Interesting Privacy Decision in New Hampshire

TCPALaw writes "A huge decision in privacy law was handed down today by the NH Supreme Court in the Amy Boyer case. Amy was stalked and killed by a man who got her personal information, including SSN, from an on-line information broker. Privacy groups such as EPIC have argued that access to sensitive personal information should carry with it liability for misuse, and can constitute a tort. The NH Supreme Court agreed. Now perhaps you can sue the spyware companies."

That's a bit cold...

Someone's been murdered and you're all smiles because you can go after some guys who send adds to your computer.

Re:That's a bit cold...

No, we saying at least we can prevent this from happening to our little sisters if we can sue the bastards that make it possible.

Re:That's a bit cold...

The implication is that spyware is where the information brokers get their information and assemble it. You can't data mine without data.

Re:That's a bit cold...

Once info is collected and sold, it doesn't matter. You think spyware companies keep that info all to themselves? They likely sell it for good money to whoever will target a certain demographic.

I say suing spyware companies is a good start. Just because "reputable" companies may not collect info, they almost certainly purchase info collected from disreputable ones.

Re:That's a bit cold...

No, it means you can sue "the bastards that make it possible."

I'm afraid it doesn't necessarily do a thing to prevent anything from happening to your little sister.

This is simply "Security through feeling good about what you can do after the fact and thinking through some sort of sympathetic magic that that prevents the occurance in the first place."

It doesn't work, it never has, because it's all about profit margins. Which is why they sell the information in the first place.

Dealing crack is a risky business. You could even get killed. People do it because of the profit potential. If you can make enough money selling information to cover the potential loses through the off chance of a law suit there are people who will be glad to do it. Hell, they can probably even arrange insurance to cover them for this, not to mention most the profits mysteriously ending up somewhere untouchable by the courts.

Shit is still going to happen.

KFG

Moderators

No, the post isn't Offtopic, nor is it Flamebait. The Amy Boyer murder was a tragic event and this case will allow the family some chance of holding the "information clearinghouses" liable for the information that they doled out for a healthy profit and Amy's life.

It has nothing to do with spyware. Making the connection of spyware to satisfy you personal conspiracy theorist mentality to this case revolving around a real and tragic event is just ridiculous. And, moderating the above comment Offtopic is just too typical.

Not cold at all

It's damn cold for the "information brokers" to freely trade in the most intimate personal information about you that they've gleaned/compiled/extracted. It's damn cold for this particular IB to have sold the info that led to this woman being killed.

It warms the heart to know that this largely unregulated industry might suddenly have the fear-of-financial ruin checking their irresponsible ways.

Re:Not cold at all

It's damn cold for the "information brokers" to freely trade in the most intimate personal information about you that they've gleaned/compiled/extracted.

Just a thought here... If you consider your SSN, age, address or even specific birthdate to be "intimate personal information" then you've been under a rock or are living in a fantasy world. The fact of the matter is that the SSN has been used and abused to such a point that it is unsafe to think of it as a private piece of information in any way other than an ideal sort of sense. Same thing goes with your birthdate, address, etc.

This point is illustrated by just how quick most people are to turn over their "personal information" , such as a SSN or birthdate, when asked for it by anyone from a gas-company customer-service phone-rep all the way to doctors offices and insurance agents. If something is so intimate and personal, then why are people so willing to give it out to anyone that asks? The fact of the matter is, in the case of a SSN, the only place it's legally required is in certain financial and employment situations. In all other cases, you have the legal right to decline to give that information...but most people don't.

As such, things like the SSN, here in America, have become simply publicly held bits of data that act as tokens to identify individuals in the sea of individuals. In many ways, a SSN is no more personal than a name, at least judging by the way its used.

I'll grant that a lot the current state of affairs comes from the very type of activities that the ruling in question deals with. That does not change the fact that many pieces of information that were once much more "private" are no longer that way in reality. I'll also admit that there is a whole additional realm of personal information that is still personal and that information brokers seek to collect and sell...and that covers such things as shopping or travel habits. Most people still seem to guard that data fairly closely and it still seems to be "private" in nature...but that too is likely to change.

In the end, no ammount of information control can make up for a lack of good-will or a scewed sense of morality (whatever you define that to be). Suing the information brokers for contributing to the death of that poor woman seems to be only getting at an intermediate variable (and one with big pockets) rather than focusing on the primary cause of the woman's death...that is, the person who stalked her and killed her.

