RESOURCES FOR VICTIMS OF THE ATTORNEY GENERAL’S OFFICE LEAK OF CONFIDENTIAL PRIVATE INFORMATION
CRPA, GOC, and our legal team were made aware of a massive leak of personal information of CCW holders in California. The disclosure of all CCW holders in California is unprecedented and unconscionable. The leak included personal information including addresses, birthdates, driver’s license information, and information from DROS documents.
CRPA staff and lawyers are working to figure out exactly what happened, make sure the AG and DOJ incompetence is objectively investigated, make sure those responsible are held accountable, make sure this can never happen again, and supply all legal and other options to those who had their confidential information revealed. This page should serve as the clearinghouse to collect information about this data leak and your rights.
07/22/2022- VIDEO UPDATE FROM CRPA PRESIDENT & GENERAL COUNSEL – CHUCK MICHEL
BOOT BONTA!- Join the thousands that have added their name to the petition to tell Attorney General Bonta to Resign!
I. GENERAL INFORMATION
CALL DOJ DATA LEAKS VICTIM’S HOTLINE: 1 833 909 4419
NEW-10/19/22- Sample Individual Litigation Document- Please see “Individual Legal Action” section below
II. ONGOING INVESTIGATIONS
CRPA Investigation is Ongoing
III. STATEMENTS FROM GOVERNMENT OFFICIALS
IV. MEDIA COVERAGE
V. CURRENT AND PENDING LITIGATION
A. CLASS ACTION LAWSUITS
A pro-Second Amendment organization based in Colorado has filed a class action lawsuit about the data leak. The class in this lawsuit has not yet been certified, and likely won’t be for quite a while, if ever. Class members will have an option to “opt out” of the class and file their own lawsuit or join a different class or mass action lawsuit.
Read more about class actions here: How do Class Actions Work?
B. INDIVIDUAL LAWSUITS
CRPA’s attorneys are working on a template lawsuit that individuals could file against DOJ, perhaps in small claims court where you wouldn’t need (and in fact wouldn’t be allowed to have) a lawyer. Our template lawsuit will be fill in the blanks with pre-prepared arguments and legal authority for members to use and a step by step how-to-sue DOJ guide.
It would be poetic justice for the Attorney General to face tens of thousands of lawsuits by DOXED individuals.
D. SMALL CLAIMS LAWSUITS
Information about small claims actions can be found here: Steps to Filing a Small Claims Case
CRPA will be posting more about this option, as well as filing other types of lawsuits.
E. THEORIES OF LIABILITY AND DAMAGES
BE ADVISED – WE ARE STILL LOOKING INTO THEORIES OF LIABLITY AND POTENTIAL DAMAGES CLAIMS.
Can the government be held liable for losses, damages, injury, or death that directly resulted from this leak?
If someone can prove they were harmed by the leak, there are a few legal theories which they could pursue to attempt to recover damages. While this is not intended to be a comprehensive legal analysis, CRPA will attempt to briefly describe the three of the main legal theories and their relative odds of success.
1. Federal Right to Privacy: 14th Amendment to the U.S. Constitution & 42 U.S.C. § 1983
A claim brought based on the federal right to privacy is a tenuous theory of liability. Unless more information as to the reason for the leak is revealed which shows the leak to have been an intentional act (i.e., the person or persons at the DOJ who caused or facilitated the leak did so with the intent to publish gun owners’ personal information), a Section 1983 action based on a negligent leak of the data would likely be unsuccessful. This is because “negligent conduct by a state official, even though causing injury” is not grounds for finding the deprivation of a constitutional right.” Daniels v. Williams, 474 U.S. 327, 331 (1986). We are aware that the leak itself was “intentional.” What the investigations should determine is whether the leak of the street address and other private information was “intentional.” If evidence comes to light which shows the leak of the sensitive private information was intentional, we will update this section accordingly and advise everyone who has contacted us.
2. Right to Privacy Under Article I, Section 1 of the California Constitution
The California right of privacy protects the individual’s reasonable expectation of privacy against a serious invasion and it is “much broader than its federal analog”. American Academy of Pediatrics v. Lungren, 16 Cal. 4th 307, 325–26 (Cal. 1997). California courts recognize a constitutionally protected interest in a person’s name, address, and phone number.
