February 24, 2012
RadioShack May Be Liable for Accessing Images from Recycled Customer Cellphone -- Steele v. RadioShack
[Post by Venkat Balasubramani]
Steele v. RadioShack Corp., 11-14021 (E.D. Mich.; Feb. 3, 2012)
Steele bought a new phone at RadioShack, after which a RadioShack employee transferred the data from Steele’s old phone to his new one. Steele also left his old phone at RadioShack for recycling. After Steele left, RadioShack accessed his old phone and viewed personal information, including photographs which Steele took at his worksite. RadioShack forwarded these photos to Steele’s employer. As a result, Steele was fired.
The parties' arguments are muddled, and the court expresses its displeasure at the “inaccurate, insufficient, and jumbled arguments from both sides.” Steele at least brought a claim for common law intrusion into seclusion, which required him to show (1) the existence of private and secret subject matter; (2) that the plaintiff had a right to keep private; and (3) access of the information by defendant through means objectionable to a reasonable person.
The court focuses on the second and third elements, finding that RadioShack did not raise the first element sufficiently in its initial moving papers. As to the second element, RadioShack appeared to argue that giving the phone to RadioShack for recycling somehow terminated Steele’s right to keep the information private, but the court rejects this argument:
[RadioShack’s argument] is illogical – it says that a customer has no right to keep personal information private once he allows RadioShack access to it during the course of business. If his court embraces this argument, then RadioShack would not have any liability for disclosing personal credit card information it obtained while processing a sale. Customers routinely give personal information in order to process transactions – information that they would expect to be disposed of and kept private, not distributed to whomever the store feels like giving it to.
RadioShack also argued that Steele fails to satisfy the third element (that the information was accessed in a way that was offensive to the reasonable person). The court rejects this argument as well, noting that a reasonable person who gave his or her cellular phone to someone with the understanding that the device would be destroyed or recycled does not consent to access of the personal information on the device. The court says that this is a question for the jury and not amenable to resolution at the motion to dismiss stage.
In contrast to the privacy tracking lawsuits, the plaintiff in this case alleges that his private information was actually disclosed to a third party and ended up causing him harm. The case brought to mind other cases where customer information was not properly disposed of: Pinero v. Jackson Hewitt and Putnam Bank v. Ikon Office Solutions. In both of those cases the claims failed for lack of out-of-pocket loss or even actual disclosure of the data to third parties. Here, the plaintiff alleged both of these things.
Posted by Venkat at February 24, 2012 09:40 AM | Privacy/Security