National Academies Press: OpenBook
« Previous: VII. Whether State Data Breach Notification Laws Apply to Transportation Agencies
Page 40
Suggested Citation:"VIII. Remedies at Common Law for Invasion of Privacy." National Academies of Sciences, Engineering, and Medicine. 2016. Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public. Washington, DC: The National Academies Press. doi: 10.17226/23586.
×
Page 40
Page 41
Suggested Citation:"VIII. Remedies at Common Law for Invasion of Privacy." National Academies of Sciences, Engineering, and Medicine. 2016. Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public. Washington, DC: The National Academies Press. doi: 10.17226/23586.
×
Page 41
Page 42
Suggested Citation:"VIII. Remedies at Common Law for Invasion of Privacy." National Academies of Sciences, Engineering, and Medicine. 2016. Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public. Washington, DC: The National Academies Press. doi: 10.17226/23586.
×
Page 42

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

40 “long recognized the common law tort of invasion of privacy,”549 have relied on William Prosser’s four bases on which a claim in tort may be made for an invasion of privacy: “(1) the intrusion upon anoth- er’s seclusion or solitude, or into another’s private affairs; (2) a public disclosure of private facts about the individual; (3) publicity that places someone in a false light in the public eye; and (4) the appropriation of another’s likeness for the defendant’s advantage.”550 Although New York551 and Virginia552 do not recognize a common law right to privacy, Arkansas, Alabama, California, Delaware, the District of Columbia, Indiana, Iowa, Michigan, Minnesota, Missouri, New Jersey, South Carolina, Texas, Vermont, and Washington are among the jurisdic- tions that do recognize a right to privacy at com- mon law.553 7. Miscellaneous Provisions Nevada’s statute on the Security of Personal Information provides for a right of action by the data collector, rather than a right of action against the data collector.544 The Wisconsin statute provides only that when there is an unauthorized acquisition of personal information, the “[f]ailure to comply with this section is not negligence or a breach of any duty, but may be evidence of negligence or a breach of a legal duty.”545 VIII. REMEDIES AT COMMON LAW FOR INVASION OF PRIVACY A. States that Recognize an Invasion of Privacy at Common Law The disclosure of private facts when a disclosure would be offensive and objectionable to a reasonable person may give rise to an action in tort for an inva- sion of privacy.546 Although a violation of the right to privacy may create a cause of action, a plaintiff must meet the elements of the tort to maintain a claim.547 As discussed in Section IX.A, even if an individual alleges a privacy claim at common law against a transportation agency, in some states the agencies would have sovereign immunity. Some courts have adopted the Restatement of Torts (Second) as the basis for an action for an invasion of privacy.548 Michigan courts, which have 544 Nev. Rev. sTaT. § 603A.900 (2015) (stating that “[a] data collector that provides the notification required pursu- ant to Nev. Rev. sTaT. § 603A.220 may commence an action for damages against a person that unlawfully obtained or benefited from personal information obtained from records maintained by the data collector” and recover damages, reasonable costs of notification, reasonable attorney’s fees and costs, and punitive damages when appropriate”). 545 Wis. sTaT. § 134.98(4) (2015). 546 Opperman v. Path, 87 F. Supp. 3d 1018, 1062 (N.D. Cal. 2014). 547 Ruffin-Steinback v. De Passe, 82 F. Supp. 2d 723, 734 (E.D. Mich. 2000) and Rycroft v. Gaddy, 281 S.C. 119, 124, 314 S.E.2d 39, 43 (1984). 548 Eric S. Pasternack, HIPAA in the Age of Electronic Health Records, 41 RUTgeRs L.J. 817, 831 (2010) [hereinafter Pasternack] (citing Thomas J. Smedinghoff, The Emerging Law of Data Security: A Focus on the Key Legal Trends, 934 pRacTisiNg LaW iNsTiTUTe 13, 22 (2008)). See Dwyer v. Am. Express Co., 273 Ill. App. 3d 742, 652 N.E.2d 1351 (Ind. App. Ct. 1995) (holding that based on the Restatement (Second) a credit card issuer’s compilation of a customer’s personal information and dissemination of customer lists to third par- ties was not a breach of privacy) and Lewis v. LeGrow, 258 Mich. App. 175, 188, 670 N.W.2d 675, 685 (Mich. Ct. App. 2003) (stating that “[t]he Legislature has not defined what constitutes an invasion of privacy, but when interpreted in light of the common-law right to privacy, it is clear that it includes keeping sexual relations private”). 