IN THE SUPREME COURT OF IOWA
No. 17–1961
Filed January 3, 2020
MARK LEONARD MILLIGAN,
Appellee,
vs.
OTTUMWA POLICE DEPARTMENT and CITY OF OTTUMWA, IOWA,
Appellants.
Appeal from the Iowa District Court for Wapello County, Randy
DeGeest, Judge.
A city appeals a district court judgment ordering it to release to a
citizen the identities of all individuals detected as speeding by its
automated traffic enforcement program under the Iowa Open Records
Act. REVERSED AND REMANDED.
David E. Schrock and Skylar J. Limkemann of Smith Mills Schrock
Blades Monthei P.C., Cedar Rapids, for appellants.
Steven Gardner of Denefe, Gardner & Zingg, P.C., Ottumwa, for
appellee.
Brent L. Hinders, Eric M. Updegraff, and Alex E. Grasso of Hopkins
& Huebner, P.C., Des Moines, for amicus curiae Iowa League of Cities.
2
George F. Davison Jr., Des Moines, for amicus curiae Iowa Freedom
of Information Council.
3
MANSFIELD, Justice.
I. Introduction.
This case requires us to interpret provisions of the Driver’s Privacy
Protection Act of 1994 (DPPA), 18 U.S.C. §§ 2721–2725 (2012), and a
corresponding Iowa state law, Iowa Code § 321.11 (2017), to decide
whether they overcome the general rule of public disclosure set forth in
the Iowa Open Records Act, id. §§ 22.1–.14.
A city police sergeant was driving a patrol vehicle while off-duty. He
received an automated traffic enforcement (ATE) citation for speeding from
the city. As a private citizen, he then served a chapter 22 open records
request. He specifically asked for the names of all persons who had and
had not been issued ATE citations by the city after their vehicles were
detected as speeding by an ATE camera.
The city denied the request for the names, contending the DPPA and
Iowa Code section 321.11 prohibited disclosure of the requested
information. This citizen went to district court, and the court granted his
petition for mandamus, ordered the city to disclose the names, and
awarded attorney fees and expenses. The city appealed.
On appeal, the city contends that the district court erred in ordering
the production of records whose disclosure is prohibited by the DPPA and
Iowa Code section 321.11. Additionally, the city contends the district
court abused its discretion in awarding the citizen an unreasonable
amount of attorney fees and costs.
We agree with the city’s first argument. Because the personal
identifying information sought by this citizen comes from a vehicle
registration and driver’s license database, its public disclosure is
presumptively prohibited under the DPPA and Iowa Code section 321.11.
Although both statutes allow disclosure under certain limited
4
circumstances, none of those circumstances apply here. Accordingly, we
determine that the city did not commit an open records violation, and we
reverse the judgment of the district court and remand for further
proceedings consistent with this opinion.
II. Facts and Procedural Background.
The facts in this case are largely undisputed. To enforce its speeding
ordinances, the City of Ottumwa uses an unmanned ATE vehicle provided
by RedSpeed, a third-party contractor. After the ATE vehicle detects and
photographs a speeding vehicle including its license plate number,
RedSpeed documents the violation, accesses the National Law
Enforcement Telecommunications System (NLETS) database to obtain the
name of the registered owner of the vehicle, and uploads that information
to an Internet portal. This enables a City police officer to review the
materials and approve or reject the issuance of a citation. The reviewing
officer also verifies the vehicle owner information. If the officer approves
the issuance of a citation, RedSpeed relies on the registered owner’s
information obtained from NLETS to mail the owner a citation, including
the photographs of the violation and information on the vehicle’s speed.
As noted, the City’s ATE enforcement program is supported by use
of the NLETS database. The NLETS database is a clearinghouse used
nationally by law enforcement agencies. It contains motor vehicle,
registration, and driver information submitted by state departments of
motor vehicles.
On the night of May 24, 2016, an ATE camera detected an off-duty
patrol car going forty-one miles per hour in a twenty-five miles-per-hour
zone. It was later determined that the driver was Mark Milligan, a police
sergeant who worked for the City. After discovering that Milligan was the
driver, the City forwarded the citation to him, although the City was of
5
course the registered owner of the vehicle and the citation was actually
issued to “Ottumwa PD.”
On August 1, Milligan—acting as a private citizen—submitted a
written public records request to the City under Iowa Code chapter 22. He
sought various records relating to the City’s ATE program. Among other
things, he requested the following:
The names of violators issued citations from the Ottumwa
Police Department once the violation is reported by Red Speed
to the City of Ottumwa[,] Iowa.
The names of violators not issued citations after being
reported as violations by Ottumwa Police Department. 1
1Milligan also placed eight other requests:
o The contractual agreement between Red Speed and the City of
Ottumwa.
o All information provided to the City of Ottumwa, Ottumwa Police
Department regarding all speed violations from Red Speed.
....
o Any and all policies and procedures established by the City of
Ottumwa in regards to the issuance of citations by the Ottumwa
Police Department once the violation is reported to the City by Red
Speed.
o Any records or recorded conversations of Ottumwa Police
Department personnel issuing verbal warnings for Red Speed
Violations in lieu of actual citations.
o The individuals authorized to determine whether a citation is to be
issued or not to be issued and any criteria established for such
issuance or non-issuance of the citation.
o The calibration records of the Red Speed vehicle.
o The personnel authorized and trained to set up, calibrate, and have
access to the Red Speed vehicle deployed in Ottumwa, Iowa by the
Ottumwa Police Department.
o Any training records, and or certificates of training, specific to the
set up and use of the Red Speed vehicle deployed in Ottumwa,
Iowa.
