Brief Explanation Of Privacy Torts
A new wave of legal challenges to data collection is sweeping through the United States, with both civil and criminal suits claiming violations of privacy rights. These suits invoke a variety of laws, including common law torts and statutory claims under federal and state statutes.
The individual states in the United States are sovereign entities. Common law holds that the laws of each state, including state constitutional law and statutory or regulatory law, are independent of any other state’s laws.
” The states, in short, are separate sovereigns with respect to the Federal Government, and each is free to ignore federal regulations it deems inconsistent with its own interests.”
For example, the California Supreme Court has recognized that the right to privacy is a fundamental state constitutional right.
In civil suits, plaintiffs are often alleging violations of privacy. The U.S. Constitution provides no express right to privacy, but under the search and seizure clause of the Fourth Amendment, a person has an “inchoate privacy right” to be free from government surveillance.
The U.S. Supreme Court has held that the Fourth Amendment does not prohibit all government surveillance, but only when the government’s intrusion on an individual’s personal security is unreasonable. “What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection.”
Federal statutes may also require privacy protections. The Fair Credit Reporting Act – the primary statute governing consumer reporting agencies – imposes an obligation on these agencies to take reasonable steps to secure the information they collect and maintain on their customers against theft or unauthorized access.
Stored Communications Act
The Stored Communications Act also requires that the government obtain a search warrant for stored electronic communications. Similarly, under the Video Privacy Protection Act (VPPA), consumers are granted a statutory right to privacy with respect to their video rental or purchase records.
The Gramm-Leach-Bliley Act also requires financial institutions, including credit bureaus, to take “reasonable” steps to ensure the security and confidentiality of customer records.
The Children’s Online Privacy Protection Act (COPPA) imposes requirements to protect the privacy of information collected from children.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) imposes requirements on health care providers and other covered entities to maintain the security of protected health information. HIPAA provides a comprehensive set of standards for safeguarding personal and health information contained in records, and security safeguards are required for all electronically protected health information created or maintained by covered entities.
In addition, a number of state statutes also require the protection of personal information.
California Right To Privacy In The Digital Age Act
The California Right to Privacy in the Digital Age Act requires digital service providers that collect personally identifiable information about California residents to notify those residents about any breach of the security of the information and to provide consumer rights regarding that information. The statute also empowers the California Attorney General to require, after notice and public comment period, the adoption of industry-maintained “best practices” for safeguarding personal information.
While not within the purview of statutory privacy, it is possible to bring a cause of action for damages in tort under certain circumstances. The tort of invasion of privacy is a right to recover damages for the public disclosure of private facts about an individual.
The tort originated in the common law, rather than statutory law.
However, most states have adopted a variation of the privacy tort described in the Restatement (Second) of Torts § 652B. The Restatement provides that one who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of privacy.
In California, for instance, the common law tort for invasion of privacy is codified in Civil Code § 1798.1, which provides:
The liability created by this section shall apply to any person who has intentionally invaded another’s privacy, under circumstances where the other person has a reasonable expectation of privacy.
The courts have interpreted this statute to restrict the tort of invasion of privacy to circumstances “involving physical intrusion, rather than merely publicizing private facts,” but to otherwise allow the claims of intrusion and disclosure of private facts.
Similarly, a number of states require that the secret fact be one that would “highly offend” a reasonable person, or that the defendant has an “evil intent,” in order to support an award of damages for invasion of privacy.
In California, the statute has been modified to require that the secret fact be a matter of “legitimate public concern,” including whether or not the plaintiff has voluntarily placed the information in public view.
While many states have adopted privacy statutes, others follow the common law approach. However, unless the common law tort has been modified by statute, it is usually restricted to claims of intrusion and disclosure.