Jump to ContentJump to Main Navigation
PrivacyThe Lost Right$

Jon L. Mills

Print publication date: 2008

Print ISBN-13: 9780195367355

Published to Oxford Scholarship Online: January 2009

DOI: 10.1093/acprof:oso/9780195367355.001.0001

Show Summary Details
Page of

PRINTED FROM OXFORD SCHOLARSHIP ONLINE (www.oxfordscholarship.com). (c) Copyright Oxford University Press, 2017. All Rights Reserved. Under the terms of the licence agreement, an individual user may print out a PDF of a single chapter of a monograph in OSO for personal use (for details see http://www.oxfordscholarship.com/page/privacy-policy). Subscriber: null; date: 23 May 2017

(p.357) APPENDIX IV “There Should Be a Law!”: Questions and Answers from Real Life

(p.357) APPENDIX IV “There Should Be a Law!”: Questions and Answers from Real Life

Oxford University Press

Is it legal for a supermarket to disclose that the wife of a political candidate shops at the store?

No federal law explicitly prohibits the disclosure of this information, and it is unlikely that state law would particularly address this information. A disclosure of this information may be contrary to the supermarket's privacy policy, however. The FTC considers a merchant's acting contrary to its privacy policy to be an unfair trade practice and has enforced similar matters, albeit when violations affect more consumers.1679 An isolated disclosure, however, probably would not lead the FTC to act.

May a merchant create an individualized consumer profile of items purchased and sell this information?

For those who shop online, it is not news that merchants create consumer profiles based on one's purchases. Some online merchants will use the information to provide new purchase recommendations to the consumer, which can be quite useful.

(p.358) However, what may be news is that merchants may sell information about your purchases if they don't promise not to. This is more troubling in the case of online purchases, as opposed to in-store purchases. Online, a merchant may collect information that cannot be gleaned from a credit-card swipe, such as a customer's shipping address, home phone number, and e-mail address.

In the case of in-store purchases, typically the only information a merchant has access to is the information contained on the face of a credit card. The information contained on the magnetic strip of a credit card contains no more personally identifiable information than appears on the face of the card.1680 The utility of associating just a name with purchases is questionable (e.g., did John Smith #1 purchase these items, or was it John Smith #2?).

Merchants may associate a customer's personal information with purchase information for chargeback purposes. No federal law seems to prevent a merchant from using this information for other purposes.

State law governs whether the merchant may request or require additional information to process the credit card. In California, for example, the merchant may not request any additional information from the card-holder for a standard point-of-sale purchase.1681

Is it legal for a public utility company to disclose a customer's Social Security number?

Federal law prohibits federal and state employees from disclosing a person's Social Security number.1682 The statute, however, does not appear to prevent municipal employees from disclosing such information. State law may also prohibit the disclosure of Social Security numbers.

At least one state court has recognized a Social Security number as “private and confidential information” protected under that state's (p.359) consumer-protection law, holding that a tenant is not required to provide a landlord this information to renew a lease.1683 If other courts followed the reasoning of this holding, a Social Security number could be more widely viewed as private information protected from disclosure.

Can a retail store sell a consumer's purchase record to a data broker?

Yes; however, the FTC may view this as an unfair trade practice if the practice violates the store's privacy policy.1684 There is no law that prevents the store from sharing statistical data after identifying information has been removed. However it is often possible to identify a person even after information has been removed.1685

May law enforcement use information obtained from a data broker?

Yes, and they do.1686 By using data brokers, the government is easily able to collect and use information for which it might need a search warrant to collect itself. Data collected and maintained by data brokers, however, may be inaccurate and difficult to amend.1687

May the federal government monitor the content of a citizen's e-mail?

Yes, but the monitoring procedure varies. If the messages the government seeks are downloaded from the mail server and stored on a user's computer, (p.360) the government must obtain a search warrant to access the user's computer. However, upon request, the government can require an Internet service provider to preserve evidence and maintain a copy of downloaded messages.1688 If messages are stored on a remote server, for example, through the use of Web mail or a Microsoft Exchange account, law enforcement may access the content of messages stored for over 180 days by using a search warrant, administrative subpoena, or court order. For messages stored for fewer than 180 days, a warrant is necessary. Although notice to the user is required when using an administrative subpoena or court order,1689 a district court may grant a delay of up to 90 days before the user is notified of the order.1690

In 2008, the Ninth Circuit ruled that a user has no reasonable expectation of privacy in the to and from addresses of e-mails or in the IP addresses of Web sites visited.1691 The Court reasoned that this information is analogous to phone numbers dialed, in which a person cannot maintain a reasonable expectation of privacy.1692 The Court asserted:

[E]-mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the Web sites they visit because they should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information.1693

The court analogized to earlier cases to suggest that a person does have a reasonable expectation of privacy in the contents of e-mails and in the URLs of Web sites visited.1694 If other courts follow the Ninth Circuit's reasoning, which is likely given that the opinion relies on settled Supreme (p.361) Court precedent, a person will not have a reasonable expectation of privacy in e-mail to and from addresses or IP addresses.