549 Dalley v. Dykema Gossett, PLLC, 287 Mich. App. 296, 788 N.W.2d 679, 686 (Mich. Ct. App. 2010) (citing Lewis v. LeGrow, 258 Mich. App. 175, 670 N.W.2d 675 (2003)). 550 Lewis v. LeGrow, 258 Mich. App. 175 at 193, 670 N.W.2d at 687 (citing William Prosser, Privacy, 48 caL. L. Rev. 383, 389 (1960)). See also Ross v. Trumbull County, 2001 Ohio App. LEXIS 495, at *1 (2001). 551 See Burck v. Mars, Inc., 571 F. Supp. 2d 446, 450 (S.D. N.Y. 2008). Although New York does not have a common law right to privacy, there is a statutory right to privacy against commercial appropriation. See also Lohan v. Perez, 924 F. Supp. 2d 447, 453 (E.D.N.Y. 2013); Allison v. Clos-Ette Too, 2014 U.S. Dist. LEXIS 143517, at *1 (S.D.N.Y. Sept. 15, 2014), report and recommendation adopted sub nom., 2014 U.S. Dist. LEXIS 143066, at *1 (S.D.N.Y. Oct. 7, 2014); and Hunt v. Conroy, 2014 U.S. Dist. LEXIS 52305, at *1 (N.D.N.Y. Apr. 16, 2014). 552 Wiest v. E-Fense, Inc., 356 F. Supp. 2d 604, 612 (E.D. Va. 2005). 553 See Phillips v. Smalley Maintenance Services, Inc., 711 F.2d 1524, 1533 (1983) (“Since 1948, beginning with the case of Smith v. Doss, 251 Ala. 250, 37 So. 2d 118 (1948), Alabama has recognized the tort of ‘invasion of the right to privacy.’”); Milam v. Bank of Cabot, 327 Ark. 256, 937 S.W.2d 653 (1997); Metter v. Los Angeles Examiner, 35 Cal. App. 2d 304, 95 P.2d 491 (1939); Peay v. Curtis Pub- lishing Co., 78 F. Supp. 305 (D.D.C. 1948); State v. Holden, 54 A.3d 1123 (Del. Super. Ct. 2010); Davis v. General Finance & Thrift Corp., 80 Ga. App. 708, 57 S.E.2d 225 (1950); Continental Optical Co. v. Reed, 119 Ind. App. 643, 86 N.E.2d 306 (1949); Bremmer v. Journal-Tribune Pub- lishing Co., 247 Iowa 817, 76 N.W.2d 762 (1956); Tate v. Woman’s Hops. Found., 56 So. 3d 194 (La. 2011); Dalley v. Dykema Gossett, PLLC, 287 Mich. App. 296, 788 N.W.2d 679, 686 (2010) (quoting Lewis v. LeGrow, 258 Mich. App. 175, 670 N.W.2d 675 (2003)); Meyerkord v. Zipantoni Co., 276 S.W.3d 319 (Mo. App. 2008); Frey v. Dixon, 141 N.J. Eq. 481, 58 A.2d 86 (1948); Holloman v. Life Ins. Co., 192 S.C. 454, 7 S.E.2d 169 (1940); Russell v. American Real Estate Corp., 89 S.W.3d 204 (Tex. App., Corpus Christi 2002); Pion v. Bean, 2003 VT 79, 833 A.2d 1248 (2003); and Mayer v. Huesner, 126 Wash. App. 114, 107 P.3d 152 (2005).

41 2. Intrusion upon Seclusion A second cause of action for an invasion of privacy for disclosing personal data is for intrusion upon seclusion. The tort of intrusion upon seclusion does not require a showing that a disclosure was made to the general public.561 In an Arkansas case, the court observed that the tort of intrusion requires “specific intrusive action as opposed to disclosing private information.”562 In California, there must be proof of an “intrusion into a private place, conversation or matter…in a manner highly offensive to a reason- able person.”563 In Rhoades v. Penn-Harris-Madison School Corporation,564 a federal court in Indiana held that an intrusion claim requires physical con- tact or an invasion of a plaintiff ’s physical space.565 In Watkins v. Cornell Companies, Inc., a case in which the plaintiffs sued for intrusion upon seclu- sion but knew they were being filmed, a federal court in Texas held that [i]ntrusion on seclusion requires proof of (1) an intentional intrusion, physically or otherwise, upon another’s solitude, seclusion, or private affairs or concerns, which (2) would be highly offensive to a reasonable person. …Liability does not turn on publication of any kind. The core of the tort of invasion of privacy is the offense of prying into the private domain of another, not the publicity that may result from such prying.566 There are various defenses to a claim for intrusion, including that the plaintiff did not intend to keep the information private; that under the circumstances the plaintiff did not have a reasonable expectation