An expensive lighter?

A few days ago a student sent me an email that raises interesting questions about data privacy. She’s given me permission to post her question and my response here. I’ve edited her email for brevity and anonymity.

I have a law question for you. Last night I was at a bar and these marketing people from Philip Morris are coming around. They scan your license onto their computer to make sure you are 21, then you sign the digital computer they have with them saying you are a smoker and you get a free Zippo lighter, which is worth more than your average lighter. I am not a smoker but my friend said that he had done it all the time and it was fine and that it was just for marketing purposes. I told the promoter I was not a smoker but she said just to say I am and I get the free lighter. I felt uneasy about it but the woman told me it is just for demographics and everything. One of their questions asked what kind of cigarettes I smoke. I said I don’t know, she said “Marlboro Lights” and my friend answered “sure.”

She also gave me a privacy card. Under personal information it says:

We collect information you submit to us and maintain information on your activity with us. We may obtain information from others to verify your age to ensure you are 21 years of age or older. We may obtain additional information about you, such as demographic and lifestyle information, from others.

Under uses it says:

We use the information you submit to add you to our adult smoker mailing list and send you promotional materials, to provide you with items you request from us, to verify the information you have submitted to us, to customize offers to you, and to communicate with you. We do not sell or share information about you with others for their own marketing. We share your information with vendors we’ve hired to perform services for us.

There is a number I can call to take myself off the mailing list where you have to say your name, address, and birth date and I assume they will take you off. I just tried to do it online but I guess my name is not in the system yet.

Other important information says:

We take steps to protect the information you provide against unauthorized access and use. This statement does not apply to,, or which have their own privacy statements.

My question to you is did I put myself in serious legal trouble? Can I be screwed out of getting health insurance if I say I am a nonsmoker?

This is my response:

I don’t think you have anything to worry about, but you aren’t crazy for asking these questions.

It is highly unlikely that your response to the “do you smoke” question will wind up in the hands of your insurance company. If it should–a huge if–then just tell them the truth. You answered the question “yes” because you wanted a free lighter. The context in which you answered the question (in a bar, in response to a promotion) is hardly one calculated to produce meaningful, truthful responses that would stand up to cross-examination in court. Keep the lighter and relax.

I agree that this scenario raises very troubling questions. While it is unlikely your answer will wind up with your insurance company, it is not impossible. Bits of our personal data are scattered about among dozens of databases. It’s a small step–lots of computing power, perhaps, but conceptually a small step–to link those bits together. Right now marketing companies are conducting most the data mining that we know of. (The National Security Agency may be compiling our data for other purposes.) Knowing that I own one espresso machine, two dogs, and three fly rods is useful information to Lilly, PetCo, and Orvis. According to the Phillip Morris privacy policy, the company won’t sell your data to third parties for their own marketing purposes, so Bic should not suddenly deluge you with offers to purchase Bic lighters. Phillip Morris has a strong business interest in keeping its list of smokers from insurance companies. We Americans are pretty complacent about the privacy of our personal information, but imagine the response if Phillip Morris, Budweiser, and Krispy Kreme released detailed customer lists to the health insurance industry. You’d see Congress swing into action.

The language you questioned about disclosure required “by law” applies to data disclosure compelled through litigation, or otherwise in response to a subpoena or other legal process. It doesn’t cover requests by insurance companies for customer data, and their curiosity is not sufficient grounds to justify responding to a subpoena.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.