For lawyers seeking a cause may I suggest....


http://www.schneier.com/blog/archives/2004/12/the_digital_per.html

Last week I stayed at the St. Regis hotel in Washington DC. It was my first visit, and the management gave me a questionnaire, asking me things like my birthday, my spouse's name and birthday, my anniversary, and my favorite fruits, drinks, and sweet. The purpose was clear; the hotel wanted to be able to offer me a more personalized service the next time I visited. And it was a purpose I agreed with; I wanted more personalized service. But I was very uneasy about filling out the form.

It wasn't that the information was particularly private. I make no secret of my birthday, or anniversary, or food preferences. Much of that information is even floating around the Web somewhere. Secrecy wasn't the issue.

The issue was control. In the United States, information about a person is owned by the person collects it, not by the person it is about. There are specific exceptions in the law, but they're few and far between. There are no broad data protection laws, as you find in the European Union. There are no Privacy Commissioners, as you find in Canada. Privacy law in the United States is largely about secrecy: if the information is not secret, then there's little you can do to control its dissemination. ....

See link for more.