Read the big picture

No, I'm glad that people who deal in raping privacy have to face legal ramifications to their behavior. I'm sorry it has taken many deaths to finally get the courts to start holding people responsible. The stalker that killed Amy was able to do it because information brokers believe they are immune from the law, and will sell ANYTHING to ANYONE. Search for "skip tracer" and see what you can buy.

I was horrified, but unfortunately not surprised at the death of Amy Boyer, Rebecca Schafer (who's home address was obtained from the DMV by a stalker's PI) and other women attacked by stalkers who were only able to find them through criminally lax data handling practices. My sister deals with sexual abuse victims, and one of the unfortunate pieces of advice she has to give them is to not register to vote, because the guy who may want revenge on them can use the voter registration roles to find the victim again. Other big companies simply don't give a damn about data security as long as they get paid. For example, I was a consultant in a case against Equifax, and it turned out that Equifax - storehouse of extremely personal and private data - never forces password changes on its customers... so if someone gets a userID and password, they can get in undetected for years if they are selective about using it, and it doesn't get noticed on the bill (and at $2 a pop for credit reports, pulling 2 or 3 extra a month for an office that gets hundreds, won't get noticed).

If people are lax about security of data they collect or use about you, they need to know that they can be prosecuted for it. The wild west of collecting and selling personal information without consent is going to come to a close.

Yellow Pages

In other news, the phone company is being sued becuase they list a person's address next to their name.

M@

Re:Yellow Pages

It however does not cost you anything to put your phone number under a different name. I could put my name under John Smith. Any phone calls that I receive for John Smith can easily be ignored then and it hasn't cost me a cent.

Re:Yellow Pages

Actually, the court ruled in a similar matter as part of this case. They ruled that information that can readily be found out by observation of public actions is not covered under privacy laws. The specific example in this case was the victim's work address; the Court ruled that since somebody could easily and legally watch you commute from home to work, you have no reasonable expectation of privacy in your work address. The same thing is undoubtedly true of your home address, license plate number, and any number of similar facets of your life.

Interesting movie angle

A few months ago I saw a movie with Ben Affleck and Samuel L. Jackson called Changing Lanes [imdb.com]. In it, Affleck's character contacts a guy that's supposed to be some sort of hacker in a tie, who immediately ruins Jackson's credit history using a computer (wow) and generally fucks up his life.

Because it involved something akin to identity theft, I thought it interesting, but until now I hadn't seen a real-life version. "Information broker", indeed.

Scary.

It seems only prudent. . .

. . .that "information brokers" of this sort have an implicit obligation to formally notify the objects of such searches, as to the nature of each search and the buyer. This still wouldn't protect someone who was using a "straw" buyer, but would go a long way to protect people from stalkers. . .

Ok, I smell the money

Seeing how everyone is getting rich selling private information, I am putting MY private information on sale right here on slashdot. YES, IT'S 100% LEGAL. You will get a signed, limited edition booklet with my address, phone number, SSN, credit card numbers AND the illustrated history of both my and my cat's love life with an invitation to add a new episode to either one. 10 booklets will be sold to the highest bidders, so take advantage of this unique opportunity and RESERVE YOUR COPY TODAY.

Re:It seems only prudent. . .

Actually, since I'm planning to start up as an "information broker" I should clarify this misconception.

Information brokers do not sell people's SSN's. Those are sleazy operations that are more akin to private investigators (sleazy ones) than IB's.

An IB is more like a freelance librarian - you call them up and ask them how many widgets were sold in Thailand over the last five years and they do the research and find out for you.

Sometimes they do competitive intelligence research which is a little closer to what the sleazy operations do, but still legal.

There is a national organization for IB's called
Association of Independent Information Professionals with a web site here [aiip.org]
which has the following Code of Ethics:

An Information Professional bears the following responsibilities:

Uphold the profession's reputation for honesty, competence, and confidentiality.

Give clients the most current and accurate information possible within the budget and time frames provided by the clients.

Help clients understand the sources of information used and the degree of reliability which can be expected from those sources.

Accept only those projects which are legal and are not detrimental to our profession.

Respect client confidentiality.

Recognize intellectual property rights. Respect licensing agreements and other contracts. Explain to clients what their obligations might be with regard to intellectual property rights and licensing agreements.

Maintain a professional relationship with libraries and comply with all their rules of access.

Assume responsibility for employees' compliance with this code.

I have a little problem with the "recognize IP rights" bit, but generally a legit IB ain't gonna sell you somebody's sister's SSN and address.

