Consumer privacy has been in the news again lately because of a new law in California aiming to increase and safeguard it. Consumer privacy is information privacy as it relates to the consumers of goods and services, including biometric data, sleep habits, buying habits, and other details of a person’s life. Of course, we all know that there is really no such thing as privacy, as most homes now have a SIRI, Alexa, or Echo listening and recording every word. And if Silicon Valley is up to the task, these home assistants may soon be recording everything you think. Even so, we all subscribe to the quaint notion that companies with whom we do business and who collect our private information keep it private, at least when we ask them to do so. It is a lovely, if entirely bogus, thought.
An interesting issue for rental dealers arises when a third party makes a payment on a customer’s account.
The new California law—the California Privacy Act—becomes effective January 1, 2020, and covers companies who satisfy at least one of these qualifiers: (1) does at least $25 million in annual gross revenues; or (2) possesses personal information of 50,000 or more consumers; or (3) earns more than half of its annual revenue from selling consumers’ personal information. The law as written will exclude most mom and pop businesses, a comfort to many. However, details of the law have not been finalized, as the statute gives authority to the CA attorney general to adopt regulations to flesh out the law, and toward that end, the attorney general’s office is holding public hearings around the state in December for feedback before issuing its regulations. You can read a complete summary of the California statute at http://bit.ly/2NUSo0A.
Lest you smile because you are a small business or do not do business in California, know that every state has laws governing consumer privacy and data breaches along with information on what companies must do if their consumer data is compromised.
Rental dealers often capture private consumer information from customers and potential customers. It is captured on the rental application or rental orders. Dealers need this information to assess the honesty of their customers and decide whether to do the deal in question. Some dealers are in the habit of collecting the customer’s social security number, although whether that information is necessary is open for debate. Dealers typically do not run credit, which would require the social security number, and dealers who get it argue that they need it for skip tracing purposes should the need arise. The debate over social security numbers will not get resolved in this article, but know that it is an issue. This is because a consumer’s social security number is a key element, if not the key element, in identify theft, and without that crucial number, identity thieves usually cannot get very far.
An interesting issue for rental dealers arises when a third party makes a payment on a customer’s account. The receipt that prints out has a great deal of private consumer information on it: account number, account balance, renewal date, item rented, plus name, address, telephone number and perhaps email addresses of the customer—all of which is private consumer information under the laws of most states.
Suppose that Mom, who is not on the agreement, comes in to make a cash payment on the Xbox account for her cellar-dwelling son. Should the dealer give her the receipt? Granted, she already knows more than she wants about her son, but is she really the Mom? Did the dealer ask for ID? Did the addresses match up? Suppose instead of Mom, it is a complete stranger who claims to be a friend of your customer, but has a handful of cash. Even if Mom checks out, it is safer to hold the receipt for the son, the customer, or to email it to him. The dealer can plead privacy issues to Mom when she demands a receipt.
As an industry, we are pretty good at safeguarding our customer’s private information. Our customers are valuable assets and we want to keep them close. We want them to be repeat customers, and perish the thought of ever selling customer lists to anyone unless to cash in on the business once and for all and retire.
Even though there is really no privacy anymore, as the digital world knows all of your dark secrets, the law pretends that there is such a thing as privacy of consumer information, and for the time being at least, we all have to play along.
Ed Winn III serves as APRO General Counsel. For legal advice, members in good standing can email legal@rtohq.org.