National Academies Press: OpenBook

Privacy Issues with the Use of Smart Cards (2008)


Page 16
Suggested Citation:"IV. STATE PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
Page 16

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

17 Certain functions were transferred to the Director of National Intelligence in 2007.130 IV. STATE PRIVACY LAW An exhaustive compendium of all state privacy laws is beyond the scope of this project. This section instead summarizes several relevant state Constitutional provi- sions, laws, and regulations. Legislation has been in- troduced in a number of States, including California, Massachusetts, Missouri, and Utah to regulate RFID.131 A. Constitutional Law Though the U.S. Constitution does not explicitly use the term “privacy,” many state Constitutions do. Most address it indirectly, by protecting individuals from warrantless searches and seizures.132 A few, like Cali- fornia, explicitly define privacy as an “inalienable right.”133 B. Common Law There are several cases involving Smart Cards and RFID technology in the context of satellite television piracy134 or patent infringement.135 However, no federal or state cases have addressed the issue of “Smart Cards” in the context of privacy, or indeed, in the con- text of transit usage. In their seminal article in the Harvard Law Review, Samuel Warren and Louis Brandeis proclaimed what has become the fundamental principle of American pri- personally identifiable information, and (C) submit such guide- lines to the President for approval through the Director of OMB, the APHS-CT, and the APNSA. Such guidelines shall not be in- consistent with Executive Order 12333 and guidance issued pursuant to that order. (ii) Each head of an executive department or agency that pos- sesses or uses intelligence or terrorism information shall ensure on an ongoing basis that (A) appropriate personnel, structures, training, and technologies are in place to ensure that terrorism information is shared in a manner that protects the information privacy and other legal rights of Americans, and (B) upon ap- proval by the President of the guidelines developed under the preceding subsection (i), such guidelines are fully implemented in such department or agency. See 1216-10.html (Last visited Nov. 14, 2007), and %20Plan.pdf (Last visited Nov. 14, 2007). 130 72 Fed. Reg. 18561 (Apr. 13, 2007). 131 Brito, supra note 3. 132 For example, South Carolina’s Constitution protects indi- viduals against “unreasonable searches and seizures and un- reasonable invasions of privacy.” S.C. CONST. Ann. art. I, § 10 (2005). 133 CAL. CONST art I, § 1 (2006). 134 See, e.g., Direct TV v. Ellebracht, 2002 U.S. Dist. Lexis 27260 (2002). 135 See, e.g., Leighton Technologies v. Oberthur Card Sys- tems, 358 F. Supp. 2d 361 (2005). vacy law: the "right to be let alone."136 Dean Prosser used the Warren and Brandeis methodology to identify four separate “privacy” torts: (1) appropriation of an- other’s name or likeness, (2) intrusion on personal se- clusion, (3) public disclosure of private embarrassing facts, and (4) publicity that places an individual in a false light.137 They all have been embraced by the Re- statement (Second) of Torts,138 and in most of the states’ common law. C. Statutory Law Texas appears to be the only state to have explicitly addressed privacy requirements for Smart Cards. The Texas statute addresses the use of health information, not transit information. Still, it is instructive of how privacy concerns may be addressed. It limits the class of persons having access to gathered information and the type of information that can be accessed, and provides that storage and communication of information com- plies with privacy laws. Specifically, the Texas Health and Human Services Commission is authorized to con- solidate a cost-effective method for recipient identifica- tion and benefit issuance, including the use of Smart Cards, provided that it: (2) ensure that all identifying and descriptive information of recipients of each health and human services program included in the method can only be accessed by providers or other entities participating in the particular program; (3) ensure that a provider or other entity participating in a health and human services program included in the method cannot identify whether a recipient of the pro- gram is receiving benefits under another program in- cluded in the method; and (4) ensure that the storage and communication of all identifying and descriptive information included in the method complies with existing federal and state privacy laws governing individually identifiable information for recipients of public benefits programs.139 However, a number of states have enacted public re- cord laws modeled on the Federal Freedom of Informa- tion Act, which include exemptions for the dissemina- tion of information that would constitute an unwarranted invasion of personal privacy.140 The New York statute provides a detailed definition of what may constitute an unwarranted privacy invasion: i. disclosure of employment, medical or credit histories or personal references of applicants for employment; ii. disclosure of items involving the medical or personal records of a client or patient in a medical facility; iii. sale or release of lists of names and addresses if such 136 Samuel Warren & Louis Brandeis, The Right to Privacy, 4 HARV. L. REV. 193 (1890). Norian, supra note 108, at 803. 137 William Prosser, Privacy, 48 CAL. L. REV. 383 (1960). 138 Restatement (Second) of Torts §§ 652A–652I. 139 TEX. GOV'T CODE § 531.080, et seq. provides for the poten- tial use of Smart Cards in the State Medicare program. 140 See, e.g., CAL. GOV’T CODE § 6254; FLA. STAT. § 119.01; 5 ILCS § 140/7; LA. REV. STAT. § 44.1; N.Y. CONSOL. LAW Pub. 0 § 87(2)(b); TEX. GOV’T CODE § 552.001; VA. CODE ANN. § 2.2- 3705.7.

Privacy Issues with the Use of Smart Cards Get This Book
 Privacy Issues with the Use of Smart Cards
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Transit Cooperative Research Program (TCRP) Legal Research Digest 25: Privacy Issues with the Use of Smart Cards examines basic privacy issues associated with the acquisition and storage of financial and trip data associated with the use of a transit smart card. The report explores who can access the data collected, what data may be accessed and under what conditions, and how the information can be used.


  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook,'s online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!