auditor
• Visa and MasterCard Issue New Breach Warning
• Do Breach Notification Laws Work?
• Card Processor Admits to Large Data Breach
• UC Berkeley Suffers Breach of Student Health Data
• Heartland Breach Cost Company $12.6 Million So Far

Read Original Article:(Via Threat Level.)