6
Milligan later testified that he asked for this information “to see that the
City of Ottumwa was enforcing their automated speed car enforcement
fairly across the board between all citizens.”
On the advice of counsel, the City refused to release either set of
requested names. The reason it gave for the denial was that “[i]nformation
obtained by Red Speed is accessed through the NLETS portal and is
confidential information under state and federal law.” The City did,
however, provide the other requested items.
On September 12, Milligan filed in the Wapello County District Court
a petition in equity and request for an order of mandamus pursuant to
Iowa Code sections 22.5 and 22.10. He asserted that the City and its
police department violated chapter 22 by withholding the information
without “any lawful basis.” 2 He asked the court to order the City to provide
the withheld information and reimburse his costs and attorney fees.
On February 9, 2017, the City filed a motion for summary judgment.
It asserted it was entitled to judgment as a matter of law because Milligan’s
“requests seek confidential information that is prohibited from being
disclosed under federal and state law”—meaning, the disclosure is
prohibited by the DPPA, 18 U.S.C. §§ 2721 and 2725, and Iowa Code
sections 22.7(66) and 321.11. The City also asked for summary judgment
because Milligan had not provided any reasons for requesting the
“confidential names of persons cited or not cited by the City.”
Following a hearing, the district court denied the City’s motion.
Later, the district court also denied a revised version of the City’s motion
for summary judgment.
2Milligan named both the City and its police department as defendants, but for
purposes of this opinion, we will refer to the defendants collectively as “the City.”
7
On November 2, the case was tried to the court. On November 28,
the court issued its ruling. Implicitly, the court’s ruling recognized that
the DPPA and Iowa Code section 321.11 limit disclosure of documents that
would otherwise have to be produced under the Open Records Act.
However, the court reasoned that both the DPPA and Iowa Code
section 321.11 “exempt information on driving violations from their
general prohibition on personal information disclosure.” It continued that
“[t]he name[s] of speed regulation violators, which w[ere] requested, [are]
information on driving violations, and [are] therefore, not confidential
information under the DPPA or Iowa Code § 321.11.” Accordingly, the
court concluded the City had failed to comply with chapter 22 and ordered
the City to provide Milligan the requested information. The court also
announced it would award attorney fees and invited a fee application. On
December 5, the City filed a timely notice of appeal from the district court’s
November 28 order and ruling.
Two days later, on December 7, Milligan submitted an application
for attorney fees and nontaxable expenses. See Iowa Code § 22.10(3)(c).
The City resisted the application, challenging both the hours billed and
the hourly rates. On February 22, 2018, the court granted Milligan’s
application in full, awarding $57,315.75 in attorney fees and expenses.
The City timely appealed this order as well. We consolidated the appeals
and retained them.
III. Standard of Review.
We review the district court’s interpretations of the DPPA,
chapter 22 of the Iowa Code, and Iowa Code section 321.11 for correction
of errors at law. Iowa Film Prod. Servs. v. Iowa Dep’t of Econ. Dev., 818
N.W.2d 207, 217 (Iowa 2012); Press–Citizen Co. v. Univ. of Iowa, 817
N.W.2d 480, 484 (Iowa 2012).
8
We review fact findings in chapter 22 actions, which are triable in
equity, de novo. ACLU Found. of Iowa, Inc. v. Records Custodian, Atlantic
Cmty. Sch. Dist., 818 N.W.2d 231, 232 (Iowa 2012); Press–Citizen Co., 817
N.W.2d at 484; Gannon v. Bd. of Regents, 692 N.W.2d 31, 37 (Iowa 2005).
We review the amount of an award of attorney fees and costs for an
abuse of discretion. City of Riverdale v. Diercks, 806 N.W.2d 643, 652
(Iowa 2011).
IV. Did the District Court Err in Ordering the City to Produce
the Names of Individual Vehicle Owners Requested by Milligan?
We must determine whether the DPPA and its Iowa counterpart,
Iowa Code section 321.11, prohibit the City from releasing the names of
individuals who were and were not cited for ATE speeding violations. To
resolve this issue, we need to review closely the exceptions found in the
DPPA and section 321.11.
A. The Iowa Open Records Act. At the outset, we acknowledge
that the Open Records Act embodies “a liberal policy in favor of access to
public records.” Mitchell v. City of Cedar Rapids, 926 N.W.2d 222, 229
(Iowa 2019) (quoting Hall v. Broadlawns Med. Ctr., 811 N.W.2d 478, 485
(Iowa 2012)). The Act provides, “Every person shall have the right to
examine and copy a public record and to publish or otherwise disseminate
a public record or the information contained in a public record.” Iowa
Code § 22.2(1). Also, “[a] government body shall not prevent the
examination or copying of a public record by contracting with a
nongovernment body to perform any of its duties of functions.” Id.
§ 22.2(2). Although the 2017 version of the Act contained sixty-eight
enumerated exemptions from the disclosure requests, see Iowa Code
§ 22.7, they “are to be construed narrowly.” Mitchell, 926 N.W.2d at 229
(quoting Iowa Film Prod. Servs., 818 N.W.2d at 219).
