by Daniel J. Solove
In Sorrell vs. IMS Health, 131 S. Ct. 2653 (2011), the Supreme Court struck down Vermont’s Prescription Confidentiality Law as a violation of the First Amendment right to free speech. The Vermont law restricted the sale and marketing use of information that would identify prescribers without their consent. The Supreme Court reasoned that the Vermont law “enacts content- and speaker-based restrictions on the sale, disclosure, and use of prescriber-identifying information.” According to the Court, the statute made content-based restrictions because it singled out marketing, and the statute made speaker-based restrictions because it focused on pharmaceutical manufacturers. The Court stated: “The law on its face burdens disfavored speech by disfavored speakers.”
I sometimes hear commenters state that Sorrell imposes strong First Amendment limits to privacy laws. But Sorrell will likely not have a major impact on privacy regulation. The Court repeatedly chastised the law for singling out pharmaceutical marketing – a classic content-based speech restriction. Ironically, had the law been broader or more neutral toward the types of speech it was regulating, it likely wouldn’t have posed such a problem. Indeed, the Court nodded approvingly to the HIPAA regulations as a contrast to the problematic law struck down in Sorrell. HIPAA is one of the most extensive and restrictive of privacy laws, so if HIPAA is the Supreme Court’s ideal, then most of privacy law will be just fine.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.