In 2003 the deal was simple: The players would submit to anonymous steroid testing, and if more than 5 percent tested positive, real testing with real penalties would begin in 2004.
But in 2003, the tests were going to be (A) anonymous and then (B) destroyed. Those were the rules of engagement, and in any civilized contest, the rules of engagement are critical. Everything has rules of engagement, even something as life-or-death as war. Ever heard of the Geneva Convention? Those are rules of engagement, and it’s something we are expected to follow — even against a war-time enemy we literally want to kill.
Somebody broke the rules of engagement with A-Rod. Baseball and the union were supposed to destroy the tests in 2003. If there was a master list linking each test to a specific player, that list was supposed to be destroyed, too. This was serious stuff, this confidentiality, and only because it was so serious did players like Alex Rodriguez submit to it. (“A-Rod should sue sinister system that snagged him,” CBS Sports)
So there’s an obvious violation of the contract, which may or may not have specified damages. Are there other torts here?
It seems that given the nature of the literally irreparable harms to reputation that privacy invasions can entail, the law may or may not have reasonable remedies here. (Note that I said irreparable, not un-compensatable or even of great magnitude. Even if it turns out that the tests were flawed, A-Rod’s reputation will be permanently sullied by those who remember the initial burst of news.)
The idea that your privacy contract is fungible and flexible inhibits the creation of a real market differentiation around privacy. If a company can change the rules at any time, why bother reading what they say today?
What should the law say about this?
[Update: Dan Solove has very interesting follow-on analysis in " A-Rod, Rihanna, and Confidentiality."]