If only someone could die of SPAM

Yes, that comment is borderline morbid, and probably in bad taste. But it would garner media attention, and probably result in the laws being changed...

Re:If only someone could die of SPAM

Man crushed by immense penis. Film at eleven.

Yes indeed..

Because stalking and murdering someone counts as misuse, obviously, giving your name to a list which randomly sends e-mail also does. There's /. logic.

this is a good thing for safety in general

let alone possible implications for combating spam, this is a good ruling for our safety. there should be some liability for someone looking to obtain information like someone's SSN. I guess if any wackjob with a grudge can buy a social security number and mom's maiden name, it's good that they hold some liability for the actions they take with that information. ...it still doesn't make me feel that much better that any wackjob with a grudge can buy someone's SSN, though.

Can of worms

Yes, in theory we would love to sue spywear authors into oblivion. But I fear we are opening yet another can of worms.

I agree that companies that have access to your personal information should be held liable if they disclose the information, or are negligent in protecting that information (egghead.com comes to mind).

IAMAL, but more inportantly, judges are not congressmen, and I always have reservations when judges "create" law that legislators should have in the first place.

I can't swear that this is the case here, but with two years in the legal field, I still have trouble fully deciphering these rulings. (the fact that law can't be read by persons with average intellegence is yet a whole other subject).

Where does the liability go?

While an information broker should be responsible for their actions to some extent, I think the killer should be held responsible, and that nothing should dimish the clarity of that matter.

A great idea

I'd love to see companies held liable for damages caused by their keeping huge databases with credit card information just sitting online waiting to be hacked.

What about the reverse?

How about full, free disclosure on anyone (including celebrities and politicians, and people who don't want disclosure), and logs of who requests the data?

If all the info is available to everyone, and the knowledge of who is searching on you is known, what is the danger?

Obviously, I'm forgetting about identity theft and fraud - but we need better systems in place to prevent that anyhow.

Just a crazy thought. If everyone knows what they want to about anyone, doesn't that remove some of the reason for identity theft, and 'nosy nellies'?

Re:What about the reverse?

Coming from a corporate environment, I have to say that "Nosy Nellies" are a pretty big problem. People like to know stuff about their co-workers, bosses, etc. So, they look stuff up, and then they hit the rumor mill.
I do HR support, and I know of at least five cases where we fired someone for illegally accessing data (off of the HR database). Most of those were tech workers who were supporting HR machines and thought they'd find out what their co-workers made.
I know of about a dozen more cases where HR had to talk to people who were looking up information on their co-workers, and were harrasing them with it. And this is all very recent (last few years). Five years ago, I'd never heard of this kind of problem.

This may not a good thing.

I like the idea that "personal" information needs to be secure and the mishandling of it could lead to a lawsuit (only if there are damages). However, what constitutes "personal" information? A phone number? SSN? Address? If I inadvertantly gave the stalker directions to this person's house, am I liable?

Re:This may not a good thing.

If I inadvertantly gave the stalker directions to this person's house, am I liable?

Actully they addressed this in the ruling. The judges found that things such as Work and Home address are not considered private. As such, there is no liabity for giving out or selling this information.
What they did find to be a problem was calling a person, and using a false pretext (a lie) to get or confirm thier work address. Also, they found that obtaining a persons SSN from a credit report header, then selling it was a violation of privacy, and is therefore cause to bring a civil suit against the information broker.
If you haven't yet, I suggest reading the decision, its a bit heavy, but is very well thought out.

It's too bad that

It's too bad that someone had to die before the courts got involved. You'd think that the right to privacy would be a right.

As usual, quite limited

This is quite limited item; it covers the use of a information broker to call an individual to ask for their work address under the *wrong* pretext (a lie) and then sell the information they got based on this lie. It does not seem to cover stuff like selling information found in a credit report, or anything else like that.

You want to see something evil?

The Estonian ID card project gives away everyone's name and SSN if you have one of these (mandatory) ID cards and you have the web services enabled (most people do).

Just use your favourite ldap client to browse ldap://ldap.sk.ee (or just pop that into the "run" dialog box in windows) and voila - you got everyone's SSN that has one of these trinkets already. Including mine.

They claim it was in the contract when I signed it. Havent taken a look.

Does this mean ...

... that when the US gummint's TIA program hands the FBI info about someone with the same name as mine, and they pull a Jackson Games (or Limone/Salvati) caper on me, I can sue the government?

Thought not.