of pri- vacy; or that the plaintiff voluntarily and without any coercion consented to the disclosure.567 Under Penn- sylvania law, an intrusion claim cannot exist when “a defendant legitimately obtains information from a plaintiff.”568 In Doe v. Di Genova,569 a federal court in the District of Columbia held that there is no claim for B. Invasion of Privacy There are four potential bases for a claim in tort for an invasion of privacy that may apply to an unauthorized use or disclosure of personal data: public disclosure of private facts, intrusion upon seclusion, misappropriation, and false light.554 Not all states that allow a claim for invasion of privacy recognize all four types of claims. 1. Public Disclosure of Private Facts Although some states recognize “the tort of invasion of privacy based on [an] unreasonable public disclo- sure of private facts,”555 it appears that most jurisdic- tions require that a disclosure of personal information must have been made to the general public, “usually through the media.”556 For a claim to be actionable, the disclosure has to have revealed, for instance, “‘unpleas- ant or disgraceful or humiliating illnesses’ or ‘hidden physical or psychiatric problems.’”557 For example, in Lake v. Wal-Mart Stores Inc.,558 concerning the publication of nude photos by Wal- Mart employees, the court stated: Lake and Weber allege in their complaint that a photograph of their nude bodies has been publicized. One’s naked body is a very private part of one’s person and generally known to oth- ers only by choice. This is a type of privacy interest worthy of protection. Therefore, without consideration of the merits of Lake and Weber’s claims, we recognize the torts of intrusion upon seclusion, appropriation, and publication of private facts. Accordingly, we reverse the court of appeals and the district court and hold that Lake and Weber have stated a claim upon which relief may be granted and their lawsuit may proceed.559 However, a tort action for public disclosure is unlikely to succeed if the injury from a disclosure is minimal.560 554 Restatement (3d) of Torts. See Martha Tucker Ayres, Confidentiality and Disclosure of Health Information in Arkansas, 64 aRk. L. Rev. 969, 994 (2011) (footnote omitted) [hereinafter Ayres]. 555 Joy L. Pritts, Altered States: State Health Privacy Laws and the Impact of the Federal Health Privacy Rule, 2 yaLe J. heaLTh pOL’y L. & eThics 325, 331 (2002) [herein- after Pritts] (citing, e.g., Ozer v. Borquez, 940 P.2d 371, 377 (Colo. 1997) (stating that “[t]he requirement of public dis- closure connotes publicity, which requires communication to the public in general or to a large number of persons, as distinguished from one individual or a few”) and Lake v. Wal-Mart Stores Inc., 582 N.W.2d 231, 235 (Minn. 1998) (establishing the common law right to privacy in Minne- sota, including the torts of “intrusion upon seclusion, appropriation, and publication of private facts”). 556 Ayres, supra note 554, at 995 (stating that a recovery in tort for an invasion of privacy is limited as the disclo- sure or communication must be “to the public at large”); see Pritts, supra note 555, at 331. 557 Pasternack, supra note 548, at 833 (footnote omitted). 558 582 N.W.2d 231, 235 (Minn. 1998). 559 Id. 560 Pasternack, supra note 548, at 833 (footnote omitted). 561 See Restatement (Second) § 652(B). See also Reid v. Pierce County, 136 Wash. 2d 195, 206, 961 P.2d 333, 339–340 (1998). 562 Dunbar v. Cox Health Alliance, LLC, 446 B.R. 306, 313–314, 2011 Bankr. LEXIS 812 (E.D. Ark. 2011). 563 Grant v. United States, 2011 U.S. Dist. LEXIS 61833, at *1, 20 (E.D. Cal. 2011) (citing caL. civ. cOde § 47(b)), adopted by, claim dismissed, 2011 U.S. Dist. LEXIS 78119, at *1 (E.D. Cal. 2011). 564 574 F. Supp. 2d 888 (N.D. Ind. 2008). 565 Id. at 907–908 N 3. 566 2013 U.S. Dist. LEXIS 66376, at *1, 21–22 (N.D. Tex. 2013) (citations omitted) (internal quotation marks omitted) (emphasis added). 567 Ayres, supra note 554, at 995 (footnotes omitted) 568 Steinberg v. CVS Caremark Corp., 899 F. Supp. 2d 331, 342–343 (E.D. Pa. 2012). 569 Doe v. Di Genova, 642 F. Supp. 624, 632 (D. D.C. 1986) (holding that under the Privacy Act, Doe was entitled to an order prohibiting the release of records).

