
    Dale E. DUNCAN and Laura A. Duncan, Appellants, v. Thomas M. BELCHER, William Thomas Golden, Gary L. Peisen, United States Department of the Army, Appellees. and American Express Travel Related Service Company, Inc., Defendant.
    No. 86-2033.
    United States Court of Appeals, Fourth Circuit.
    Argued Jan. 8, 1987.
    Decided March 23, 1987.
    Rehearing and Rehearing En Banc Denied June 9, 1987.
    
      David J. Fudala (Hall, Surovell, Jackson & Colten, P.C., Fairfax, Va., on brief) for appellants.
    Robert C. Erickson, Jr., Civil Div., Dept, of Justice (Richard K. Willard, Asst. Atty. Gen., Washington, D.C., Henry E. Hudson, U.S. Atty., Alexandria, Va., Freddi Lip-stein, Larry L. Gregg, Civil Div., Dept, of Justice, Washington, D.C., on brief), for appellees.
    Before WINTER, Chief Judge, SPROUSE, Circuit Judge, and KAUFMAN, Senior United States District Judge for the District of Maryland, sitting by designation.
   HARRISON L. WINTER, Chief Judge:

Plaintiffs sued the Department of the Army, alleging that the Army violated their rights under the Right to Financial Privacy Act, 12 U.S.C. §§ 3401 et seq., by examining their American Express card records without their consent. At the close of plaintiffs’ evidence the district court, sitting without a jury, granted defendant's motion for an involuntary dismissal under Fed.R.Civ.P. 41(b). The district judge held that even though plaintiffs maintained the charge card in their names only and used it partly for personal expenses, they were not protected “customers” of American Express within the meaning of the Act. The district court also ruled that plaintiff Dale Duncan impliedly authorized the Army to examine the charge card records. We think these holdings overlook the plain language of the statute, and we reverse and remand for further proceedings.

I.

In the spring of 1983, the Army ordered Lieutenant Colonel Dale Duncan to establish and direct a cover organization for a secret military intelligence operation. Colonel Duncan founded the cover organization, known as Business Security International (BSI), in Annandale, Virginia in July 1983. Although BSI appeared to be a civilian company, its actual function was to provide security and counterintelligence support to U.S. Army special operations around the world.

To carry out his duties, Colonel Duncan was required to travel extensively, and as a result he incurred very large travel expenses. From March, 1983 to September, 1983, for example, his travel expenses amounted to approximately $157,000. He charged many of these expenses to his American Express card, which he and his wife, Laura Duncan, had held in their own names since 1969. He was later reimbursed for these charges by the government. Colonel Duncan’s official travel expenses accounted for about 90% of his American Express charges, while the Dun-cans’ personal expenses accounted for the remaining 10%. After August, 1983, however, it was no longer necessary for Duncan to charge Army expenses to his personal account because BSI issued its employees a corporate American Express card.

In mid-August, 1983, Colonel Duncan asked BSI’s office manager, William Golden, to conduct an audit of the company’s finances. Duncan never gave Golden any specific instructions on how to prepare the audit, nor did he expressly authorize Golden to examine his personal financial records. Shortly thereafter, Duncan left on a previously planned trip to Europe. While Duncan was away, Golden began the audit and noticed what he thought were irregularities in Colonel Duncan’s handling of his expenditures. Without obtaining the Duncans’ consent, Golden arranged to obtain their charge card records from American Express. He did not obtain a subpoena or court order for the records because “this account was used for Government business,” because Duncan had already instructed him to audit BSI’s records, and because a subpoena or court order might jeopardize “the integrity of the cover.” It is not entirely clear how Golden induced American Express to release the records. Golden testified that he arranged for a government agent to identify himself to American Express as a “Special Investigator” for the Defense Department and to promise American Express that the records would not be used in a criminal prosecution. An Army investigator, however, testified that Golden’s agent “had gone down to American Express, had a contact with a girl friend and had obtained [the records] that way.”

