November 2012

In its Memorandum Opinion and Order dated November 9, 2012, the US District Court for the Northern District of Alabama in Pinkard v. Wal-Mart Stores, Inc. held that under the Telephone Consumer Protection Act (TCPA), when an individual discloses his or her cellular phone number to a business, that individual is deemed to have expressly consented to receive telephone calls and text messages from that business unless he or she has expressly limited the scope of such consent at the time of the disclosure.  

The U.S. Supreme Court heard arguments last month in Clapper v. Amnesty International, a case that asks the Court to determine whether a group of lawyers, journalists, and human rights workers have standing to challenge the federal government’s international electronic surveillance program under the Foreign Intelligence Surveillance Act.  The plaintiffs alleged Fourth Amendment privacy violations among other things, and injury from the likelihood that the government was recording their conversations with clients and sources overseas.  But the plaintiffs could not say with certainty whether any eavesdropping occurred, giving rise to the standing issue before the Court.

Clapper involves standing in the context of constitutional privacy, but the same general standing requirements apply in consumer privacy actions.  Standing is one of the initial hurdles of any would-be plaintiff, and the first element of standing is injury-in-fact.  In the developing area of consumer privacy litigation, recent cases reflect uncertainty in the federal courts as to what constitutes injury-in-fact sufficient to confer standing.

The European Commission’s revised data protection framework proposals include provisions intended to encourage the use of data protection privacy seals, certification mechanisms and trust marks.  These provisions would allow data subjects to instantly assess the privacy standards applied by data controllers and processors, thereby providing the comfort that data subjects often seek.  The UK Information Commissioner’s Office (the “ICO”) supports the use of privacy seals and has issued an online survey to gather feedback on how privacy seals may be used to improve data protection compliance and customer privacy awareness.

As health care providers, patients, family members, friends, and disaster relief agencies such as the American Red Cross continue to grapple with the aftermath of Hurricane Sandy it is important to be mindful of privacy regulations and to prepare in advance for the next emergency. The Health Insurance Portability and Accountability Act  of 1996 (“HIPAA” or “Privacy Rule”) protects individually identifiable health information held by “covered entities.” The information protected is referred to as protected health information or PHI. The Privacy Rule permits covered entities to disclose PHI for a variety of purposes including to (a) treat patients; (b) identify, locate and notify family members, guardians, or anyone else responsible for an individual’s care; (c) obtain the services of disaster relief agencies; (d) conduct public health activities; and (e) prevent or lessen serious and imminent threats to health or safety.