United States Privacy Laws – Part III

We’ve discussed how the states have passed privacy laws to protect their residents. We have also referenced the state and federal rules or regulations that are designed to promote transparency, security, accuracy, proper data collection, and accountability.

The Federal Constitution has not expressly mentioned the right to privacy. However, under Article I Section 1, the California Constitution has mentioned the “inalienable right to privacy” that is applicable to the government and private individuals. The courts have confirmed this fundamental right. In White v. Davis (1975) 13 Cal.3d 757, 774, the Supreme Court analyzed the facts and confirmed the right of privacy. In Hill v. National Collegiate Athletic Association (1994) 7 Cal.4th 1, 39, the Supreme Court outlined the following framework to decide whether there is a constitutional violation: (1) there must be a legally protected privacy interest; (2) there must a reasonable expectation of privacy; and (3) there must be a serious invasion of privacy interest.

There is also a common law right of privacy. First, there is intrusion into plaintiff’s seclusion. Second, false light as a result of false and negative publicity. Third, public disclosure of private facts. Fourth, there is the commercial appropriation of plaintiff’s name or likeness without consent. The courts have also recognized negligence as a cause of action when the defendant fails or refuses to manage data in a reasonable manner. In other words, the defendant can be sued for failing to comply with the industry data management standards if it causes damages to the plaintiff.

There has been a number of class action lawsuits in reference to online privacy and unauthorized tracking mechanisms. In In Re DoubleClick Privacy Litigation, the consumers alleged that DoubleClick was using unauthorized tracking mechanisms to follow their online activities. The plaintiffs alleged that DoubleClick had violated their rights under the state and federal Constitutions. So, as a result, they suffered from damages. The class action eventually settled and the defendant was forced to pay attorney’s fees and costs to the aggrieved parties.

Internet privacy laws have been recently implemented to promote online privacy and security. The following rules and regulations are some of the examples:

  1. Federal Trade Commission Act
  2. Electronic Communications Privacy Act
  3. Computer Fraud and Abuse Act
  4. Children’s Online Privacy Protection Act
  5. CAN-SPAM Act
  6. Gramm-Leach-Bliley Act – also known as the “Financial Modernization Act”
  7. Fair and Accurate Credit Transactions Act

Many states have promulgated rules and regulations to ensure consumer protection by regulating data breach notification protocols. Obviously, in recent years, the culprits have succeeded in gaining unauthorized access to third-party companies’ network servers. They have been able to extract personal information (e.g., name, address, telephone, email address, date-of-birth, credit card numbers, social security numbers) from the network computers without authorization and use them to gain a profit. Therefore, it is important for businesses to implement the proper data breach notification protocols.

We always recommend preparing for privacy violations before they happen. That is why training employees on a regular basis (e.g., every six months) is a crucial step in achieving this objective. You should also implement security measures within your computer network. For example, installing and using a network firewall is one of those steps. Also, implementing and using encryption technology is another important step. In short, encryption is a way to scramble information so unauthorized individuals cannot view the secured file. Encryption technology uses a special algorithm to hide the information. A virtual private network is another safe way to communicate with third parties. You can also implement and use two-factor authentication for gaining access to email or online storage accounts.

It’s important to know your legal rights and responsibilities when it comes to internet privacy laws. We can assist you in understanding the relevant rules and regulations. Please contact our law firm to speak with an internet privacy attorney at your earliest convenience.