OTOH, I've seen an interesting explanation of the curious phenomenon of all those valuable medical studies coming out of Scandinavia in the past couple decades. It seems that they passed laws there that make the medical databases fairly open and accessible to researchers. They understood that this meant that the data would be fairly easily available to essentially anyone willing to hand a few kronor under the table. So they included some fairly severe punishment for misuse of this information. They especially punish employers for [pick your euphemism for firing] employees with medical problems. Supposedly the result has been to make the citizenry fairly supportive of access to medical data, and this is of obvious benefit to society.

Can't imagine this sort of "onerous government regulation" happening in the US, though. Except for occasional court cases like this, information about you and me is just a commercial commodity.

Funny this case was in New Hampshire. That's one of the more lassez-faire states. But then, it wasn't the legislature; it was a judge. It'll be interesting to see the followup.

Sue them all ?

Now perhaps you can sue the spyware companies.

After someone killed me ?

Alright that's it...

I'm linin' up all those damn spyware companies... What to sue them for... I'm not exactly sure...

CC LIability?

Would this include liability for charges made on a CC after the number was hacked out of a "secure" database?

all your info are belong to us

often, similar information can be pulled just as easily off of popular search engines, if the person is active online. are their search and archiving techniques the next to be contested?

Guns.

The murderer, who "kept firearms and ammunition in his bedroom", purchased information about where the victim worked from a company called Docusearch then proceeded to kill her, them himself.

The victim's estate goes after the search firm and wins. So we're to conclude that the selling of such vital information to the murderer is a punishable offense, at least in N.H. What about the people who sold him his guns? Seems to me that the weapon was at least as dangerous as the information, and each being fairly useless without the other.

Also, this guy "maintained a website containing references to stalking and killing Boyer".

Big lesson here: Google yourself.

-dameron

Two things.

I think there are at least two issues at hand here:
(1) You must pass a background check before you buy a gun. This is a legal device for clearing the seller of liability. There is no such equivalent amongst the major info-brokers.
(2) Apples and oranges. A core issue of privacy advocates is that information specific to me is my proprietary information. You have no right to sell it or otherwise distribute it without my permission. This information can be used to harm *me* specifically, and the fact that anyone can obtain it for a price is innately harmful to me. A gun has no specific target until you point it at someone.

Re:Guns.

What about the people who sold him his guns? Seems to me that the weapon was at least as dangerous as the information, and each being fairly useless without the other.

Is Mercedes liable for the death of the husband whose wife killed him by running him over? If this murder had been done with a kitchen knife, would Ginsu have been liable?

The tool he used to kill her is of far less import than the act of doing it. Someone bent on murder will use whatever is available. Gun, car, knife, golfclub, a rock.

Privacy and Information

A little background:
I work with a security and investigations firm and also work as a medical applications developer. This means i see both sides of the privacy issue. On the security and investigations side I routinely find out more information than you ever though was possible in your worst nightmares about people and their relationships. On the medical side I try to make it as difficult as possible (short of destroying the data) for non-authorized people to access information.

There is a large amount of data that is part of the public record that anyone can access and it is perfectly legal for them to do so.

Where you were born

Criminal record

Drivers license info

SSN#

Address

Tax Records etc.

I often wonder if people know how much of this information is available. I am not sure what the Justices were thinking as I have not read the case opinions at this point, but teh stalker could have just as easily gone to the public library and courthouse and found out teh same information. I personally would love to be able to have more anonimity. I dont think that the Govt. or anyone else should know where and when I travel, what websites I go to, what my email says or who I live with. But the sad fact is that America has historically been willing to give up these "rights" and "privacies" for temporary security. and this I think may be part of the result.

Accessory to a crime?

I live in the city where Amy Boyer was murdered, and my wife knows Amy's mother. We've (my wife and I) have talked about this case a lot, especially every time the Remsburgs appeared in a new newspaper article about their fight against the "information" companies.

As horrible as this crime was, it's not clear to either of us that if Liam Youens hadn't been able to buy the information on where Amy worked that she would be alive today. Youens knew where Amy lived, and he had been obsessed with her for years. It was just a matter of time.

I think what Docusearch did was slimy, and possibly illegal - especially the use of "social engineering" to trick Helen Remsburg into revealing information about her daughter.

The issue at hand is whether or not Docusearch, and similar companies, have an obligation to warn people when their personal info is sold to someone, especially when the purpose is unknown. I think it's well established that this sort of information is often used for heinous purposes - remember the case of actress Rebecca Schaffer, who was murdered by someone who bought her address from the California DMV!

