For more than a century, both statutory and common law have recognized that a cause of action may arise when a person’s private information is wrongfully revealed or misused.1 Historically, these “privacy torts,” such as breach of confidence, public disclosure of private facts or falselight publicity, have arisen when a single plaintiff claims her privacy was violated because of the disclosure of her personal information.2 While general principles of negligence may apply to such actions, more frequently, the
privacy torts do not consider the reasonableness of the person’s actions in disclosing the information, but instead focus on the impact of the disclosure on the affected person. These torts, moreover, were rarely encountered by most practitioners due to their unique application.
The electronic collection of personal information, however, is transforming these obscure torts and reinvigorating them in a way that all practitioners may encounter them in the future. Government agencies and businesses now maintain confidential information, including financial and medical data, concerning millions of people. Because that information may be maintained on a single storage device that could be lost, stolen or hacked into, private information about millions of citizens may find its way into the hands of a third party – instantaneously. Not only is the loss of personal information offensive to the
person who entrusted it to another, the information can be used in a variety of unsavory ways to harm that individual, the most publicized being identity theft.3