9
Yet, this case does not concern one of those exemptions. Instead,
our focus is on a federal statute and a state statute that independently
prohibit the disclosure of certain government records under certain
circumstances. The Federal DPPA, if it applies, would preempt any state
law to the contrary, such as the Open Records Act. See Collier v. Dickinson,
477 F.3d 1306, 1312 & n.3 (11th Cir. 2007) (rejecting a qualified immunity
defense because “[t]he law was clear at the relevant time that the DPPA
preempted any conflicting state law that regulates the dissemination of
motor vehicle record information”). In addition, specific state law
prohibitions on disclosure located outside of chapter 22, such as Iowa
Code section 321.11, can overcome the disclosure provisions in the Open
Records Act. See Burton v. Univ. of Iowa Hosps. & Clinics, 566 N.W.2d
182, 189 (Iowa 1997) (“[C]hapter 22 does not trump or supersede specific
statutes like sections 135.40–.42 on confidentiality of records.”).
B. The Driver’s Privacy Protection Act of 1994. The DPPA
“regulates the disclosure and resale of personal information contained in
the records of state motor vehicle departments (DMVs).” Reno v. Condon,
528 U.S. 141, 143, 120 S. Ct. 666, 668 (2000); see also Locate.Plus.Com,
Inc. v. Iowa Dep’t of Transp., 650 N.W.2d 609, 614 (Iowa 2002) (“Congress
also sought to curb the common practice by many states of selling
information in motor vehicle records to businesses, marketers, and
individuals.”). The genesis of the DPPA was the 1989 murder of a television
actor at her home. Locate.Plus.Com, 650 N.W.2d at 614 n.2; Maureen
Maginnis, Note, Maintaining the Privacy of Personal Information: The DPPA
and the Right of Privacy, 51 S.C. L. Rev. 807, 809 (2000) [hereinafter
Maginnis]. The actor was killed by a stalker who had hired a private
detective to obtain her unlisted apartment address from the California
Department of Motor Vehicles. Locate.Plus.Com, 650 N.W.2d at 614 n.2;
10
Maginnis, 51 S.C. L. Rev. at 809; William J. Watkins, Jr., Note, The Driver’s
Privacy Protection Act: Congress Makes a Wrong Turn, 49 S.C. L. Rev. 983,
984 (1998) [hereinafter Watkins]. Congress enacted the DPPA, first, to
address public safety concerns regarding stalkers’, domestic abusers’, and
other criminals’ easy access to the personal information in state
department of transportation records. See, e.g., Locate.Plus.Com, 650
N.W.2d at 614 & n.2; Watkins, 49 S.C. L. Rev. at 984–85. Second, the
DPPA was intended to restrain many states’ practices of selling personal
information in state DMV records to businesses and individuals. Condon,
528 U.S. at 143–44, 120 S. Ct. at 668; Locate.Plus.Com, 650 N.W.2d at
614; Maginnis, 51 S.C. L. Rev. at 808.
In pertinent part, the DPPA provides,
(a) In general.—A State department of motor vehicles,
and any officer, employee, or contractor thereof, shall not
knowingly disclose or otherwise make available to any person
or entity:
(1) personal information, as defined in 18
U.S.C. § 2725(3), about any individual obtained by the
department in connection with a motor vehicle record,
except as provided in subsection (b) of this section[.]
18 U.S.C. § 2721(a)(1).
For DPPA purposes, the “State department of motor vehicles” in Iowa
is the Iowa Department of Transportation (IDOT). See Iowa Code § 307.27;
Locate.Plus.Com, 650 N.W.2d at 611 (noting the IDOT maintains all motor
vehicle records in Iowa, including personal information people disclose
when obtaining a license or registering a vehicle). The DPPA defines
“personal information” as
information that identifies an individual, including an
individual’s photograph, social security number, driver
identification number, name, address (but not the 5-digit zip
code), telephone number, and medical or disability
11
information, but does not include information on vehicular
accidents, driving violations, and driver’s status.
18 U.S.C. § 2725(3). The DPPA also defines “motor vehicle record” as “any
record that pertains to a motor vehicle operator’s permit, motor vehicle
title, motor vehicle registration, or identification card issued by a
department of motor vehicles.” Id. § 2725(1). Thus, the name of an
individual derived from a driver’s license or a motor vehicle registration
constitutes confidential personal information. See id. This means that
under federal law, the name typically may not be disclosed by the IDOT or
an IDOT contractor.
Section 2721(b) of the DPPA, however, carves out several exceptions
to the nondisclosure rule. Id. § 2721(b). In some instances, such as
vehicle recalls, disclosure of the personal information upon request is
mandatory:
(b) PERMISSIBLE USES.—Personal information referred
to in subsection (a) shall be disclosed for use in connection
with matters of motor vehicle or driver safety and theft, motor
vehicle emissions, motor vehicle product alterations, recalls,
or advisories, performance monitoring of motor vehicles and
dealers by motor vehicle manufacturers, and removal of non-
owner records from the original owner records of motor vehicle
manufacturers to carry out the purposes of titles I and IV of
the Anti Car Theft Act of 1992, the Automobile Information
Disclosure Act (15 U.S.C. 1231 et seq.), the Clean Air Act (42
U.S.C. 7401 et seq.), and chapters 301, 305, and 321–331 of
title 49 . . . .
