Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

What You Need to Know About Address Confidentiality Programs

By Erin Jane Illman, Rachel M. LaBruyere & Leah M. Campbell on March 16, 2020
Email this postTweet this postLike this postShare this post on LinkedIn

What You Need to Know About Address Confidentiality Programs

The High-Stakes Compliance Risk You Probably Haven’t Heard Of

This is the first installment in Bradley’s series on Address Confidentiality Programs.

While many businesses have been focused on CCPA compliance, there is another set of state privacy laws that may be flying under your organization’s radar. These lesser known statutes are often referred to as “Safe at Home” or address confidentiality programs (ACPs). ACPs are state-sponsored programs designed to protect victims of crimes such as domestic abuse, sexual assault, stalking, or human trafficking from further harm. By keeping victims’ home, work, and/or school address confidential, ACPs act as a shield to prevent perpetrators from finding – and continuing to harm – their victims. ACPs operate by providing a “designated address” for victims to use instead of their physical (or actual) address. When used properly, the designated address diverts a victim’s mail to a confidential third-party location (often a P.O. Box and/or a “lot number”), after which a state agency forwards the mail to the victim’s actual address. Additionally – and perhaps most importantly – ACPs prohibit those with knowledge of a victim’s location information from disclosing it to other parties.

In 1991, Washington state was the first to adopt an ACP law and, since then, dozens of states have followed suit. Right now, 38 states have ACP statutes on the books, with a handful more states considering similar bills. And while in most states ACP obligations apply only to government agencies, some of those state statutes apply to the private sector. Among a growing (non-exhaustive) list of those states is Indiana, Iowa, Minnesota, Maryland, and Wisconsin.

This is where your work comes in. Do you know whether your company is complying with requests from ACP participants? Do you know how many of your customers or clients are ACP participants? Had you even heard of ACPs before this blog post? If you aren’t sure how to answer those questions, don’t panic — there is a clear path forward.

State ACPs are administered by either the state’s attorney general or the secretary of state, depending on the jurisdiction. The administrator promulgates rules for ACPs, accepts applications for inclusion in ACPs, assigns designated addresses, and forwards correspondence (including service of process) to participants. The administrator also serves as a resource for private companies and others seeking guidance on how to comply with the local ACP.

While the rules vary from state to state, there are a few baseline commonalities to build from. For starters, your company needs a clear way to flag clients who have either (a) given you a designated address; or (b) given notice of their participation in an ACP program. Many states provide participants with ACP membership cards that, when provided during a transaction (for example when opening a bank account), put the company on notice that it must use the designated address. Once a customer is flagged as an ACP participant, it is important to ensure there are processes in place to only communicate with that customer using the designated address. Depending on the state, other obligations are also invoked, such as the requirement not to disclose the customer’s personal information to third parties, or the requirement to obtain consent before using the customer’s actual address (and then, the requirement to only obtain consent for a necessary business purpose.)

If this sounds complicated, that’s because it is. But that is no reason to ignore ACPs. Not only are these programs growing exponentially in the states where these laws are on the books, but more states are also primed to pass similar laws and apply these laws to private businesses. ACPs are not going away and your planning now could save you from liability in the future and – quite frankly – could even save lives.

Stay tuned for our next few installments about ACPs – we will discuss more about the details of assessing applicability and risk, getting your program started and practical suggestions for compliance.

Photo of Erin Jane Illman Erin Jane Illman

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly…

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.

Read more about Erin Jane IllmanEmail Erin Jane's Linkedin Profile
Show more Show less
Photo of Rachel M. LaBruyere Rachel M. LaBruyere

Rachel LaBruyere is a privacy and litigation associate in Bradley’s Charlotte office. She regularly advises clients on CCPA and GDPR compliance issues. Before joining Bradley, Rachel served as a Legal Intern in the United States Attorneys’ Office and an Appellate Litigation Intern in…

Rachel LaBruyere is a privacy and litigation associate in Bradley’s Charlotte office. She regularly advises clients on CCPA and GDPR compliance issues. Before joining Bradley, Rachel served as a Legal Intern in the United States Attorneys’ Office and an Appellate Litigation Intern in the Office of the General Counsel at the Equal Employment Opportunity Commission. Prior to law school, Rachel spent more than five years managing digital strategy for technology companies.

Read more about Rachel M. LaBruyereEmail Rachel's Linkedin Profile
Show more Show less
Photo of Leah M. Campbell Leah M. Campbell

Leah Campbell is a senior attorney in the Banking and Financial Services Practice Group. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. She has advised national mortgage servicers…

Leah Campbell is a senior attorney in the Banking and Financial Services Practice Group. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. She has advised national mortgage servicers on FDCPA claims, loan finance companies on UDAAP claims, and banks on OFAC- related issues.

In addition, Leah has provided intellectual property guidance in M&A and corporate structuring matters and advised on GDPR implementation and cross-border encryption issues.

Read more about Leah M. CampbellEmail Leah's Linkedin Profile
Show more Show less
  • Posted in:
    Financial
  • Blog:
    Financial Services Perspectives
  • Organization:
    Bradley Arant Boult Cummings LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Boston ERISA & Insurance Litigation Blog
  • Stridon News and Insights
  • Taft Class Action & Consumer Insights
  • Labor and Employment Law Insights
  • Age of Disruption
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo