Mayo Clinic Newsletter Subscriber Sues Over Violation of Utah Privacy Law
A Mayo Clinic newsletter customer received a “barrage of unwanted junk mail” after the Mayo Foundation for Medical Education and Research rented or sold information about her subscription purchase to third parties, alleged a privacy class action Tuesday (docket 4:24-cv-00033) in U.S. District Court for Utah in Salt Lake City. The suit alleges Mayo violated Utah’s Notice of Intent to Sell Nonpublic Personal Information Act (NISNPIA).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Sherry Teresa of Springdale, Utah, bought a subscription to Mayo Clinic Health Letter in January 2004 and wasn’t informed that the foundation “rents, sells, exchanges, or otherwise discloses for compensation” subscribers’ private purchase information to third parties, said the complaint.
To "supplement its revenues,” Mayo rents and sells for money, exchanges for data, and “otherwise discloses for compensation” its customers’ names, addresses and other personal information to data aggregators, data appenders, data cooperatives, list brokers, political organizations, “aggressive direct-mail advertisers,” and nonprofit organizations without customers’ written consent, the complaint said.
The “unlawful” practice is “dangerous” because it “allows for the targeting of particularly vulnerable members of society,” the complaint said. During the period Teresa subscribed to Mayo Clinic Health Letter, the defendant disclosed her private purchase information to unauthorized third parties, “who then supplemented that information with data from their own files,” it said. The foundation disclosed lists with Teresa’s private purchase information “to third parties seeking to contact Mayo’s customers for their own independent business purposes,” it said.
"When companies like Mayo share information with data aggregators, data cooperatives, and direct-mail advertisers, they contribute to the ‘[v]ast databases’ of consumer data that are often 'sold to thieves by large publicly traded companies,’” putting “'almost anyone within the reach of fraudulent telemarketers’ and other criminals,” said the complaint, citing a 2007 New York Times article.
Such practices are “particularly dangerous to the elderly,” said the complaint, saying older Americans are often at home, rely on delivery services and “are lonely for the companionship that telephone callers provide.” Many older people also have assets to spend on “seemingly attractive offers,” it said, referencing a “black market” where “the private information of vulnerable elderly Americans is exchanged.”
That makes information disclosures such as Mayo’s “particularly troublesome because of their cascading nature,” said the complaint. Once marked as receptive to a specific type of spam, consumers like Mayo’s subscribers can then be “bombarded with similar fraudulent offers from a host of scam artists,” it said.
Teresa seeks an award of $500 for her and each class member for each time Mayo failed to provide them with notice as required by NISNPIA in relation to their private purchase information, said the complaint. She also seeks prejudgment interest, attorneys’ fees and legal costs.