In my opinion, the NH Supreme Court got this one right - Docusearch knows or should know that the primary use of the information they collect is NOT for the benefit of the subjects. They should have an obligation to inform the subject that the information has been collected and sold.

However, I think it is wrong to assign the blame for Amy's death on Docusearch. They were an "accessory to a crime", but did not commit the crime itself.

There are so many "what ifs" in cases such as this, that can have people tied up in knots for years. Youens had a web page up which gave fairly solid clues that he had it in for Amy Boyer. Did anyone in a position to do anything see this beforehand? Probably not...

As for spyware ("spywear"? Is that the watch with a poison dart?), I don't see an obvious connection with this case.

Re:Accessory to a crime?

However, I think it is wrong to assign the blame for Amy's death on Docusearch. They were an "accessory to a crime", but did not commit the crime itself.

This case had nothing to do with criminal liability whatsoever. Your whole "criminal accessory" statement is a non sequitur.

The case at hand is strictly a money damages tort case. Since the decision discussed whether a cause of action could arise for the five circumstances outlined in the decision, I suspect it was before the court on an appeal from a motion for summary judgment. A little procedural history from the court would have helped this decision out a great deal. I will assume that this was a motion for summary judgment which was appealed (although that could be wrong).

Every case needs three legs to stand up:

(1) a deep pocket to sue/collect from. The gunman is presumably worth little -- let's go after the business instead, and maybe an umbrella liability policy.

(2) clear liability. This is now settled by the court.

(3) good damages. Nothing beats a dead plaintiff except a sympathetic dead plaintiff that wasn't uneducated or black or gay or a drug user or a criminal. It sucks, but not every life is worth the same to a jury.

This case was missing the liability leg, but now that is in place and there is the potential for decent payday, depending on the assets of the business and/or its insurer.

Did anyone else notice the amicus brief filed by the New Hampshire Trial Lawyers Association? Do you think that they are trolling for more dead girls killed by stalkers? In some respects, this case is about the Benjamins.

I have nothing but sympathy for the family of the slain woman. My office does lots of family law, and I sometimes get worried not only about the clients, but the people in my office being targeted by some of these fucking wackos. One guy in my office gets letters regularly from someone who write things like "I know that one day you and your entire family will burn for eternity in a lake of fire for what you do."

On the other hand, private investigators serve a very useful function in locating people for process serving to initiate divorces and to collect child support. I have one working on finding a serial defrauder right now. I am not anxious for other state courts to adopt positions similar to the one adopted by New Hampshire.

FWIW, I am not sure of the New Hampshire rules regarding comparative or contributory negligence. I do not know what the joint and several liability rules are. Notably, the gunman was not sued, or at least the caption does not show this.

Youens knew where Amy lived, and he had been obsessed with her for years. It was just a matter of time.

This makes me wonder what the damages really were. Also, was tehre a PFA (protection from abuse, or NH's analogous procedure) in place? Did the killer simply ignore these? This case is interesting as a privacy issue, but also it serves as a warning to take bizarre, stalking-type behavior extremely seriously.

GF.

In the decision:

IANAL, but it appears that the decision is:

1) If you have non-public information (SSN, CC#, addresses, etc.) on someone, you are partially liable if you offer that to someone for a fee for what that person does with the information.

2) You can't obtain information on someone deceitfully and sell it.

#2 seems pretty obvious. #1 has a lot of implications for all these companies that have your mortgage records, etc., which IMHO is a good thing. In other words, "Quicken Loans" becomes an accomplice to a con artist if they sold that con artist a list of their outstanding loans and contact info.

This is not in any way talking about public info, though, so if you pay me $25 to get someone's phone number from the white pages, you can harass that person all you want and it won't come back to me. At least based on that decision.

Privacy and Identity theft

I think that this case (and subsequent appeal to the US Supremes, if that happens) will be a milestone precedent for privacy issues beyond its limited scope. This will be particularly so if/when this decision gets linked with the current government focus on identity theft by the FTC and other agencies [consumer.gov]. The key, as with many things, will be the timing. It may get lost for awhile behind Iraq, N. Korea, and the eoconomy, but I think the affects from this case will be long-term and far-reaching.

Great!

This is a fantastic way to (help) deal with a nasty problem... Instead of broad, over-reaching laws, make the companies liable for misue of the data, and therefore disinclined to collect it, and therby gain liability, in the first place. Of course, if the data is trully vital, they will still collect it, but will be much more likley to take steps neccesary to protect it properly. I think this approach works much better than a law against colecting it in certain/most cases.