May a pharmacy sell information about a customer's nonprescription purchases to a data broker?

Yes. Although HIPAA prohibits the wrongful disclosure of individually identifiable health information,1695 nonprescription purchase information probably does not qualify as protected information under the statute.1696 Therefore, information about the purchase of condoms, yeast-infection cream, or enema bags probably would not be protected.

Can a data broker or credit-reporting agency sell information to a landlord or prospective employer?

In enacting the Fair Credit Reporting Act, Congress made the finding that “[t]here is a need to insure that consumer reporting agencies exercise their grave responsibilities with fairness, impartiality, and a respect for the consumer's right to privacy.”1697 However, there are many exceptions. The credit-reporting agency can sell information to any party if the subject of the credit report authorizes the release of the information in writing.1698 But in order for a prospective employer to use the information, the employer must provide additional disclosures.1699 Most concerning, however, is that a credit-reporting agency may provide a report to any business that has a “legitimate business need for the information” either in connection with (p.362) a transaction initiated by the consumer or for account-review purposes.1700 Thus, according to FTC commentary, “a consumer report may be obtained on a consumer who applies to rent an apartment, offers to pay for goods with a check, applies for a checking account or similar service, seeks to be included in a computer dating service, or who has sought and received over-payments of government benefits that he has refused to return.”1701


(1679) See Benita A. Kahn & Heather J. Enlow, The Federal Trade Commission's Expansion of the Safeguards Rule, 54 FED. LAW., Sept. 2007, at 39 (discussing the FTC's enforcement of unfair trade practices regarding the protection of personal information).

(1680) The ISO 7813 standard, which defines the data fields for credit cards, states that the magnetic information contains the account number, the name of the account holder, and the expiration date, among other nonidentifiable information. Wikipedia, ISO 7813, http://en.wikipedia.org/wiki/ISO_7813 (last visited May 20, 2008).

(1681) CAL. CIV. CODE § 1747.08(a) (Deering 2007). Exceptions to this statute include transactions in which a credit card is used to make a deposit to secure future payment, to make a cash advance, and to make a purchase that requires shipping, delivery, or installation of the purchased goods. Id. § 1747.08(c).

(1682) 42 U.S.C. § 405(c)(2)(c)(viii)(I), (III) (2007).

(1683) Meyerson v. Prime Realty Servs., LLC, 796 N.Y.S.2d 848 (Sup. Ct. 2005).

(1684) See Albrecht, supra note 674 (discussing supermarkets' use of consumer information obtained through store loyalty cards).

(1685) Id. at 536–37 (discussing the possibility of “data reidentification”).

(1686) See, e.g., Security Focus, U.S. Police Using Data Brokers, http://www.securityfocus. com/brief/233 (last visited May 9, 2008).

(1687) See, e.g., Dennis v. BEH-1, LLC, 504 F.3d 892 (9th Cir. 2007) (discussing the plaintiff's difficulty in having inaccurate information in his credit report corrected after a state court misreported a judgment against the plaintiff in public records); see also CHRIS JAY HOOFNAGLE, PRIVACY SELF REGULATION: A DECADE OF DISAPPOINTMENT (2005), available at http://epic.org/reports/decadedisappoint.pdf (including a letter from a data broker to a data subject brazenly stating that the subject has no rights). Data aggregators rely on the accuracy of data from underlying sources.

(1688) 18 U.S.C. § 2703(f) (2007).

(1689) Id. § 2703(b)(1)(B).

(1690) Id. § 2705. Further extensions of the delay of notification may be granted by the court. Id. § 2705(a)(4).

(1691) United States v. Forrester, 512 F.3d 500, 510–11 (9th Cir. 2008). The Court explained IP addresses: “Every computer or server connected to the Internet has a unique IP address. A website typically has only one IP address even though it may contain hundreds or thousands of pages.” Id. at 510 n.5.

(1692) Id. at 510. In Smith v. Maryland, 442 U.S. 735, 745–46 (1979), the Supreme Court stated that the use of a pen register, which records the numbers dialed from a phone, does not constitute a search for Fourth Amendment purposes. The Court asserted that “[a]ll telephone users realize that they must ‘convey’ phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed.” Id. at 742.

(1693) Forrester, 512 F.3d at 510.

(1694) Id. at 511, n.6.

(1695) 42 U.S.C. § 1320d-6 (2000).

(1696) 42 U.S.C. § 1320d(6) states:

The term “individually identifi able health information” means any information, including demographic information collected from an individual, that: (a) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and(b) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and:

  1. ((i)) identifi es the individual; or

  2. ((ii)) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.

(1697) 15 U.S.C. § 1681(a)(4) (2000).

(1698) Id. § 1681b(a)(2).

(1699) Id. § 1681b(b).

(1700) Id. § 1681b(a)(3)(F).

(1701) 16 C.F.R. § 600 app. (2007).