Id. In other instances, disclosure is permitted but not required. Relevant
to our inquiry are the following permissible-use exceptions:
(b) PERMISSIBLE USES.—Personal information referred
to in subsection (a) . . . subject to subsection (a)(2), may be
disclosed as follows:
(1) For use by any government agency, including
any court or law enforcement agency, in carrying out its
functions, or any private person or entity acting on
behalf of a Federal, State, or local agency in carrying out
its functions.
12
....
(4) For use in connection with any civil, criminal,
administrative, or arbitral proceeding in any Federal,
State, or local court or agency or before any self-
regulatory body, including the service of process,
investigation in anticipation of litigation, and the
execution or enforcement of judgments and orders, or
pursuant to an order of a Federal, State, or local court.
....
(14) For any other use specifically authorized
under the law of the State that holds the record, if such
use is related to the operation of a motor vehicle or
public safety.
18 U.S.C. § 2721(b)(1), (4), (14).
In addition to restricting the initial disclosure and sale of personal
information derived from motor vehicle records by state motor vehicle
departments and their contractors, the DPPA “regulates the resale and
redisclosure of drivers’ personal information by private persons who have
obtained that information from a state DMV.” Condon, 528 U.S. at 146,
120 S. Ct. at 669. Simply stated, an authorized recipient may redisclose
personal information in connection with a motor vehicle record obtained
directly or indirectly from a state motor vehicle department only for a use
that would have been a permissible basis for obtaining the information in
the first place. See 18 U.S.C. § 2721(c) (“An authorized recipient of
personal information (except a recipient under subsection (b)(11) or (12))
may resell or redisclose the information only for a use permitted under
subsection (b) (but not for uses under subsection (b)(11) or (12)).”).
Finally, the DPPA establishes civil and criminal penalties for
violations. E.g., id. § 2722(a) (“It shall be unlawful for any person
knowingly to obtain or disclose personal information, from a motor vehicle
record, for any use not permitted under section 2721(b) of this title.”); id.
§ 2723(a) (“A person who knowingly violates this chapter shall be fined
13
under this title.”); id. § 2724(a) (“A person who knowingly obtains,
discloses or uses personal information, from a motor vehicle record, for a
purpose not permitted under this chapter shall be liable to the individual
to whom the information pertains, who may bring a civil action in a United
States district court.”).
C. Iowa Code § 321.11. Iowa Code section 321.11 provides, in
pertinent part,
1. All records of the department [of transportation],
other than those made confidential or not permitted to be
open in accordance with 18 U.S.C. § 2721 et seq., adopted as
of a specific date by rule of the department, shall be open to
public inspection during office hours.
2. Notwithstanding subsection 1, personal information
shall not be disclosed to a requester, except as provided in 18
U.S.C. § 2721, unless the person whose personal information
is requested has provided express written consent allowing
disclosure of the person’s personal information. As used in
this section, “personal information” means information that
identifies a person, including a person’s photograph, social
security number, driver’s license number, name, address,
telephone number, and medical or disability information, but
does not include information on vehicular accidents, driving
violations, and driver’s status or a person’s zip code.
3. Notwithstanding other provisions of this section to
the contrary, the department shall not release personal
information to a person, other than to an officer or employee
of a law enforcement agency, an employee of a federal or state
agency or political subdivision in the performance of the
employee’s official duties, a contract employee of the
department of inspections and appeals in the conduct of an
investigation, or a licensed private investigation agency or a
licensed security service or a licensed employee of either, if the
information is requested by the presentation of a registration
plate number. In addition, an officer or employee of a law
enforcement agency may release the name, address, and
telephone number of a motor vehicle registrant to a person
requesting the information by the presentation of a
registration plate number if the officer or employee of the law
enforcement agency believes that the release of the
information is necessary in the performance of the officer’s or
employee’s duties.
14
Iowa Code § 321.11(1)–(3). This section essentially incorporates the
strictures of the DPPA into the Iowa Code. See Locate.Plus.Com, 650
N.W.2d at 615–16.
D. Answering the Question. As the foregoing demonstrates, the
DPPA limits the City’s ability to redisclose personal information obtained
by its contractor from NLETS, a clearinghouse of state department of
motor vehicle information. Generally speaking, redisclosure is allowed
only when initial disclosure would have been permitted on that basis. See
18 U.S.C. § 2721(c); Condon, 528 U.S. at 146, 120 S. Ct. at 669–70. To
put the matter another way, information that started out as protected
personal information under the DPPA does not lose that character just
because it has been disclosed for a permissible use. Each redisclosure
must be supported by its own permissible use. Is there a permissible use
for the redisclosure sought by Milligan?
As we have already noted, relevant to our inquiry are the DPPA
exceptions “[f]or use by any government agency,” “[f]or use in connection
with any civil, criminal, administrative, or arbitral proceeding,” and “[f]or
any other use specifically authorized under the law of the State that holds
the record, if such use is related to the operation of a motor vehicle or
public safety.” 18 U.S.C. § 2721(b)(1), (4), (14).
