Iggy Azalea became the butt of many jokes this week when she ranted on Twitter about a Papa John's pizza delivery guy giving out her phone number, but her pizza feud exposes data-privacy issues. If you've ever ordered food online or paid for an item with a credit card, your phone number and even the names of your children could be handed off to a third party—and it's all legal.
We also may keep track of your food preferences and restaurant choices and analyze that information in order to send you special advertisements, offers and notices regarding foods and restaurants that seem to fit with your preferences.
If you have a papajohns.com account and do not want to receive emails from us telling you about great eDeals, Contests or other promotional offers in the future, please let us know. You can change your preferences, or opt out of receiving emails from us, at any time (except when you are in the process of placing an order) by going to My Account Information on the log in page. There, you can update your email address, phone numbers, password, address and you can uncheck the "Send me special offers from Papa John's" box. Our emails to you will stop within 5 business days and we will not thereafter provide other merchants the means to contact you by e-mail about their Contests or other offers.
According to Dixon, the vague language about "other merchants" is industry code for selling consumer information. Customers' information can end up on marketing lists on sites like NextMark, which publishes everything from lists of people with bipolar disorder to lists of "Yuppie Investors." Anyone can go online and buy one of these consumer-data lists.
"If people haven't done a financial modernization opt-out, your most recent transactions are most likely on that list," Dixon said. "It's actually shaping people's opportunities in life. It's not just advertising. Whether you buy too many clothes online can affect the cost of your health care."
Opting out is tedious, but it's the only way to protect the privacy of personal information from data brokers. Opt-outs exist to keep your banking records from being shared, to keep telemarketers at bay, and to keep your name off marketing lists.
If Azalea wants to sue Papa John's because an employee gave his brother her number, she may have an uphill battle. According to attorney Carrie Goldberg of the Cyber Civil Rights Initiative, states follow varying consumer-data-breach laws.
"These laws mainly aim to prevent identity theft in a commercial context, and have limited use when it comes to protecting personal privacy, such as when intimate images, diaries, or other personal information falls into the wrong hands," Goldberg told me over the phone. "So if the delivery guy just got her name and phone number off the receipt, these laws wouldn't be triggered, but if the pizza was ordered online and the information was accessed along with, say, her credit card information, it could trigger a reporting requirement."
Since Azalea has a permanent residence in California, she would struggle to sue Papa John's using the data-breach law, Goldberg said. But the state does have a strong law barring "unfair and deceptive business practices," which Goldberg said puts responsibility in companies' hands when they bring harm to a customer.
"If Iggy issues a formal notification and Papa John employees are still bothering her, she could seek damages and an order demanding they stop," Goldberg said. "In all likelihood, the hassle and expense of pursuing litigation may well outweigh the benefits that Iggy could receive from whatever harm she claims befell her from this pizza guy going rogue."
Follow Mary Emily O'Hara on Twitter.