About Us
Most are familiar with the venerable Latin axiom, “caveat emptor” – let the buyer beware. Well, in today's world, the advertising and marketing of goods and services is no longer a free-for-all. Laws and regulations address what sellers can say, to whom, when and how – and what they can do with the information they collect. This blog looks at those rules and at how they are being enforced and interpreted.
Topics
Recent Posts
- Shape Up Substantiation or Tone Down Claims
- Redbox and Robert Bork
- FTC Approves COPPA "Safe Harbor" Program
- “App Law”: Development Continues
- Police Surveillance - There's An App For That?
- Prepare To Be Inundated? Supreme Court Affirms Federal Jurisdiction of TCPA Suits
- Nutella: Part of a Tasty Balanced Breakfast, Just Like Chocolate Syrup
- Redbox Revisited: Just What Is An Electronic Transaction?
- The Brave New World of Internet Domains
- Judge Orders Clorox to Bury Deceptive Kitty Litter Ad
Evan T. Lee
etl@avhlaw.com
View Bio
View Posts
Evan practices in AVH’s Litigation and Regulatory group, where he focuses on defending consumer class actions, as well as advising on advertising, marketing, and other issues.
Is Best Buy Stalking You?
In 1989, 21-year old Rebecca Schaeffer had just starred in a rather unsuccessful CBS sitcom called My Sister Sam. CBS canceled the show in 1988 due to exceptionally low ratings, but Ms. Schaeffer’s TV career was on the rise.
Unfortunately for Ms. Schaeffer, a stalker, Robert John Bardo was becoming increasing obsessed with her. Mr. Bardo hired a professional investigator to obtain Ms. Schaeffer’s address through the California Department of Motor Vehicles. The investigator provided the address to Mr. Bardo, who subsequently shot and killed Ms. Schaeffer.
While this was the most high profile incident resulting from relatively lax state DMV privacy policies, it was not the only one. From only a license plate number, thieves tracked down addresses of wealthy luxury car owners, abortion protestors obtained addresses of individuals who parked in abortion clinics, and other stalkers found where their obsessions called home.
What does this have to do with Best Buy? Well, Congress’s reaction to these incidents was The Driver's Privacy Protection Act (“DPPA”). The DPPA makes it unlawful “for any person knowingly to obtain or disclose personal information from a motor vehicle record . . . “ unless it is for a permitted use under the DPPA. The statute allows for actual damages or liquidated damages in the amount of $2,500 (whichever is larger), in addition to punitive damages, attorneys fees and injunctive relief.
On November 22, 2011, a class action lawsuit, Siegler v. Best Buy Co. of Minnesota, Inc., No. 9:11-cv-81292-KLR was filed in the United States District Court for the Southern District of Florida, alleging violations of the DPPA. The plaintiff, Steven Siegler, purchased a computer mouse but decided to return the mouse the next day. According to Mr. Siegler, when he returned the mouse:
The Best Buy Cashier asked Plaintiff to see his driver’s license, which Plaintiff assumed was to confirm he was the same person as his receipt indicated; however, the Best Buy Cashier immediately upon taking possession of Plaintiff’s Florida Drivers’ License, without notice or warning, “swiped” Plaintiff’s Florida Driver’s License at her register.
Plaintiff demanded that his personal information be deleted and the transaction be reversed, but the Best Buy Cashier and Best Buy Store Manager refused, indicating to Plaintiff that they were unable to do so. Further, the Best Buy Cashier and Store Manager could not explain what information was taken from Plaintiff’s Florida Drivers’ License.
Complaint, ¶¶ 11-12.
For its part, Best Buy’s policy does indicate that some information is required in the event of a return:
Best Buy tracks exchanges and returns on an individual level. When you exchange or return an item, we require a valid form of ID (see below). Some of the information from your ID may be stored in a secure, encrypted database of customer activity that Best Buy and its affiliates use to track exchanges and returns.
As mentioned above, the DPPA allows a person to obtain motor vehicle information if it is for a “permissible use.” The DPPA lists 14 such uses, including use of the information (1) in the normal course of business, but only to verify the accuracy of personal information; and (2) in research activities and the production of statistical reports, but only if the information is not “published, redisclosed, or used to contact individuals.” 18 U.S.C. §§ 2721(b)(3), (5). The DPPA also contains a consent exception. See 18 U.S.C. § 2721(b)(11). Best Buy undoubtedly will rely on these exceptions in defending against Mr. Siegler’s claims.
Regardless, Best Buy’s potential liability is staggering. The proposed nationwide class is defined as all persons who have had their information taken “without consent” (presumably via the same merchandise return policy) from November 21, 2007, to the present. It is safe to say that $2,500 multiplied by the number of returns that Best Buy has processed in this period would be a fairly large number.
This lawsuit should serve as a warning to sellers and merchants who plan to, or already do, take information from customers’ driver’s licenses. Of course, a national corporation like Best Buy has little in common with a deranged stalker like Mr. Bardo. But in terms of civil liability under the DPPA, they would be treated the same.