The United States Supreme Court has directed that DPPA exceptions
should be construed narrowly. Maracich v. Spears, 570 U.S. 48, 60, 133
S. Ct. 2191, 2200 (2013). In Maracich, the Court held that § 2721(b)(4)
does not authorize the disclosure of vehicle owners’ names and addresses
to attorneys who wanted to use the information to solicit persons to join
pending South Carolina litigation. 570 U.S. at 52, 133 S. Ct. at 2196. The
Court acknowledged that § 2721(b)(4)’s “language, in literal terms, could
be interpreted to its broadest reach to include the personal information
15
that respondents obtained here.” Id. at 59, 133 S. Ct. at 2200. Yet, the
Court emphasized that “[a]n exception to a ‘general statement of policy’ is
‘usually read . . . narrowly in order to preserve the primary operation of
the provision.’ ” Id. at 60, 133 S. Ct. at 2200 (quoting Comm’r v. Clark,
489 U.S. 729, 739, 109 S. Ct. 1455, 1463 (1989)). Accordingly, the Court
said that “these exceptions ought not operate to the farthest reach of their
linguistic possibilities if that result would contravene the statutory
design.” Id.
We believe none of these three exceptions applies here.
First, Milligan is not a government agency, and he does not seek the
records to carry out a governmental function. See 18 U.S.C. § 2721(b)(1).
In fact, it is undisputed that Milligan was requesting the records in his
capacity as a private citizen, using his personal home address, email, and
telephone number.
Second, there is insufficient proof that the names were needed for
use in another proceeding. See id. § 2721(b)(4). Milligan did testify in a
conclusory fashion that he had a secondary purpose for seeking this
information:
Q. And did you also seek this information for purposes
of having it available for your federal lawsuit against the City
of Ottumwa and the Chief of Police? A. Yes.
However, there was no testimony explaining why the names of persons
cited or not cited for ATE violations were relevant or how they would be
used in that case. No information about the federal lawsuit was offered
into evidence.
Third, Milligan’s use of the records was not specifically authorized
by a state law relating to motor vehicle or public safety. See id.
§ 2721(b)(14). Certainly the Open Records Act itself is not such a law.
16
In this regard, we note that the DPPA authorizes disclosure of
information pertaining to “vehicular accidents” and “driving violations.”
18 U.S.C. § 2725(3). Likewise, Iowa Code section 321.11(2) authorizes
disclosure of information pertaining to “vehicular accidents” and “driving
violations.” Iowa Code § 321.11(2). This enables an insurance company,
for example, to obtain a customer’s driving record—his or her past car
accidents and traffic tickets. 3
In this case, the district court did not rely on any of the three
exceptions found in §§ 2721(b)(1), (4), or (14) of the DPPA. Instead, it relied
on the DPPA’s and section 321.11(2)’s language permitting disclosure of
“driving violations.”
We disagree with the district court. ATE camera citations do not
involve “driving violations.” Our court has recognized several features of
ATE camera citations that distinguish them from traditional tickets for
moving violations issued in person by a law enforcement officer. Most
importantly, the ATE camera citation is issued to the vehicle owner, not
the driver. See City of Davenport v. Seymour, 755 N.W.2d 533, 537 (Iowa
2008). The cited individual may or may not be a driver.
In addition, citations “are not reported to the Iowa Department of
Transportation (IDOT) for the purpose of the vehicle owner’s driving
record.” Id. By contrast, traditional citations are issued to the driver and
reported to the IDOT, and go on the recipient’s driving record, which can
result in higher auto insurance premiums or suspension of driving
privileges after multiple moving violations. 4 In Seymour, we relied on these
3The DPPA permits personal information to be disclosed anyway for use by
insurers in rating or underwriting. See 18 U.S.C. § 2721(b)(6).
4Here,
for example, the City’s citation form states prominently, “PAYMENT OF
THIS PENALTY AMOUNT WILL NOT RESULT IN POINTS AND CANNOT BE USED TO
INCREASE YOUR INSURANCE RATES.” In other words, a person who is cited for violating
17
differences in holding that municipal ATE camera tickets were an
alternative “system” for enforcing speeding or red light laws and therefore
were not preempted by the uniformity requirement in Iowa Code
section 321.235. Id. at 543. For the same reason, such citations cannot
be considered driving violations within the meaning of the DPPA and
section 321.11(2). 5
Accordingly, the redisclosure of the names of vehicle owners is
prohibited by federal and state law. We find persuasive the court’s
reasoning in New Richmond News v. City of New Richmond, 881 N.W.2d
339 (Wis. Ct. App. 2016). In that case, a police department relied on the
DPPA in redacting personal identifying information such as names and
addresses from two accident reports and one incident report it produced
to a newspaper under the Wisconsin public records law. Id. at 347–48.
The newspaper sued challenging the redactions. Id. at 348. The
Wisconsin Court of Appeals framed the issue as follows:
It is undisputed that the Wisconsin DMV disclosed
personal information from motor vehicle records to the police
department. It is further undisputed that this initial
disclosure of personal information was for a permissible use
under the DPPA—namely, the police department’s officers
used the information in the course of their duties to complete
accident and incident reports. See 18 U.S.C. § 2721(b)(1)
(disclosure of personal information permitted “[f]or use by any
government agency . . . in carrying out its functions”). The
disputed issue is whether the police department’s subsequent
redisclosure to the Newspaper of personal information
contained in two accident reports and one incident report
created by its officers would have been permissible under
§ 2721(c), which regulates the “redisclosure” of personal
information by an “authorized recipient.” As relevant here,
the City’s ATE ordinance is not a “violator of the traffic laws” within the meaning of Iowa
Code section 321.210, which authorizes IDOT to suspend a driver’s license when a person
is “an habitual violator of the traffic laws.” Iowa Code § 321.210(1)(a)(2).
