You currently do not have JavaScript enabled in your web browser.
The ABA website relies on JavaScript for display purposes.
To fully experience the ABA site, please enable javascript.
Public Records, Public Policy, and Privacy - Human Rights Magazine, Winter 1999

Human Rights

Public Records, Public Policy, and Privacy

By Robert Gellman

A record of the interests, habits, travels, assets, and purchases of most Americans lies in government and private files, often unassembled like pieces of a jigsaw puzzle. Anyone who collects the pieces and puts them together can produce a profile that will surprise the data subject by its level of detail and chronological reach. Government records are the source of a considerable amount of this personal data.

The types of personal information collected by governments (and a likely source of the information) include:

  • Name and address (drivers license)
  • Home ownership (land title)
  • Mortgage loan (land title)
  • Value of home (property tax)
  • Size, price, physical description of home (assessments)
  • Parents and children (vital statistics)
  • Social Security Number (drivers license)
  • Height, weight, use of vision correction, selected medical diagnoses (drivers license)
  • Sex and date of birth (drivers license, vital statistics)
  • Occupational status (occupational and professional licensing)
  • Make, model, and loan for automobile (motor vehicle registration)
  • Political registration and voting frequency (voter registration)
  • Political contributions (federal or state election reporting)
  • Hobbies (hunting and fishing licenses)
  • Boat and airplane ownership (licenses)
  • Pet ownership (dog and cat licenses)

This list offers a good sample, but it is not exhaustive of the personal records maintained by government agencies. Court records are also a major source of individual data because criminal matters, divorces, and wills often place a wealth of personal details into the public domain.

Public Records

A public record is a record maintained by law, regulation, or practice by or for a unit of government that contains information that can be linked to an identifiable individual. The term "public record" is unfortunate in many respects because it implies that government records are necessarily in the public domain. In reality, disclosure of these records is often not mandatory.

The public’s view of public records has changed in recent years, influenced largely by technology. In the pre-computer era, legislatures casually designated state records as public with little concern about privacy. Protections were automatic because the records were hard to access and use. Those wanting to see drivers’ records, for example, usually had to go to the state capitol where paper records could be searched by hand. Privacy protections were inherent in the technology of paper, which made it difficult to exploit fully personal details

When states computerized records, the technological protections began to evaporate. Greater ease of use made records more valuable to more people, and some states decided to exploit their records by selling the information to marketers and others. Of course, practices and policies varied from state to state and from one record type to another. But some states were unable to resist the lure of new revenues that did not have to be extracted through the tax system.

The result of the availability of these records is that, increasingly, private companies take government information about consumers and combine it with other data from private sources. These other sources include credit card companies and credit reporting agencies, banks and insurance companies, physicians and health plans, airlines and travel agents, supermarkets and other retailers, video stores and cable television providers, telephone companies, and Internet service providers. The list of actual and potential record keepers includes virtually every institution that interacts with consumers, including nonprofit institutions.

In many cases, businesses accumulate information about their customers to provide better service. With modern information technology, however, the ability to use consumer information has expanded tremendously. Businesses no longer maintain customer files and lists; they develop customer profiles and data warehouses. The goal is to find new ways to interact with consumers to exploit and expand existing relationships. Pharmaceutical manufacturers purchased pharmacies so that they could market to consumers based on their medical conditions. Citicorp and Travelers Insurance merged partly so that each business could market to the other’s customers.

One result of commercial and noncommercial activity is the profiling of American consumers for marketing purposes. A generation ago, a magazine might have sold a list of its subscribers sorted only by zip code. Today, that same list is offered with a wide range of enhancements and additional information. Lists can be sorted by income, wealth, marital status, family size, age of children, credit card use, ethnic and religious background, political affiliation, number and type of automobiles, occupation, home ownership, length of residence, type of dwelling, sexual preference, or medical diagnosis. Government records are the source of some of these details.

New Uses and New Users

The technology permits commercial users to exploit personal information in new ways. Mailing list owners combine state records to create new lists. Entire new industries have come into existence to exploit the personal data available from public sources as well as private. Today, for example, more than a dozen individual reference services companies offer Internet "look-up" services that allow the search of computerized records obtained from state and local governments and other sources. The typical customers for these services include lawyers, debt collectors, and the police.

The exploitation of records by these and other companies developed with little public awareness. In 1997, Internet users discovered that companies were selling social security numbers and other sensitive data online. The resulting firestorm swept across the Internet and spilled onto the front pages of newspapers across the country, the evening news, and into Congress itself. The public and congressional outcry induced the industry to adopt self-regulatory privacy guidelines, but privacy advocates criticized the guidelines as weak, ineffective, and incomplete.