Thereafter the Duncans filed this suit for statutory, compensatory and punitive damages, arguing that the Army violated their rights under the Right to Financial Privacy Act, 12 U.S.C. § 3401, by obtaining the records without a subpoena, search warrant, court order or the Duncans’ express written consent. The district court granted the Army’s motion for involuntary dismissal, holding that the Duncans were not protected “customers” under the Act because their American Express records “were primarily and substantially and nearly all records of BSI expenditures.” The court remarked that “BSI, for all intents and purposes, was really the customer here.” In addition, the district court ruled that Colonel Duncan had impliedly authorized release of the records by ordering an audit of BSI. Finally, the court supported its dismissal of the case by observing that neither plaintiff had made an adequate showing of actual damages.

II.

Congress passed the Right to Financial Privacy Act of 1978 partly in response to United States v. Miller, 425 U.S. 435, 96 S.Ct. 1619, 48 L.Ed.2d 71 (1976), which held that a bank customer has no Fourth Amendment expectation of privacy in records of his or her personal bank accounts. The operative section of the Privacy Act provides that “no Government authority may have access to or obtain copies of, or the information contained in the financial records of any customer from a financial institution” unless the government obtains a subpoena, a summons, a search warrant, or the customer’s written consent, or unless the government submits a formal written request that complies with certain procedural requirements. 12 U.S.C. § 3402. The Act defines a “customer” as follows:

[C]ustomer means any person or authorized representative of that person who utilized or is utilizing any service of a financial institution, or for whom a financial institution is acting or has acted as a fiduciary, in relation to an account maintained in the person’s name.

Id. § 3401(5). A “person,” in turn, is defined as “an individual or a partnership of five or fewer individuals.” Id. § 3401(4).

We think the Duncans clearly fit this definition of a “customer.” Dale and Laura Duncan are “persons” who “utilized” a “service of a financial institution,” and that service was related to “an account maintained in [the Duncans’] name.” American Express qualifies as a “financial institution” because it is a “card issuer” within the meaning of 12 U.S.C. § 3401(1). The district court’s apparent conclusion that the Duncans did not “utilize” the charge account, and that BSI was the actual “customer,” rests on a misinterpretation of the statute.

To begin with, we doubt whether a company such as BSI can ever be a “customer” under the Act, since a customer is defined as an individual or partnership of five or fewer individuals, 12 U.S.C. § 3401(5), and BSI was neither an individual nor apparently was it organized as a partnership. See Pittsburgh National Bank v. United States, 771 F.2d 73, 75 (3 Cir.1985) (holding that a corporation was not a “customer” of a bank); Spa Flying Service, Inc. v. United States, 724 F.2d 95, 96 (8 Cir.1984); see also Donovan v. National Bank of Alaska, 696 F.2d 678, 683 (9 Cir.1983) (observing that records of employee benefit plans were not records of “customers”). We recognize that the Act also states that a customer’s “authorized representative” can be a customer for the purpose of the Act. But Duncan never gave BSI authority to make charges on the card, and certainly never gave BSI such complete authority over the charge account as to make BSI his “authorized representative” or to qualify BSI as a “customer” of American Express. In our view, it cannot be said, consonant with the provisions of the Act, that BSI was a customer of American Express merely because one of its employees charged company expenses on his American Express card.

We think instead that the Duncans were customers of American Express and were entitled to the protections of the Privacy Act. The district court apparently held that the Duncans did not “utilize” the charge account because it was “primarily and substantially” given over to BSI expenses. But the Duncans did “utilize” the charge card for some personal expenses; ten percent of their quite substantial charges were attributable to personal items. And in any case, the statute’s definition of a “customer” does not turn on the individual’s ratio of business to personal expenditures, but on whether the individual maintains the financial account in his or her name only. The Act by its terms protects any person who uses a financial service “in relation to an account maintained in the person’s name.”