5Certainly, there can be no driving violation when no citation was issued.
18
such redisclosure is permissible “only for a use permitted
under subsection (b).” Id. § 2721(c).
Id. at 350–51.
The court went on to hold that the police department’s redisclosure
of the personal information in the accident reports was authorized by
§ 2721(b)(14) of the DPPA because Wisconsin had a separate law
specifically mandating that law enforcement agencies provide the public
with access to uniform accident reports. Id. at 352; see 18 U.S.C.
§ 2721(b)(14) (“For any other use specifically authorized under the law of
the State that holds the record, if such use is related to the operation of a
motor vehicle or public safety.”). However, the newspaper could not obtain
the unredacted version of the incident report because the only legal basis
for its release in unredacted form was the Wisconsin public records law.
Id. at 352–55. The court rejected the newspaper’s argument that releasing
public records was an agency function for purposes of § 2721(b)(1):
[A]ccepting the Newspaper’s argument would lead to
untenable results. If disclosure of personal information in
response to public records requests constituted a “function”
of government agencies, for purposes of the DPPA’s agency
functions exception, then any time an “authority” under the
public records law received a public records request for
personal information protected by the DPPA, it could disclose
that information. This would include the Wisconsin DMV,
which is an authority under the public records law.
Permitting the DMV to disclose personal information every
time a public records request was made would eviscerate the
protection provided by the DPPA, which was enacted to limit
the circumstances in which state DMVs could disclose drivers’
personal information in order to protect their safety and
privacy.
Id. at 354 (citation omitted). The court also found unpersuasive the
newspaper’s argument that “redaction of personal information in police
reports would prevent the public from verifying, and law enforcement from
19
demonstrating, that criminal and traffic laws are fairly enforced against all
persons.” Id. at 355. In sum,
[T]he agency functions exception to the DPPA cannot be
interpreted to permit the disclosure of personal information
based solely on the fact that a public records request has been
made. . . . [A] public records request is not, in and of itself, a
sufficient basis to obtain personal information protected by
the DPPA.
Id. “Thus, in circumstances where the DPPA prohibits the release of
personal information obtained from DMV records, the public records law
exempts that information from disclosure.” Id. at 356.
An Arkansas Supreme Court opinion upholding disclosure in
Arkansas State Police v. Wren, 491 S.W.3d 124 (Ark. 2016), spotlights the
same distinction between accident reports and other motor-vehicle-related
records. In Wren, the requester sought access to certain accident reports
under the Arkansas Freedom of Information Act (AFOIA) to solicit clients
for his law practice. Id. at 125. Prior to disclosure of the reports to the
requester, the Arkansas State Police redacted the names from the reports
as personal information protected by the DPPA. Id. The Arkansas
Supreme Court agreed with the requester that this was improper because
vehicle accident reports created by police officers were not “motor vehicle
records,” and therefore, names and addresses in such reports were not
protected from disclosure by the DPPA. Id. at 128.
Our case is different from Wren. Milligan did not seek information
on accident reports. 6 As already discussed, he did not seek information
6Additionally, there is authority contrary to Wren. See Pavone v. Law Offices of
Anthony Mancini, Ltd., 118 F. Supp. 3d 1004, 1006 (N.D. Ill. 2015) (concluding that the
DPPA exclusion for accident reports “refers to information about the accident, not the
personal information that is included in accident reports”); see also Wilcox v. Batiste, 360
F. Supp. 3d 1112, 1125 (E.D. Wash. 2018) (noting that the law is “unsettled” on whether
personal information within accident reports is or is not protected by the DPPA).
20
on driving violations. Therefore, the names he requested would be
considered “personal information” as defined by § 2725(3) of the DPPA.
Those names were subject to the overall shield on the disclosure of such
information set forth in DPPA § 2721(a)(1).
When a legal proceeding for a traffic violation is initiated in the Iowa
courts, then subject to certain redactions the record is and should be
publicly available from the courts. See Lucas v. Moore, ___ F. Supp. 3d
___, 2019 WL 4346344, at *4 (S.D. Ohio Sept. 12, 2019) (holding that a
municipal court’s disclosure of certain personal information relating to a
minor misdemeanor traffic offense on the public judicial website was
permissible under the DPPA exceptions found in § 2721(b)(1) and (b)(4)),
appeal docketed, No. 19-4010 (6th Cir. Oct. 17, 2019). This principle
applies when a city brings a municipal infraction proceeding in court for
violation of an ATE ordinance. Court dockets historically in Iowa have
been open to the public, predating the Open Records Act. See Judicial
Branch v. Iowa Dist. Ct., 800 N.W.2d 569, 575 (Iowa 2011), superseded in
part by statute, 2015 Iowa Acts ch. 83, § 1 (codified at Iowa Code § 901C.2
(2016)), as recognized in State v. Doe, 903 N.W.2d 347, 351 (Iowa 2017).
And they continue to be open to the public. But our case presents the
different question whether a motorist’s personal information that is
shielded from public disclosure by the DPPA and that is not filed in court
can be obtained from a governmental entity. We conclude that it cannot
be.