To establish a violation of privacy rights in California, a plaintiff needs to establish three things: “(1) a legally protected privacy interest; (2) a reasonable expectation of privacy in the circumstances; and (3) conduct by defendant constituting a serious invasion of privacy. In this circumstance, people with conceal carry permits do have a legally protected privacy interest under California law, and they also have a reasonable expectation that their data will not be accidentally leaked out for no reason. Whether the invasion of privacy is “serious” or not in a legal sense will likely vary based on the individual.
Such a claim may thus be viable, and if you believe you have been harmed by the leak you should seek to consult an attorney as you may need to file what is called a government claim to preserve your right to sue in state court. That said, whether or not money damages are available remains an open question. While one case has said that “courts, exercising their authority over the common law, may, in appropriate circumstances, recognize a tort action for damages to remedy a constitutional violation”, Katzberg v. Regents of University of California, 29 Cal.4th 300, 325 (2002), what constitutes an “appropriate circumstance” is up for debate, and it would be quite risky to assume money damages are available from the government in such a lawsuit.
3. The Information Practices Act (California Civil Code section 1798, et seq.)
California’s Information Practices Act (IPA) broadly protects people’s interest in the confidential and private information stored in government files. While an extensive analysis of the IPA is outside the scope of this FAQ, whether a claim for the DOJ’s data leak is viable likely depends on whose privacy interest is being pursued. An IPA claim will require arguing that a plaintiffs’ privacy interest is greater than the public’s right to know, even though the leak was not intentional (as far as we know). In addition to actual damages as well as attorney’s fees and costs, a successful plaintiff under the IPA can recover $2,500 in exemplary damages if they prove the leak was intentional.4. Public Disclosure of Private Facts
This claim requires a Plaintiff to prove that (1) a defendant publicized private information concerning the plaintiff; (2) that a reasonable person in the plaintiff’s position would consider the publicity highly offensive; (3) that the defendant knew, or acted with reckless disregard of the fact, that a reasonable person in the plaintiff’s position would consider the publicity highly offensive; (4) that the private information was not of legitimate public concern [or did not have a substantial connection to a matter of legitimate public concern]; (5) that the plaintiff was harmed; and (6) that the defendant’s conduct was a substantial factor in causing the plaintiff’s harm. (from jury instructions)
In addition, caselaw precedent holds that in order to be actionable, the information revealed must itself be offensive to the reasonable person. The California Supreme Court has stated that the published facts must be so offensive as to shock the community’s notions of decency. (4 California Torts § 46.03 (2022).)
One of the immediate challenges to a lawsuit making this claim is that a purely accidental divulsion may not be found to satisfy all of the legal elements to constitute an invasion of privacy under the law. One of the elements cited above is that “the defendant knew, or acted with reckless disregard of the fact, that a reasonable person in the plaintiff’s position would consider the publicity highly offensive”. If the leak was indeed accidental as the Attorney General currently claims, then there was no real intention behind the leak. They didn’t act knowing the information would be offensive to the people who had their information leaked, or with reckless disregard of that fact, instead, they just didn’t mean to leak this info at all. Of course, this calculus changes if it is later discovered the leak was intentional.
Even in that circumstance, there would still be the problem of establishing that the information leaked was itself “highly offensive”, as having a CCW permit does not shock the community’s notions of decency – although the leak of the street address might be considered offensive.
F. POTENTIAL PLAINTIFF FORM
If you are interested in serving as a plaintiff in a potential lawsuit regarding this breach of sensitive personal and confidential information, please contact us at either email@example.com or firstname.lastname@example.org Please do not be concerned that the form is not tailored to this particular incident. These are general forms to collect information.
VI. HELP CRPA HELP YOU
You can help CRPA help you by taking the following actions:
Its free, even if you aren’t a CRPA member. KNOWLEDGE is the first step to power.
We don’t care if you join under your real name. Many folks have even bought memberships for their pets. Feel free. It’s ironic though, because CRPA has NEVER had a data leak, and the information about our members and donors has never been sold or shared.
Volunteers are CRPA’s most powerful weapon!
Have fun, meet good people, and increase your influence locally. We can make a SUBSTANTIAL difference in local elections and politics.