/ THE BUSINESS OF PARKING /LEGAL
Protecting Parking Patrons’ Personally Identifiable Information By Michael J. Ash, Esq., CRE
ARKING PAYMENT TECHNOLOGY HAS ADVANCED from the spare change in your wallet to an
In the digital realm, protected personally identifiable inStoring Information formation (PII) includes names, license plate numbers, email The treatment and storage of PII is highly regulated at the addresses, phone numbers, vehicle nicknames, passwords, federal level. A digital service provider has an obligation to and home addresses. Hackers and digital scammers spend reasonably handle consumer data and to use reasonable a lot of time and effort atdata security measures under the tempting to infiltrate digital Gramm–Leach–Bliley Act’s impleplatforms to steal PII for menting regulations, 16 C.F.R. § criminal enterprise, resulting 314 (the “Safeguards Rule”), which in billions of dollars of losses “sets forth standards for develdue to identity theft and oping, implementing, and mainfraud. The failure to propertaining reasonable administrative, ly secure customer PII can technical, and physical safeguards create liability to a digital to protect the security, confidenservice provider for reckless tiality, and integrity of customer or negligent disclosure. information” and “applies to the Individuals have a right to handling of customer information privacy. To protect individual by all financial institutions[.]” 16 privacy rights, most jurisC.F.R. § 314.1(a)-(b). dictions throughout the U.S. The Safeguards Rule “applies The Federal Trade Commission (FTC) recognize four common law to all customer information in [a has concluded that a company’s failure financial institution’s] possession, invasion of privacy claims: ■ Appropriation of likeness. to maintain reasonable and appropriate regardless of whether such infor■ Intrusion on solitude mation pertains to individuals with data security for consumers’ sensitive or seclusion. whom [a financial institution has] a personal information is an “unfair ■ Public disclosure of customer relationship, or pertains private facts. to the customers of other financial practice” in violation of the FTC Act. ■ False light. institutions that have provided In addition to the criminal fraud that results from illegally such information to [the subject financial institution].” 16 disclosed PII, consumers may also spend precious time and C.F.R. § 314.1(b). The Safeguards Rule requires financial instimoney trying to resolve identity theft issues. When digital tutions and entities who act on behalf of financial institutions security breaches occur and become disclosed to the conto “develop, implement, and maintain a comprehensive inforsumers, class action litigation can arise to seek damages for mation security program that is written in one or more readthe improper dissemination of PII. ily accessible parts and contains administrative, technical,
8 PARKING & MOBILITY / AUGUST 2021 / PARKING-MOBILITY.ORG
app on your phone hosted in the cloud. Digital parking apps and services provide ease and convenience to both parties to a digital parking transaction. However, while feeding quarters in a parking meter is a rather anonymous transaction, the use of a digital platform for a parking transaction requires a user to provide, and a company to store, personal and financial information of its users. This creates a duty for parking technology providers to properly secure and safeguard highly valuable, protected personally identifiable information.