SC Lawyer, Sept. 2004, #7. Privacy policies: is there really a choice anymore?.

• Author: By Sarah B. Kemble

South Carolina Lawyer

2004.

SC Lawyer, Sept. 2004, #7.

Privacy policies: is there really a choice anymore?

South Carolina LawyerSeptember 2004Privacy policies: is there really a choice anymore?By Sarah B. KembleDue to technology that allows companies and the government to collect, correlate and cross-reference a vast body of personal data about consumers through data mining, the meaning of "private" information is being redefined.

Until very recently, companies had a choice as to whether to assuage concerns about the steady erosion of consumer privacy in e-commerce by adopting policies limiting the free dissemination of information collected from Internet users. Consumers also had a choice as to whether to support comprehensive federal legislation or industry self-regulation as the preferred course of action. Now, a single state - California - appears to have foreclosed any choice by its enactment of the Online Privacy Protection Act (OPPA), which became effective July 1, 2004. The OPPA applies to any commercial Web site operator or online service that collects "personally identifiable information through the Internet about individual consumers residing in California." Cal Bus & Prof Code § 22575(a). Because the geographical location of the operator is irrelevant, for all practical purposes the OPPA has the scope and impact of a federal privacy law. Accordingly, every business across the nation that collects personally identifiable information (PII) from or about California residents must be in compliance with the OPPA.

The redefinition of private information

Due to technology that allows companies and the government to collect, correlate and cross-reference a vast body of personal data about consumers through data mining, the meaning of "private" information is being redefined. Beyond the obvious type of information that is often considered confidential - sexual, medical, financial - is information that would not be considered sensitive in isolation, but that becomes sensitive when aggregated through data mining and profiling. Consumers are all too familiar with the correlation of purchasing habits and income and credit information to create profiles for purposes of targeted marketing by mail, telephone and e-mail. A typical consumer does not care whether someone standing in the check-out line observes the book title or groceries she is about the purchase. The same consumer, however, may be reluctant to have the neighbors know of every single purchase of clothing, drugs, magazines, food and household items made in the past five years. Consumer privacy now demands some measure of control not only over what type of data is disclosed, but over how much and to whom.

State common law privacy torts

State common law invasion of privacy tort actions are of limited utility to consumers concerned with the dissemination of PII or data profiles because such claims are designed largely to protect sensitive information that is obtained surreptitiously or that would be embarrassing if publicly disclosed. South Carolina recognizes three privacy torts: wrongful intrusion into private affairs, wrongful appropriation of personality and wrongful publicizing of private affairs. Snakenberg v. Hartford Casualty Ins. Co., 299 S.C. 164, 170, 383 S.E.2d 2, 5 (1989). Wrongful intrusion means "watching, spying, prying, besetting, overhearing, or other similar [intrusive] conduct" into that which is "private" - meaning those aspects of the plaintiff, "his home, his family, his personal relationships and his communications which one normally expects will be free from exposure to the defendant." 383 S.E.2d...