U.S. consumers have little actual control over how companies collect, use, and disclose their personal information. This Article identifies two specific instances of this lack of control under U.S. law related to third-party disclosures, what I call the Incognito and Onward Transfer Problems. It then identifies the types of privacy harms that result and examines the advantages and possible drawbacks of a model law aimed at addressing these specific problems. The model law is based on a system of consumer notice and choice, the predominant method used in the U.S. to provide consumers with control over their information. Up until this point, however, this method of providing control has largely failed, and this Article seeks to address some of its failures. This Article argues that while notice and choice may be useful in addressing some information privacy problems (such as the two identified in this Article), it is not appropriate for all information privacy problems. No one-size-fits-all approach is adequate. Instead, each information privacy problem must be isolated and treated in its proper context.