The Army stresses that such a reading of the statute will afford protection to any financial account held in an individual’s name, even if the account is entirely devoted to business purposes. The Army argues that the government should at least be allowed to examine ostensibly private accounts that are primarily used for business purposes. One problem with this argument is that it may be difficult to determine which accounts are used primarily for business: the dollar totals, for example, may be misleading because an individual might charge many small personal items and only a few large business items. But even if business accounts can be distinguished from personal accounts, the more fundamental problem is how the government can screen out business accounts without first examining the accounts themselves. In other words, it would be impossible to determine whether a card held in an individual’s name was “primarily” for business without an examination of the records to ascertain what proportion of expenses on the card were for business, and thus to risk a violation of the Act if it is found that the card was not used primarily for business. Such a procedure would wholly eviscerate the Act, whose central principle is that government should follow certain procedures before, not after, it examines private records. The statute does not establish any screening procedure, and it does not require “customers” to demonstrate that their accounts are primarily for personal charges. Instead, it dictates that a person is a protected “customer” if that person uses a financial service “in relation to an account maintained in the person’s name.” Because the Duncans maintained their American Express account in their own names only, we hold that they were “customers” under the Act.

The Army argues that compliance with the Act would have jeopardized national security in this case because it would have destroyed BSI’s cover. We disagree. The Privacy Act provides that when an intelligence agency requires financial records “for purposes of conducting” intelligence activities, the government can obtain the records by giving the financial institution a “certificate” of authority and by keeping an “annual tabulation” of records obtained in this manner. 12 U.S.C. §§ 3414(a)(1)(B), 3414(a)(2), 3414(a)(4). Had the Army followed that procedure in this case, the American Express officials would have been required by the Act to keep the matter confidential. Id. § 3414(a)(3).

The Army also argues that application of the Act in cases such as this will interfere with military discipline and law enforcement in general. As the Army acknowledges, however, “[t]he most salient feature of the Act is the narrow scope of the entitlement it creates.” Securities and Exchange Commissioner v. Jerry T. O’Brien, Inc., 467 U.S. 735, 745, 104 S.Ct. 2720, 2726, 81 L.Ed.2d 615 (1984). The Act’s provisions hardly insulate private accounts from investigation by government agencies. On the contrary, the Act merely establishes summary procedures for government investigators to follow. The government can obtain protected financial records if it obtains a subpoena, a search warrant, a court order, or the customer’s written consent. 12 U.S.C. § 3402. The government can also obtain the records if they are necessary to prevent injury, property damage or flight from prosecution, id. § 3414(b)(1), to conduct intelligence activities, id. § 3414(a)(1)(A), or to facilitate the Secret Service’s protective functions, id. § 3414(a)(1)(B). We do not think it will significantly impair law enforcement to extend the Act’s protections to personal accounts used for both personal and business purposes.

III.

We are also persuaded that the district court was in error in concluding that Colonel Duncan impliedly authorized disclosure of his records by ordering an audit of BSI. The Privacy Act does allow the government to obtain records with the customer’s consent, but only by a “signed and dated statement” that recites the nature of the records, the purposes of disclosure, the customer’s rights and other information. 12 U.S.C. § 3404(a). The record does not establish that Duncan executed an authorization that satisfied the detailed requirements of § 3404. The district court’s finding that Duncan authorized disclosure is therefore clearly erroneous and must be reversed.

IV.

Finally, we note that the district court seems to have thought it relevant that plaintiffs proved little, if any, actual damage at trial. If the government is found liable under the Act, plaintiffs are entitled to $100 statutory damages regardless of whether they prove actual damages. 12 U.S.C. § 3417(a)(1). The district court’s finding of no liability was therefore in error to the extent that it rested on plaintiffs’ failure to prove actual damages.

V.

Because the Duncans were “customers” of American Express, and because Colonel Duncan did not expressly authorize disclosure of the records, we reverse the judgment of the district court and remand for further proceedings. They may be conducted on the present record with such supplementation as the parties request and the district court allows.

Reversed and Remanded. 
      
       The implied premise of this statement is that an audit of past expenditures made in a program of intelligence activities is "for the purposes of conducting” intelligence activities. It is our view that the premise is correct.
     