When providing identity information and other personal and private information to organizations and entities, it is done contingent upon certain expectations about how that information will be used. It is generally taken completely for granted that the basic rights and guaranteed protections of law afforded to individuals and their identity information will be respected by credible organizations.
The NCIDP has found that this trust is misplaced more often than not.
The Identity Information User License Agreement (IIULA), as the NCIDP has standardized it, puts into legal terms and written legal contract those expectations. It also serves formal notice of the laws to anyone handling the identity information, depriving them of claims of ignorance of those laws and the protections that those laws guarantee.
The IIULA gives notices of the rule of law as applicable across the entire United States, dealing with Federal court case law and other nationally applicable law. State laws may vary and may offer additional protections (which are generically invoked by the IIULA wherever they exist and offer such additional protections), but State laws cannot contravene any of the nationally applicable legal standards noticed in the IIULA. Moreover, the relevant case law is largely well-settled Constitutional law establishing rights that cannot be infringed even by acts of the Federal Congress, and that are significantly protected against all but amendments to the U.S. Constitution.

http://ncidpolicy.org/iiula.html I haven't had the need to use this but it makes sense to me. It might be the right thing to take to the locals and have them sign one before any other chance encounters.