Another example of the use of the Internet to disseminate public records comes from Oregon. In 1996, the state’s database of motor vehicle records could be purchased for a few hundred dollars. A computer consultant bought the records and posted them on his Website with a search engine. When this came to public attention, there was an outcry. People did not realize that the records were that public. The governor said that instant access to the records over the Internet was a threat to safety and asked the consultant to take down the database. Eventually, Oregon changed its law and restricted access to these records.

These two examples illustrate how the Internet raises new questions about the availability and use of personal data from government records. Ease of access to data raises new concerns about privacy and calls for a reevaluation of the balance between personal privacy and disclosure. If personal information in government files is public, the information can be placed on the Internet. If the information is available on the Internet, then anyone can use and exploit it for any purpose. If all traditionally public records from government files end up on the Internet, these records alone will result in the widespread availability of detailed profiles of everyone. Reexamine the list of public records above and consider how personal profiles might be used and exploited by friends, neighbors, relatives, insurance agents, burglars, reporters, and marketers.

The threat to privacy posed by centralized and computerized records was the subject of a Supreme Court decision in 1989. In Department of Justice v. Reporters Committee for Freedom of the Press (489 U.S. 749 (1989)), the Court decided a Freedom of Information Act (FOIA) case involving the disclosure of criminal history records. Records of arrests and convictions are among the few classes of records that the U.S. Constitution requires be made public. These records can usually be searched freely in police stations and courthouses throughout the country. The issue in the case was whether centralized compilations of this criminal history information (rap sheets) maintained by the FBI must be disclosed under the FOIA. The Court recognized the tradeoff between privacy and availability, and it came down squarely on the side of privacy. The case turned on the centralization issue:

But the issue that we are now presented with is whether the compilation of otherwise hard-to-obtain information alters the privacy interest implicated by disclosure of that information. Plainly there is a vast difference between the public records that might be found after a diligent search of courthouse files, county archives, and local police stations throughout the country, and a computerized summary located in a single clearinghouse of information.

The Internet may well be the ultimate in information clearinghouses. Its ability to make unlimited amounts of information available worldwide instantaneously must be considered when making decisions about the availability of government records.

Resolving the Conflicts

Individuals have a legitimate interest in the privacy of data that they are often required to provide to the government. At the same time, the public has an interest in the activities and operations of government, and public availability of some personal data is appropriate. Information is sometimes collected primarily for the purpose of making it public. Campaign contributions and ethics statements from government officials are two examples. Some basic functions and institutions depend on the public availability of records to operate. The U.S. system of land ownership relies on the public availability of records, although that has not always been the case. The public availability of bankruptcy records is also integral to the process.

In other cases, public access may be neither essential nor desirable. We do not make income tax returns public nor do we release library loan records, criminal investigatory files, or welfare records. For some records, policies are more selective or more variable. In some states, voter registration records are available only for specified purposes. One important lesson from the variety of approaches is that diversity is possible. Citizens and legislatures can choose different options for the availability of public records.

One interesting model comes from the Driver’s Privacy Protection Act (DPPA), a 1994 federal law (18 U.S.C. § 2721) that requires the states to give drivers a choice before their records can be disclosed for marketing and other purposes. The DPPA has encountered Tenth Amendment problems, and several courts found the law unconstitutional because it directs the states to implement a federal program. That controversy aside, the law generally offers individuals some ability to make personal choices about how their information is used. However, the law specifies more than a dozen uses of data that are either mandatory or permissive. Records are available for a variety of motor vehicle and law enforcement purposes, and individuals cannot opt-out of those uses. The public interest is too strong to allow individual choice in these cases.

In other cases, however, the interest in disclosure is not as strong. Individual preferences may be highly relevant to the decision to release records. If an individual wants a driver’s license but does not want personal or medical information on the license given to a telemarketer, it is hard to identify a public interest that demands release of that record for that use. The same may be true of pet licenses, occupational licenses, social security numbers, and other data collected by the state.

The technology that makes personal records so accessible and so valuable also offers the possibility of accommodating individual preferences. Some decisions about the availability of personal records can easily be made in the interest of society at large. Some government records should be public and some should not. In cases where there are legitimate interests on both sides, the technology will support individual decisions. Legislatures can resolve conflicts by letting each individual make the choice. And remember, it is possible to use technology to preserve privacy too.

Decisions about public availability of government records should be made with open eyes and after public debate. When the government discloses records about individuals, we know that the records will be exploited by marketers, placed on the Internet, and used in other ways that invade the privacy of citizens. The states do not have to allow these invasions to continue unchecked. Citizens can make choices about what records should be public in light of the institutions and technologies that are capable of using the records. They just have to let their legislators know that they care.

Robert Gellman is a privacy and information policy consultant in Washington, D.C. He previously served for many years as chief counsel to the Subcommittee on Government Information in the House of Representatives. His e-mail address is rgellman@cais.com