PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

X-ray

The other day, I blogged about the TB patient who flew to Europe and back with the knowledge that he had a rare form of TB. The media had been reporting on the case for a while, and the man’s name was not identified until a day or two ago, when a number of stories began including his full name and photograph, as well as the name and photographs of the woman he married (including photos from his wedding).

Although I find the man’s conduct to be irresponsible, I don’t think it was appropriate to identify him. I bet that revealing his name will result in threats and attempts at vigilantism, possibly putting him and his family at risk of harm. It will also severely hurt his reputation and perhaps even his career. Some might say that he deserves such consequences, but I believe that the most appropriate sanctions are legal, not extra-legal. I have blogged extensively about my thoughts about such community mob “justice” here [link no longer available].

Was it appropriate for the media to publish his name and photograph? The name and photograph of his wife? I am curious about how his name got leaked. If one of his physicians released it, or if a government official at the CDC or elsewhere released it, he might have a cause of action for breach of confidentiality or public disclosure of private facts.

UPDATE: Dissent (a commenter to my post) points to an AP story that provides an answer to how the man’s identity was revealed. According to the AP:

The tuberculosis patient under the first federal quarantine since 1963 is a 31-year-old personal injury attorney who practices law with his father in Atlanta, a federal law enforcement official said Thursday.

The official, who asked to remain anonymous because he was not authorized to talk about the case, identified the patient as [name]. A medical official in Atlanta also confirmed the patient’s name on condition of anonymity.

Barring facts I’m unaware of, such a disclosure by the government official seems improper and probably illegal. It might well be a violation of the TB patient’s constitutional right to information privacy. The confirmation of the patient’s identity by the medical offical in Atlanta would be a breach of confidentiality. It is surprising that these individuals disclosed the man’s name. They clearly knew better, as the federal official indicated he wasn’t supposed to speak about the case and the medical official requested anonymity. This strikes me as a willful disregard for the law, and I hope that these officials will be punished, let alone successfully sued by the TB patient.

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01