LINDA ANN BAILLIE, individually, as Personal Representative of the Estate of JAMES DONALD BAILLIE, II, and on behalf of all heirs and next of kin of JAMES DONALD BAILLIE, II, deceased, Plaintiff,
BRITISH AIRWAYS PLC, Defendants.
[PROPOSED] ORDER REGARDING PROTECTION OF CONFIDENTIAL DOCUMENTS AND INFORMATION
RALPH ZAREFSKY, Magistrate Judge.
This is a wrongful death lawsuit filed by plaintiffs LINDA ANN BAILLIE, individually, as Personal Representative of the Estate of JAMES DONALD BAILLIE, II, and on behalf of all heirs and next of kin of JAMES DONALD BAILLIE, II, deceased (hereinafter collectively referred to as "plaintiffs"). Plaintiffs' decedent James Donald Baillie, II, was a passenger on board defendant BRITISH AIRWAYS, PLC ("hereinafter referred to as British Airways") flight 289 from London to Phoenix on March 23, 2012. Plaintiffs' decedent allegedly suffered a heart attack onboard the aircraft and died as the result of said heart attack several months after the subject flight, on June 1, 2012. Plaintiffs allege that British Airways failed to follow its own operational procedures by not providing James Donald Baillie, II with prompt, competent medical treatment onboard the subject flight.
Plaintiffs have propounded discovery to British Airways seeking, among other things, British Airways' proprietary training manuals and internal policies and procedures with respect to responding to in-flight medical emergencies. Plaintiff has also requested personal and private contact information for other passengers on board British Airways flight 289 on March 23, 2012. British Airways is precluded from disclosing the requested passenger contact information in the absence of a protective order by U.S. federal regulations and by privacy legislation applicable to all data stored in the European Union.
A. 14 C.F.R. Part 243 Prohibits the Disclosure of Passenger Contact Information without a Protective Order.
The Aviation Security Improvement Act of 1990, including 14 C.F.R. Part 243, was enacted in response to such aviation disasters as TWA Flight 103, which exploded over Lockerbie, Scotland, and the shootdown of Korean Airlines Flight 007 by the former Soviet Union. 14 C.F.R. Part 243 requires air carriers to collect the full names of U.S. citizens traveling on flight segments to or from the United States, along with passport numbers, and to solicit a contact name and telephone number for each passenger. See 14 C.F.R § 243.7(a). The provision was enacted to enable air carriers to locate and notify the next of kin in the event of an aviation disaster. See 14 C.F.R. § 243.1. The statute explicitly provides that the passenger list and contact information may not be released, except to the family of a passenger, the State Department, or to the National Transportation Safety Board. See 14 C.F.R § 243.9(d).
Federal courts interpreting the reach of 14 C.F.R. Part 243 in the context of civil litigation have held that passenger information must be produced pursuant to a protective order. See Wallman v. Tower Air, Inc., 189 F.R.D. 566, 569 (N.D.Cal. 1999) (holding that the confidentiality provisions of 14 C.F.R. Part 243 justified the imposition of a protective order restricting access of passenger contact information to counsel and the court and limiting the use of passenger contact information to the litigation and requiring its return or its destruction when the litigation was over); Nathaniel v. American Airlines, 2008 WL 5046848 (D.Virg. Islands 2008) (same). Accordingly, British Airways seeks the entry of this stipulated protective order in order to comply with U.S. precedent interpreting 14 C.F.R. Part 243.
B. European Union Privacy Law Prohibits the Disclosure of Personal Data for British Airways Passengers without a Protective Order.
British Airways maintains its headquarters and its principal place of business in the United Kingdom, and is thus subject to the laws of that nation, including the European Data Protection Directive 95/46/EC, 1995 O.J. (L 281) (EC) ("Data Protection Directive"), as implemented in the United Kingdom by the Data Protection Act, 1998, c. 29 (Eng.) ("Data Protection Act of 1998").
The Data Protection Directive requires European Union member nations to protect the right to privacy of natural persons with respect to the "processing" of "personal data." The definitions of "processing" and "personal data" are very broad. "Personal data" encompasses any information relating to a natural person. Data Protection Directive, Art. 2. The "processing" of personal data means any set of operations that is performed upon personal data, whether or not by automatic means. Id. The Data Protection Directive applies to all data stored by a data controller located in a European Union member state (such as British Airways). Id., Art. 4. The Data Protection Directive specifically prohibits sending personal data to any country without a "level of [data] protection" considered "adequate" by the standards of the European Union, as articulated by the European Union Commission. Id., Art. 25. To date, the European Union Commission has not designated the United States as a country that offers this "adequate level of protection, " although the European Union Commission has entered into an Agreement with the United States which allows the transfer of passenger information to the United States Department of Homeland Security, only. See 2007 Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record data by air carriers to the United States Department of Homeland Security, accessible at http://eur-lex.europa.eu/LexUriserv/site/en/oj/2007/l_204/l_20420070804en00180025.pdf, last accessed November 12, 2013. Accordingly, absent the application of an exception to the requirements of the Data Protection Directive, British Airways would ordinarily be prohibited from disseminating passenger contact information to entities or natural persons in the United States.
As with all European Union Directives, the tenets of the Data Protection Directive must be implemented with local legislation in European Union member states. In the United Kingdom, the Data Protection Directive was implemented by way of the Data Protection Act of 1998. The Data Protection Act of 1998 provides an exception to the prohibitions on transfer of personal data to other countries, where "the transfer is necessary for the purpose of, or in connection with, any legal proceedings; is necessary for the purpose of obtaining legal advice, or is otherwise necessary for the purposes of establishing, exercising or defending legal rights." Data Protection Act of 1998, Schedule 4. This exception is plainly applicable to the requested passenger information in the present case because Rule 34 of the Federal Rules of Civil Procedure requires the production of non privileged, relevant documents and electronic information within British Airways' possession, custody or control. The disclosure of the requested passenger information is also necessary to allow the attorneys for plaintiffs to obtain third party witnesses who observed the incident involving plaintiffs' decedent.
With respect to the requested policies and procedures and training documents, these documents are confidential and proprietary materials which British Airways has spent enormous amounts of time and resources in developing. They are not available to the public, and British Airways would suffer irreparable harm if its confidential and proprietary trade secrets were made publicly available in the context of this litigation.
Based upon the foregoing and the stipulation of the parties, and good cause appearing therefor, IT IS HEREBY ORDERED as follows:
1. British Airways may designate all items, including documents, and tangible things containing passenger contact information and/or British Airways training manuals and internal policies and procedures with respect to responding to in-flight medical emergencies trade secrets and other proprietary information, as confidential and subject to the terms of this protective order, so long as any such designation is made in good faith. All documents designated as confidential hereunder shall be marked prior to production by placing the legend "CONFIDENTIAL" on each page of the document. Except as otherwise ...