A bank which purchased the names and addresses of more than650,000 people in the US has been ordered to pay a $50 millionfine. The case was brought by a Florida resident against FidelityBank and also included the Electronic Privacy InformationCentre.

A court in the US has ordered the payment because it said thatthe bank had violated the Drivers Privacy Protection Act. Thatfederal law was enacted in order to protect drivers from beingtracked down through their driving records.

The law was based on a Californian state law which was passedafter the actress Rebecca Schaeffer was killed by an obsessed fanwho tracked her down through driving records.

James Kehoe sued the bank for its purchase of the records, whichhe said it used to market car loans to drivers in Florida. EPICjoined the suit at a later date.

A district court in Florida found that Kehoe had to prove actualdamage to him before he could be awarded financial damages. Heappealed that decision and won.

Kehoe's class action lawsuit said that Fidelity Federal Bank andTrust had managed to purchase the data over a three year period to2003 for just $5,656. EPIC filed a 'friend of the court' brief insupport of Kehoe's case.

"A narrow interpretation of the DPPA that does not awardliquidated damages would create a risk that commercial data brokerswill continue to acquire and resell personal information from motorvehicle records," said EPIC's brief. "Similarly, a privateinvestigator might continue to access motor vehicle records unlessthere is a strong default punishment. Plaintiffs, unless theymanufacture losses, face hurdles in showing that merely accessingthe motor vehicle record or receiving junk mail constitutes anactionable harm.

"What people suffer from the unauthorized distribution of theirprivate information is a privacy violation of a nature so elusiveto quantify that it explains the DPPA's provision of a fixedminimum sum as appropriate compensation," said the brief.

EPIC argued that unless there were financial damages awarded,the DPPA's usefulness as an anti-stalker law would be hampered."Without liquidated damages, an individual whose personalinformation was purchased by a stalker or potential attacker wouldnot be entitled to recovery until they were actually harmed," itsaid.

This is cache, read story here