42 (PennDOT) regulation that required health care professionals to inform PennDOT of every patient older than 15 who had certain designated medical conditions that could affect a patient’s ability to drive a vehicle.577 The plaintiff argued that the regu- lation violated privacy rights and would cause indi- viduals to avoid seeking medical care to assure that they would not lose their driving privilege.578 In Pennsylvania, although patients have a right to pri- vacy in their medical information, the courts use a seven-factor test to balance the individual’s inter- ests against the state’s interests in public health and safety.579 The court held that “the privacy inter- ests of [the plaintiff ’s] patients are outweighed by the state’s compelling interest,” because the “opera- tion of vehicles on Pennsylvania roadways compels a broader consideration of issues than those asserted by” the plaintiff.580 The court also held, inter alia, that the plaintiff lacked standing.581 3. Claims for Appropriation or False Light Because they are mentioned in the Restatement, privacy claims based on misappropriation or false light will be noted briefly. For a plaintiff to make a claim for misappropriation or for false light, a plain- tiff ’s information must have been revealed to the public by the media, the same element that is usu- ally required for a claim for a public disclosure of private facts.582 C. Applicability of a Common Law Right of Privacy to Transportation Agencies In the absence of constitutional or statutory rem- edies, tort law must be used to remediate a violation of a claimed right to privacy.583 One commentator argues that there are several problems in respect to the use of the common law of torts for a privacy vio- lation arising out of a disclosure of data collected by ITS and other technology.584 First, it is difficult to predict how the courts would apply the principles previously discussed because “there is no reported court decision regarding tort liability for invasion of privacy in a context similar to ITS.”585 Second, for there to be a claim, the intrusion when an intrusion is reasonable under the circumstances or when an intrusion is not “serious.” One issue for an intrusion claim is whether a dis- closure is sufficiently offensive. In Cooney v. Chicago Public Schools,570 involving a firm’s disclosure of personal information on former Chicago public school employees, the court, in ruling that there were no actionable claims, drew a distinction between personal information and private informa- tion. Names and Social Security numbers are per- sonal information, but the court held that their dis- closure was not “facially embarrassing and highly offensive….”571 One case was located for the digest in which the court held that the complaint stated a claim against the Secretary of the North Carolina DOT for intru- sion into seclusion. North Carolina recognizes the tort of intrusion into seclusion. In Toomer v. Garrett,572 the plaintiff alleged that the secretary disclosed and distributed the contents of Toomer’s personnel file to the media, thus violating the plaintiff ’s right to pri- vacy.573 Although the state, its agencies, and officials who are sued in their official capacities usually are immune from claims under North Carolina law, the court held that the action was allowable because of the plaintiff ’s allegations of malice and bad faith on the part of the DOT officials.574 Therefore, the defen- dants were not “entitled to dismissal of plaintiff ’s claims for tortious invasion of privacy on the basis of official capacity immunity.”575 In Behar v. Pennsylvania Department of Trans- portation,576 the court held that the transportation department’s interest in public safety outweighed the plaintiff ’s interest in the privacy of the plain- tiff ’s medical information. The plaintiff challenged a Pennsylvania Department of Transportation 570 Cooney v. Chicago Public Schools, 407 Ill. App. 3d 358, 943 N.E.2d 23 (2010). 571 Id. at 367, 943 N.E.2d at 32. 572 155 N.C. App. 462, 574 S.E.2d 76 (N.C. App. 2002). 573 Id. at 466–467, 574 S.E.2d at 82. 574 Id. at 480–481, 574 S.E.2d at 91. 575 Id. at 481, 573 S.E.2d at 91. The court also held that the plaintiff’s complaint was sufficient to state (1) § 1983 claims for federal substantive due process and equal protection violations for injunctive relief against indi- vidual defendants in their official capacities and for damages in their individual capacities; (2) state sub- stantive due process and equal protection claims for injunctive relief against individual defendants in their official capacities; (3) a breach of contract claim against the State, NCDOC, and individual defendants in their official and individual capacities; and (4) ...invasion of privacy, gross negligence, and civil conspiracy against individual defendants in their individual capacities. Id. at 484, 574 S.E.2d at 93. 576 791 F. Supp. 2d 383 (M.D. Pa. 201). 577 Id. at 388. See also 67 pa. cONs. cOde § 85.6 (2015). 578 Behar, 791 F. Supp. 2d at 397. 579 Id. at 398. 580 Id. 581 Id. at 390–400. 582 Ayres, supra note 554, at 998, 1000 (footnote omitted). 583 Douma and Deckenbach, supra note 2, at 295. 584 Dorothy J. Glancy, Privacy and Intelligent Transporta- tion Technology, 11 saNTa cLaRa cOMpUTeR & high Tech. L.J. 151, 179 (1995) [hereinafter Dorothy Glancy]. 585 Id.

Next: IX. Whether Transportation Agencies Are Potentially Liable for a Disclosure of Data »
Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB's National Cooperative Highway Research Program (NCHRP) Legal Research Digest 71: Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public reviews the statutes, regulations, and common law regarding the release of data collected for transportation purposes. Included in this research are questions concerning the application of public records laws and the application of any constitutional, statutory, or common law privacy rights. The digest also researches and identifies statutes and common law dealing with the collection of data on the activities of the public, includes a literature search of topics addressing these issues, and also includes a search of state and federal laws focusing on this and similar topics.

Appendixes A through D provide background on the research effort.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!