The FTC may be able to exercise its authority under GLBA or Section 5 of the FTC Act to pursue claims of unreasonable data security practices if it finds that social security numbers were being used as passwords for consumers to authenticate their identity. [See Solove and Hartzog, FTC and the New Common Law of Privacy, 114 Columb. L. Rev. 583 (2014)]. Many states, including Minnesota, have passed laws that restrict the use and dissemination of social security numbers. There is much variety in what the various state laws provide. Some states prohibit the request of a social security number to complete a transaction. Other states mandate a formal privacy policy for any entity that collects social security numbers.
The Driver’s Privacy Protection Act (DPPA) [18 U.S.C. §§ 2721-2725]
The DPPA was enacted in 1994 and amended in 2000 to protect the privacy of personal information gathered by state departments or bureaus of motor vehicles. The DPPA was passed in reaction to the murder of an actress, Rebecca Schaeffer, who had been stalked by someone who had freely obtained her personal address from a publicly available state database that held drivers’ records. The DPPA allows plaintiffs to recover damages for each time the DPPA is violated. In 2012, a former female police officer in Minnesota filed a lawsuit claiming that 100 fellow officers invaded her privacy when they looked up her driver’s license photo in a database at least 400 times. She received a settlement payment of about $665,000 from several Minnesota cities where police officers had allegedly accessed her record.
Video Privacy Protection Act (VPPA) [18 U.S.C. § 2710]
The VPPA was passed after a newspaper obtained and published information about the video rental records of the Supreme Court nominee Robert Bork. The VPPA was enacted before video-streaming technology existed but has been found to apply to online services. The
54
Made with FlippingBook - Online Brochure Maker