You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Kehoe v. Fidelity Federal Bank and Trust

Top News

  • Court: FL Drivers Can Recover for Sale of Personal Data. The 11th Circuit Court of Appeals has reversed (PDF) a lower court and held that individuals suing to recover for violations under the Drivers Privacy Protection Act do not need to demonstrate actual harm in order to recover monetary damages. In the case, a Florida man sued Fidelity Bank for obtaining the personal information of 565,000 individuals from the State's motor vehicle databases for junk mail purposes. EPIC's brief in the case argued that monetary damages were necessary in order to deter unaccountable data brokers from obtaining personal information from government coffers. For more information, see EPIC's Drivers Privacy and Doe v. Chao Pages. (Aug. 26, 2005)
  • EPIC Files Brief Supporting Driver Privacy. EPIC, joined by the American Civil Liberties Union of Florida, has submitted an amicus brief in Kehoe v. Fidelity Bank, a case under the federal Drivers Privacy Protection Act where a bank purchased over 500,000 motor vehicle records from Florida for junk mail solicitations. The brief argues that individuals are entitled to damages under the law when businesses or data brokers intentionally access motor vehicle information. For more information, see EPIC's Drivers Privacy Protection Act Page. (Sept. 1, 2004)


In Kehoe v. Fidelity Federal Bank and Trust, James Kehoe sued Fidelity Bank for purchasing hundreds of thousands of motor vehicle records from the state of Florida in violation of the federal Drivers Privacy Protection Act. Fidelity Bank had purchased 565,600 names and addresses from the Florida motor vehicles department from June 2000-2003. This information was sold for pennies--literally, Fidelity was able to obtain the information for only $5,656. Fidelity used the information to target residents of Palm Beach, Martin, and Broward Counties for car loan solicitations.

The Drivers Privacy Protection Act, 18 USC ยง 2721, protects the confidentiality of motor vehicle records. It was enacted in 1993 after stalkers, murderers, and robbers were shown to have used records at DMVs in order to locate victims. In 1999, Senator Shelby amended the law to require opt-in consent before a DMV could release personal information for marketing purposes. The amendment took affect June 1, 2000, but Florida law was never updated to reflect the federal law change.

The U.S. District Court for the Southern District of Florida ruled in June 2004 that James Kehoe needed to demonstrate actual damages before obtaining any monetary recovery under the DPPA. The Court relied upon the recently decided Doe v. Chao and statutory construction rules to rule that the DPPA's liquidated damages do not accrue to a plaintiff unless he can show actual damages.

Several days after the District Court decision, Kehoe appealed to the 11th Circuit Court of Appeals. EPIC is writing an amicus brief supporting his case.

The case is being litigated for James Kehoe by attorneys at Pathman Lewis and Geller Rudman & Robbins. Fidelity Bank is represented by Page, Mrachek, Fitzgerald & Rose, PA.

EPIC's Interest

Kehoe is an important case that will determine whether individuals can effectively employ the Drivers Privacy Protection Act to shield personal information from indiscriminate sale to private investigators, stalkers, junk mailers and others. The liquidated damages clause in the DPPA is a tool that provides an effective punishment against those who traffic in our personal information. Liquidated damages clauses are used in a number of privacy laws; they ensure that individuals who cannot demonstrate actual harm can still enforce their right to privacy.

Furthermore, the DPPA is important because it protects personal information collected by the state--a coercive power. When the state requires individuals to provide personal information, it should not redisseminate personal data indiscriminately. In this case, Florida was using information collected for valid, administrative purposes and reselling it to raise revenue for incompatible purposes, such as direct marketing.

The DPPA shields individuals from a collective privacy threat posed by the sale of government-collected information to others. The collective threat is created by the magnitude of varied interests that seek data and use it for direct marketing, for sale to law enforcement, or for investigatory purposes. While Kehoe involves just a single bank using data for marketing, thousands of other businesses are trading in your personal information, resulting in a society that is losing autonomy and control over personal data. The DPPA represents one step in trying to address the collective threat that the data trade poses to our privacy.

Florida's Handling of Personal Information in Government Records Creates Privacy Risks

Florida failed to change its state law in 1999 to reflect Congress' strengthening of the DPPA. As a result of this and other failures to secure personal information, there are many commercial databases available on Florida residents that are not available in other states. For instance, ChoicePoint's AutoTrackXP services include thirty-six extra databases on Florida residents. It includes marriage records, beverage licensees, concealed weapons permits, day care licensees, handicapped parking permits, "sweepstakes," worker compensation, medical malpractice, and salt water product licensees.

Here are four driver's marketing databases available on Floridians that do not exist in any other state. Note that the source for this data is not self-reported, rather, it they come from government records. All four are reproduced from the February 2003 SRDS Direct Marketing List Source, a two-volume compilation of marketing lists for sale.

Auto Insurance Florida Flordia SUV Owners
Florida Exotic Autos Florida Motorcycles


District Court Proceedings

11th Circuit Court of Appeals Proceedings

  • The case is docketed as Kehoe v. Fidelity Federal Bank and Trust, No. 04-13306-BB (11th Circuit)(Filed Jun. 28, 2004).
  • EPIC Amicus Brief.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security