Remsburg v. Docusearch, Inc.

What happened

In 1999, a 20-year-old man in New Hampshire named Liam Youens contacted Docusearch, a Florida-based information broker. He paid by credit card. He gave the name of a young woman, Amy Boyer, and asked Docusearch to find her workplace and home address.

Docusearch ran a "pretext" call. An employee called Boyer pretending to be a survey researcher and convinced her to give up her workplace. The information went back to Youens.

On October 15, 1999, Youens drove to Boyer's workplace, shot and killed her, and then killed himself. Boyer's mother, Helen Remsburg, sued Docusearch in federal court. The federal court certified questions of New Hampshire tort law to the New Hampshire Supreme Court.

In February 2003, the New Hampshire Supreme Court ruled that Docusearch could be held liable. The case eventually settled, with reports of a payment in the seven figures.

What the court actually held

The federal district court asked four questions. The New Hampshire Supreme Court answered each one in favor of allowing the suit to proceed.

Duty of care. An investigator who sells personal information to a third party owes a duty of reasonable care to the subject of the information when the risk of criminal misuse is foreseeable. Boyer had no relationship with Docusearch. The court held that did not matter. The duty arose from the foreseeability of harm in the broker's chosen line of business.

Foreseeability. Stalking and identity theft were known risks of broker disclosure as of 1999. The court did not require Docusearch to have known specifically that Youens was dangerous. It required Docusearch to have known that selling a young woman's home address and workplace to a stranger could lead to stalking. That knowledge was constructive, built into the industry.

Pretexting. Obtaining the workplace by deception, the court held, is itself an actionable invasion of privacy under New Hampshire law (intrusion upon seclusion). The pretext call was independent grounds for liability separate from the sale.

Sale of address. Selling a home address obtained from public records is not, on its own, actionable. But when paired with the pretext call and the foreseeable risk, the package of conduct supported a negligence claim.

The court did not rule on whether Docusearch was actually liable. That was a fact question for the federal jury. The case settled before the jury reached a verdict.

Why this matters to first responders

The decision is twenty-plus years old, and it is still the high-water mark for broker civil liability in the United States. Most states have not followed it. New Hampshire's reasoning has been cited in many subsequent broker cases but rarely adopted as the controlling rule.

What it gives officers and their families is a template. If a data broker sells your information to someone who then comes to your home or workplace and harms you or your family, this case is the legal hook. The elements:

• Foreseeability of criminal misuse, which is well-established for the broker industry now
• Identifiable victim, where the sale was tied to a specific named subject
• Causal chain from sale to harm, where the buyer used the broker's data to find the victim

If you can show all three, Remsburg is on your side in any state that respects out-of-state common-law authority. That is most of them.

What it doesn't reach

This case does not give you a remedy without harm. It is a tort case, and torts require damages. If a broker has your home address listed but no one has used it to hurt you or your family, Remsburg is not your tool. Daniel's Law and the DPPA are the right hooks for prospective removal.

The case also has limits the court did not flag explicitly:

• State-by-state. Other state supreme courts are not bound. California and New York have similar reasoning in scattered lower-court opinions but not at the supreme-court level.
• Foreseeable to whom. Modern brokers argue they cannot foresee criminal misuse because they sell at scale. That argument has gotten worse for them as the case law has accumulated, but it is still raised.
• Pretexting today. The pretext-calling theory has been weakened by federal preemption arguments and by the broker industry's shift away from explicit pretext calls toward bulk data resales. The negligence theory is more durable.

Downstream impact

The Boyer murder is the predicate for the federal Gramm-Leach-Bliley pretexting prohibition (which targets pretexting for financial information specifically) and for state-by-state restrictions on private investigator practice. The case is cited in nearly every modern broker-tort suit, including the Atlas-style enforcement that came two decades later.

The case also drove media coverage that made "data broker" a phrase the general public understood. Before Boyer, the industry operated mostly invisibly. After, every major newspaper had a story on what brokers do.

The Boyer-Docusearch incident page has the underlying facts in more detail. That page covers what happened. This page covers the legal holding.

Where the case falls short

The remedy is reactive. Boyer was already dead when her mother filed suit. The settlement helped the family financially but did not bring her back. Every lever in the modern privacy stack, Daniel's Law, the Lieu Act, the state ACPs, the DPPA, exists because Remsburg-style after-the-fact tort liability is too late.

The case is also limited by the broker industry's ability to settle confidentially. The seven-figure resolution sent a signal but did not establish a public verdict that future plaintiffs could point to without relitigating the facts.

What this case taught the industry

The bigger brokers tightened their know-your-customer screens after Boyer. The smaller brokers did not. Twenty-five years later, the bottom of the broker market still operates much the way Docusearch did, with weak verification and high willingness to sell. That is what the DPPA and Daniel's Law were built to backstop.

What we do here

We track every broker that has been named in a Remsburg-style tort case, every settlement, and every regulatory action. When a broker has a documented history of selling to bad actors, that goes on the file we maintain. If you are a covered person and one of those brokers shows up holding your data, we know to escalate harder and faster.