Privacy is a tricky subject in the US, in large part because we don’t do much to protect it. On the consumer side, American consumers tend to opt for convenience over security, as anyone who has ever done online banking in Europe can attest. On the legal side, there is no overarching privacy law governing the protection of personal data. Instead we make do with a hodge-podge of state laws and federal laws intended to cover certain industries or limited ranges of data, such as e-mail communications or health information. Many of the state laws focus on notice after a breach, rather than protecting the data itself, leaving most consumer with two options: keep your data to yourself or enter into a contract to protect your information.
A recent case out of Louisiana illustrates the limits to the latter approach. In Pinero v. Jackson Hewitt Tax Service Inc., a Louisiana court decided that simply dropping old tax records in a dumpster doesn’t violate that state’s notification law, and that the plaintiff could not recover based on a signed “privacy policy,” at least absent actual damages. While the former is surprising enough, the latter decision would seem to allow businesses a fair amount of leeway in the handling of personal data even in the face of a clearly stated (and agreed to) policy.
It’s a somewhat chilling reminder that privacy protection is a do-it-yourself activity in this country.
Similar Posts:
- None Found
{ 0 comments… add one now }