Ephemerallaw: An Interesting Application of Privacy Laws

Sunday, February 17, 2008

An Interesting Application of Privacy Laws

Here's an interesting article about a consumer who has used a data exposure notification law for an novel purpose: punishing an electronics distributor for bad customer service. What happened was as follows:
1) Raelyn Campbell brings her laptop into Best Buy for service.
2) Best Buy loses laptop.
3) Raelyn contacts best buy asking when her laptop will be ready.
4) Best Buy gives Raelyn the runaround
5) Steps 3-4 repeated for four months.
6) Realyn sues Best Buy...for $54,000,000.
So where's the privacy angle in all this? It turns out, that the sequence of events describes above should have included a step 2a) Tell Raelyn that her laptop, which contained her tax returns, was lost. The reason (other than the fact that it's the right thing to do from a moral and customer relations standpoint) is that such notification seems to be required by the District of Columbia's security breach notification act. That law, which it appears that Best Buy did not comply with, is the basis for Raelyn's $54,000,000 suit.

The next question, of course, how much this is going to end up costing Best Buy. The short answer is: not $54,000,000. The relevant statute does authorize individuals to file suit against entities who have not complied with the statute's requirements (see here). However, it allows a recovery of actual damages plus costs (including attorney's fees), and Raelyn admits that the $54,000,000 figure was pulled out of the air for the purpose of making a statement. However, Best Buy isn't going to get off cheap either. When Raelyn originally learned that the laptop had been lost, she offered to settle with Best Buy for $2,100. As an attorney, I can safely say that Best Buy will spend more (likely much more) in legal fees just dealing with the case. Moreover, there's the cost of actually paying Raelyn's damages (cost of the laptop and any data stored on it, time wasted trying to get the laptop back, attorney's fees, and court costs). All in all, my guess is that before the end of this suit, Best Buy will institute a policy of simply replacing lost laptops for customer in states with security breach notification laws that allow for individual suit.

If that prediction turns out to be correct, it would be a powerful example of how allowing consumers to protect the security of their own data can have beneficial effects beyond consumer privacy (in this case improving customer service); something to consider when people ask why they should care about the privacy of information.

No comments:

Post a Comment

Privacy Statement

The authors value the privacy of their blog viewers. This site does not currently collect personal identifying information ("PID"), except: (1) to the extent that your browser provides PID, like your e-mail address or the site you linked from, to this site's server; (2) to the extent that you provide PID to this site in an e-mail; and (3) to the extent that you provide PID to this site in a CGI form (for example, when you complete a search request on this site’s “Search this Site” search feature. Your PID will be used only for the specific purpose for which you submitted the PID, except that it may be used in an aggregated form to gauge the popularity of this site. "Cookies" are pieces of information that some web sites transfer to the computer that is browsing that web site, and are used for record-keeping purposes at many web sites. Use of Cookies performs certain functions such as saving your passwords, lists of potential purchases, and your personal preferences regarding your use of the particular web site. This site uses Cookies to gather anonymous traffic data. Your browser is probably set to accept Cookies. However, if you would prefer not to receive Cookies, you can alter the configuration of your browser to refuse Cookies. This site contains links to other sites. The authors and their employers do not share your personal information with those sites and are not responsible for their privacy policies. We encourage you to learn about the privacy policies of those entities. Children under 13 years old are not the target audience of this site. To protect their privacy, the authors prohibit the solicitation of personal information from these children. The authors reserve the right to change this Privacy Policy at any time by posting a new privacy policy at this location. You can e-mail any further questions to wmorriss@fbtlaw.com.

Disclaimer

This site is provided for informational purposes only. The views expressed herein are solely those of the authors and should not be attributed to their employer or their clients. These materials do not constitute legal advice and do not create an attorney-client relationship between you and us. Please note that you are not considered a client until you have signed a retainer agreement and your case has been accepted by us. This site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Got it? THIS SITE IS "AS IS." WE MAKE NO REPRESENTATIONS AS TO THE ACCURACY, TIMELINESS OR COMPLETENESS OF THE STUFF HERE AND YOU SHOULD NOT RELY UPON IT. USE AT YOUR OWN RISK. WE EXPRESSLY DISCLAIM ALL WARRANTIES. This may be an advertisement. Your mileage may vary. Past performance does not guarantee future returns. Do not run with scissors. NOTE: This disclaimer is largely taken from the established and extremely well written blog Patent Baristas.

Ephemerallaw

Sunday, February 17, 2008

An Interesting Application of Privacy Laws

No comments:

Useful Resources

Blog Archive

Contributors

Other Sites

Privacy Statement

Disclaimer