Note also that if we were to adopt Milligan’s position, then law
enforcement in Iowa could be required under the Open Records Act to
Also, in Iowa, a separate statute makes accident reports filed by a law enforcement
officer confidential subject to certain exceptions. See Iowa Code § 321.271(2); see also
Shannon ex rel. Shannon v. Hansen, 469 N.W.2d 412, 415 (Iowa 1991) (discussing this
statute).
21
disclose the names of persons issued warnings who never received traffic
tickets. Also, in a case like Milligan’s, the requester would be able to obtain
not just the names of individuals, but the actual vehicle license plate
associated with each individual. 7 These things would surprise many
Iowans, we think. A mass production of license-plate-and-name
combinations could be used to facilitate stalking—exactly the situation the
DPPA was enacted to prevent.
Because we are reversing the district court’s order that the names
of individuals cited and not cited for ATE violations must be disclosed by
the City to Milligan, we also reverse the supplemental order awarding
attorney fees and costs to Milligan.
V. Conclusion.
For the foregoing reasons, we reverse the district court’s judgment
and remand the case for further proceedings consistent with this opinion.
REVERSED AND REMANDED.
All justices concur except Wiggins, C.J., and Appel, J., who dissent.
7As we have discussed, Milligan wanted the names of persons cited and not cited
“to see that the City of Ottumwa was enforcing their automated speed car enforcement
fairly across the board between all citizens.” But logically, to determine if enforcement
was occurring “fairly across the board,” one would need to see the photographs of the
violation transmitted by RedSpeed to the City, which include the vehicle license plates.
22
#21/17–1961, Milligan v. Ottumwa Police Dep’t
WIGGINS, Chief Justice (dissenting).
I respectfully dissent. Because I conclude that the Iowa Open
Records Act requires the City to disclose the information Milligan sought
and that neither the Driver’s Privacy Protection Act of 1994 (DPPA), 18
U.S.C. §§ 2721–2725 (2012), nor Iowa Code section 321.11 (2017)
precludes the City from disclosing the requested information, I would
affirm the district court’s order to produce.
My analysis begins with an examination of the Iowa Open Records
Act, Iowa Code chapter 22. On appeal, the City does not dispute that the
information Milligan requested qualifies as a public record under
chapter 22 nor does it claim that any part of chapter 22 makes that
information confidential. However, the inquiry does not end there but
must involve review of the DPPA and Iowa Code section 321.11 and their
effects on disclosure.
The DPPA limits the City’s ability to redisclose personal information
it obtained from the Iowa Department of Transportation (IDOT). In order
for the City to redisclose the information sought by Milligan, which it
obtained from the IDOT, redisclosure must be allowed under the
permissible use section of the DPPA. See 18 U.S.C. § 2721(c); Reno v.
Condon, 528 U.S. 141, 146, 120 S. Ct. 666, 669–70 (2000).
The DPPA allows the disclosure or redisclosure of personal
information for the following purposes:
(1) For use by any government agency, including any
court or law enforcement agency, in carrying out its functions,
or any private person or entity acting on behalf of a Federal,
State, or local agency in carrying out its functions.
....
23
(4) For use in connection with any civil, criminal,
administrative, or arbitral proceeding in any Federal, State, or
local court or agency or before any self-regulatory body,
including the service of process, investigation in anticipation
of litigation, and the execution or enforcement of judgments
and orders, or pursuant to an order of a Federal, State, or
local court.
....
(14) For any other use specifically authorized under the
law of the State that holds the record, if such use is related to
the operation of a motor vehicle or public safety.
18 U.S.C. § 2721(b)(1), (4), (14).
It is clear to me that under any one of these exceptions, the City is
allowed to disclose the information sought by Milligan. Under § 2721(b)(1),
disclosure is allowed because the City is exercising a lawful function under
its ordinances when it issues a notice of violation to a person accused of
or under investigation for failing to obey a speed limit. See City of
Tallahassee v. Federated Publ’ns, Inc., No. 4:11cv395–RH/CAS, 2012 WL
5407280, at *2 (N.D. Fla. Aug. 9, 2012) (finding a city’s issuance of “a
violation notice to a person accused of, or under investigation for, running
a red light” was a lawful function of the city and, therefore, § 2721(b)(1)
allowed the disclosure of the person’s name on the notice). The names of
the persons not given a notice of violation are persons under investigation
for failing to obey the speed limit.
Under § 2721(b)(4), disclosure is allowed because the City initiates
an administrative proceeding, albeit as an informal process. See id.; see
also Gilday v. City of Indianapolis, 54 N.E.3d 378, 384–85 (Ind. Ct. App.
2016) (holding § 2721(b)(4) allowed disclosure of a vehicle owner’s name
and address on a parking ticket left on the vehicle because the disclosure
was “for use in connection with” the administrative proceeding whereby
the city finds parking violations and imposes fines).
24
Finally, under § 2721(b)(14), disclosure is allowed because the City’s
ATE program is permitted by Iowa law and relates to motor vehicles and
public safety. See Federated Publ’ns, Inc., 2012 WL 5407280, at *2 (finding
§ 2721(b)(14) allowed disclosure of the violators’ names on the notices of
violation because the red-light program at issue was specifically
authorized by Florida law and related to motor vehicle operation). We
previously held that Iowa law allows a city to operate a speed camera
program under its home rule authority. City of Davenport v. Seymour, 755
N.W.2d 533, 537–39, 543–44, 545 (Iowa 2008). Undoubtedly, the speed
camera program relates to the operation of motor vehicles. Further,
supporters of speed camera programs justify their operation as promoting
public safety, id. at 544, even when no notice of violation is issued.
