Towards the end of one of the plaintiffs' depositions, counsel summoned me.

Counsel for Marriott had typed the deponent's email address into a computer program on the Internet. Proving the truth of the adage that “there's an app for that,” this program yields an indication that theIparticular email address was a victim in the data breaches listed in the program. Thus, if I typed into the program my email address, it would yield the name of all the data breaches in which my email address was one of the email addresses that were subject to the breach.

Plaintiffs’ counsel insisted that this was a disclosure that violated the Stipulated Protective Order, ECF 270. The order defines the information that the parties deem to be “highly confidential.” That definition includes an email address that is deemed to be "Personally Identifiable Information." ECF 270, para 1 (b) and (k).

The question then presented is: did what plaintiffs’ counsel did a disclosure under the protective order? Under the order, the persons subject to the order may disclose information designated as confidential only to certain persons for certain purposes. The order has to mean that any disclosure of confidential information not permitted by the order violates that order.

The order does not define the word “disclosure” in its definitional section. According to the dictionary, to “disclose” is to make known. The Compact Oxford English Dictionary (2d ed 2003). In my view, Marriott's counsel did not disclose the email address. The deponent knew it, and Marriott's counsel had already learned of it. There was, therefore, no disclosure that occurred because Marriott’s counsel typed it into the program.

Additionally, the code of the computer permitted the user access to the data when the user input the address. And the address then evaporated when the consumer closed the website. I do not believe that is a "disclosure," as that word should be interpreted to understand the prohibitions in the Protective Order.

Finally, Marriott's counsel showed me the guarantee contained in the website that the information used to access whether or not one's email address has been hacked is not kept by the program. The program does not capture the information so that a human being can see it. The disclosures that are prohibited by the order are disclosures to human beings. ECF 270, section 6. That is the denotation of the word “disclose” in the order.

I end with a word of caution. I am specifically relying on the representation in the program, which I saw, that the information is not kept. If the information the user input into the program is kept and is retrievable by any other person, I might reach a different conclusion. For present purposes, I recommend that the court conclude that this was not a prohibited disclosure.