Imagine a doctor has published your most personal information online because that doctor didn't like your opinions of their medical services. Sounds like something far-fetched or science fiction? Nope. This is exactly what happened to Glenn Hagele, a patients' advocate. According to Glenn's web site:
"Glenn Hagele created a nonprofit Lasik patient advocacy organization to help inform the public of the potential risks and benefits of Lasik surgery. The Council for Refractive Surgery Quality Assurance that Glenn Hagele founded evaluates Lasik doctors to determine if their outcomes are at or above the norm. The organization's sister website Complicated Eyes assists those who have poor Lasik outcomes."
Like many people, Glenn believes the individual should have control of their personal information. According to the news release at the VNUNet.com site:
"Within weeks of notifying authorities of what he believed to be bankruptcy fraud, Glenn Hagele, of Sacramento California, learned that archived government documents with his private identity information were being published on the internet."
Apparently, one doctor didn't like Glenn's advocacy effort and retaliated by posting Glenn's most sensitive personal data (e.g., name, birthdate, SS#) on the internet. Some call this type of retaliation "cyber assassination." Obviously, it's meant to intimidate and to cause harm. And it created risks for Glenn where identity thieves could abuse his personal data and wreck his finances.
Glenn took action, researched the situation, sued the doctor, and won. From the VNUNet.com news release:
"A US court had ordered that the personal details of a Californian man be removed from the web, ruling that the information was posted online in retaliation for him blowing the whistle on a bankruptcy fraud case. In a civil lawsuit, Hagele alleges Lauranell Burch, a staff scientist at the National Institute of Health (NIH), used secure government computer resources to manage and hide ownership of the websites controlled through a Thailand intermediary."
Glenn was kind enough to provide a link to the new North Carolina law -- named the Burch Clause. I congratulate the North Carolina legislature for passing the Burch Clause.
This story is important for two reasons. First, consumers should have control over their personal data. Burch did not have Glenn's consent to publish his personal data on the internet, or anywhere else. Second, there has to be penalties when individuals (or companies) willfully publish an individual's personal information without their consent and with intent to harm or intimidate. The North Carolina legislature obviously agreed.
I expect that Glenn will closely monitor his credit reports and financial accounts. And If Glenn becomes an identity theft victim, I expect that he will sue Burch for reimbursement of both credit restoration and credit monitoring costs to repair any damage -- as the North Carolina law allows.
Hopefully this law will be the start of a new trend in privacy legislation. It's written with two very consumer friendly features: it has an individual suit provision, and it includes statutory damages. While I posted more legal details at http://ephemerallaw.blogspot.com/2007/12/new-north-carolina-privacy-protection.html the upshot is that laws like this could help consumers avoid some of the problems that they have faced pusuing claims based on exposure of personal data.
Posted by: William Morriss | Thursday, December 20, 2007 at 08:25 AM