The majority concludes that ATE citations are not “driving
violations” under the DPPA and, impliedly, that ATE citations are,
therefore, not “personal information.” See 18 U.S.C. § 2725(3) (excluding
“information on . . . driving violations” from the definition of personal
information). In doing so, it relies on vehicular-accident-report cases. I
disagree with this approach.
The accident-report cases are inconsistent—some allow disclosure,
some do not. See Wilcox v. Batiste, 360 F. Supp. 3d 1112, 1125 (E.D.
Wash. 2018) (acknowledging the unsettled question of whether personal
information in accident reports is protected under the DPPA). Compare
Mattivi v. Russell, No. Civ.A. 01–WM–533(BNB), 2002 WL 31949898, at *4
(D. Colo. Aug. 2, 2002) (holding disclosure of an accident report did not
violate the DPPA because such reports are not a “motor vehicle record”
under § 2725(1) of the DPPA), Ark. State Police v. Wren, 491 S.W.3d 124,
128 (Ark. 2016) (same), and New Richmond News v. City of New Richmond,
881 N.W.2d 339, 352 (Wis. Ct. App. 2016) (finding disclosure of
25
unredacted accident report to newspaper was allowed under
§ 2721(b)(14)’s exception for a use as authorized by state law), with Pavone
v. Law Offices of Anthony Mancini, Ltd., 118 F. Supp. 3d 1004, 1006–07
(N.D. Ill. 2015) (holding accident reports are not motor vehicle records
under the DPPA but § 2722(a), nonetheless, protects any personal
information in such reports that is obtained from a motor vehicle record).
They are also distinguishable from the factual situation in this case.
Here, Milligan was not looking for all the details contained in accident
reports—e.g., license plate numbers; driver’s date of birth, sex, license
number, or home address; or the vehicle owner’s home address. See, e.g.,
Iowa Dep’t of Transp., Investigating Officer’s Crash Reporting Guide
3–4, 11–12 (2015), https://iowadot.gov/mvd/driverslicense/
InvestigatingOfficersCrashReportingGuide.pdf (providing instruction to
law enforcement on completing accident reports, including what personal
information to obtain); Iowa Dep’t of Transp., Form 433003, Investigating
Officer’s Report of Motor Vehicle Accident 1 (2013),
https://one.nhtsa.gov/nhtsa/stateCatalog/states/ia/crash.html (follow
“Iowa Crash Report Form 433003, Rev. 11/2013” hyperlink) (IDOT’s
accident report form for law enforcement). Rather, he just wanted the
names of vehicle owners who were and were not issued ATE citations
following a report of a violation. See Federated Publ’ns, Inc., 2012 WL
5407280, at *3 (noting redaction of some personal information on a
violation notice may be required if that personal information is not
necessary to the administrative proceeding or to the violation notice).
In any event, because I find that the information Milligan sought
could be disclosed under the exceptions found in § 2721(b)(1), (4), and
(14), my analysis does not change regardless of whether the information
sought is personal information because, as the majority reasons, it does
26
not qualify as driving violations. Thus, I find the DPPA allows the City to
redisclose the information sought by Milligan.
Accordingly, I also find that Iowa Code section 321.11 allows the
City to redisclose the information sought by Milligan. Section 321.11
essentially codifies the DPPA into the Iowa Code. See Locate.Plus.Com, Inc.
v. Iowa Dep’t of Transp., 650 N.W.2d 609, 615–16 (Iowa 2002). In this
way, any prohibition against disclosure or redisclosure of personal
information under section 321.11 is governed by the DPPA. As the DPPA
does not prohibit redisclosure of the information Milligan sought, neither
does Iowa Code section 321.11.
Having found that the Iowa Open Records Act requires the City to
redisclose the information sought by Milligan and that neither the DPPA
nor Iowa Code section 321.11 precludes the City from making such a
redisclosure, I would hold the district court was correct in requiring the
City to disclose the requested information to Milligan. See Federated
Publ’ns, Inc., 2012 WL 5407280, at *2–3 (requiring the city to disclose the
names of violators to a private party when the DPPA did not prohibit such
disclosure and the state’s public records law required disclosure).
I also emphasize that Milligan is asking for only the names of
persons, not extraneous information such as license numbers, plate
numbers, or addresses. The release of this limited information will not be
contrary to the purpose of the DPPA, which is to address public safety
concerns regarding stalkers’ and other criminals’ easy access to the
personal information in IDOT records and to restrain the sale of that
information to businesses and individuals. Cf. Senne v. Village of Palatine,
784 F.3d 444, 447–48 (7th Cir. 2015) (balancing the utility of the
disclosure against the risk of the harm that was the impetus for the DPPA);
Ark. State Police, 491 S.W.3d at 128 (considering Congress’s intent in
27
enacting the DPPA when holding that accident reports are not motor
vehicle records under the DPPA regardless of whether information in the
report may have been obtained from the state department of motor
vehicles).
Accordingly, I would hold the Iowa Open Records Act requires
disclosure of the information sought and neither the DPPA nor Iowa Code
section 321.11 protects the information requested from disclosure.
Appel, J., joins this dissent.