Not all counts well decided

Although most of the decision is sound, I think that Duggan et al. got Question 4 of the decision wrong and a bunch of the reasoning of Question 5 wrong. Since they were wholesale changing the law on 4, there's no reason to artificially reserve the misappropriation of a name or likeness to a person's reputation or prestige, i.e., to celebrities. Jeezus, how many celebrities are in NH anyway, 2? They go to pains to talk about how widespread and damaging identity theft is and then close of the cause of action to a scant few. While Question 5 seems to cast an overly broad net. Jeez, anytime you make a call under a false pretext you're subject to a deceptive practices act!? No more calling the video store and asking "how late are you open" when all you wanted to know is if they're open right now. Jeez, no more prank phone calls unless you truly do want them to let Prince Albert out of his can.

Disagree With This Ruling Because...

1) There was no contract between the IB and anyone else (except maybe the stalker client) concerning protection of this information.

2) While obtaining the information using a pretext is sleazy, I don't see how this constitutes liability for the misuse of the information by a third party.

3) This seems to me to be just another attempt to spread liability around as a means to compel behavior that the legal system wants to occur without the formality of actually passing a considered law, i.e. bypassing the Constitution (Federal or State) and making law in the court. The criminal justice system doesn't like sleazy IB's, so they make them liable for something they have no control over.

4) When is the court ready to assign liability to cops and Feds who fake court orders, manufacture evidence, and otherwise abuse their responsibilities on a daily basis and thereby cause thousands of people to spend time in jail for crimes they did not commit? Oh, wait, I forgot - the criminal justice system is immune from prosecution for "screwups"...

This seems like a typical case of "something bad happened, we can't punish the guilty, so we'll find someone else - anyone else - and punish them.."

How is an IB supposed to verify their client's intentions? "Oh, excuse me, I really need this info so I can shoot my ex-girlfriend - or stalk Jodie Foster..." "Just check this block on the request form here: Will You Use This Info For Legal Purposes? YES: NO: "...

Or: "You realize, sir, that we have to ask you to turn over your criminal and mental health history to us, so we can verify that you will use this information only on a legal manner?"

Or worse, that if you ask for some innocuous info, that they then investigate YOU before investigating the subject...

Yeah, right...

The RIAA should listen up...

Forget CSS and the DMCA. Encrypt DVDs using some girl's social security number and most slashdotter's will support laws against spreading the circumvention key.

Not very surprising...

from a state whose motto is "Live free or die". Seriously, there are some things you just have to love about New Hampshire's "go away and leave me the hell alone" attitude.

Back in the day when door-to-door salesmen were popular, I'm sure few courts up there would have convicted anyone if they shot them for tresspassing. I wonder if they could be convinced to adopt a similar attidude to electronic door-to-door salesmen (e.g. spammers) ;-)

Disclaimer: Yes, I AM from New Hampshire.

Holy crap! NH did something right?!

Looks like I moved to Texas just in time!

The UK Data Protection Act

In the UK we have the Data Protection Act 1998. Basically it stipulates that if you want to hold personal data on someone you must by law be on the register of data controllers, see here. [dataprotection.gov.uk] It also stipulates you can only hold someones personal information so long as you have a bona fide reason for having that information (e.g. business relationship etc). If you are holding or using personal data without authority you are committing a criminal act and the company's data controller can be held personally liable to criminal action. It is also required that the data controllers tell the registrar what they do with personal data and they are then restricted to doing only what they said they would do. Failure to comply can lead to big fines and payment of compensation to the victim.

I personally have used the act many times to look at my data, all I do is pay £10 for costs and the company/organisation has to give me everything they have on me, including CCTV footage they may have of me (suitably modified so as to obscure the identifying features of other people). If I find something amiss I can complain to the Information Commisioner who has the legal powers to put it right and award me compensation. It would seem this sort of act would prevent a case like this, by effectively shutting down information brokers. Does no such similar act exist in New Hampshire or other states?

Private Eyes out of business?

A good percentage of private investigations are initiated by jealous lovers to uncover private information. There must be some predictable percentage of clients who use this information for illegal purposes.

Re:grrrr

Hello,

You don't know me (well, you might, you never can tell), I'm a crazed internet stalker.

I pick my victims by reading slashdot everyday and looking for people who get "first post!".

I'm sure you'll hear about me in the news someday -- everybody makes mistakes now and then! ;-)

Until then,

The first post stalker