“Privacy and the Future of Justice Statistics”

Peter P. Swire

Chief Counselor for Privacy

OMB/OIRA

National Conf.on Privacy, Technology & Criminal Justice Information

May 31, 2000

Overview

Free flow of information Administration privacy policy Government as a model Public records Concluding thoughts

I. “Free flow of information”

A noble goal, but what does it mean? – Security -- free flow to hackers?– Intellectual property -- free flow to pirates?– Privacy -- free flow to intruders?

Moral:– Many wonderful flows– Not all flows are wonderful

“Free flow” in the justice context

Common practice -- police have had unlisted phone numbers and addresses

Police concern about their own and their family’s safety at home

The Durham, N.C. example

Law enforcement officer concern After debate, city council decided to make

name a hidden field for all property records County disagreed -- register of deeds

decided to keep owners listed, online County tax assessor plans to post blueprints

of houses -- additional l.e. concern

Observations on “free flow” of information Which flows of information make sense? Do the flows happen automatically in the

course of putting information on web sites? When should there be thoughtful

consideration of whether personal information should become increasingly available?

II. Administration Privacy Policy

Support self-regulation generally Sensitive categories deserve legal

protection– Medical & Genetic– Financial– Children’s Online

Government should lead by example

Internet Privacy

Quantity of policies– 15% to 66% to 88% from 1998 to 2000

Quality of policies– Seek continued improvement

Incentives for good action by companies Concern about “free riders” with no policies

Medical Records Privacy

HIPAA 1996 called for legislation by 8/99 President announced proposed regs 10/99 Over 53,000 submissions of comments SOTU promise to make the regs final this

year

Medical Records (cont.)

Fair information practices– Notice– Patient choice– Access– Security– Enforcement

Regs have other provisions, including for law enforcement access to medical records

Genetic Discrimination

February 8 Executive Order– Prohibits federal agencies from using genetic

information in hiring or promotion Call for legislation

– Extend protections to private sector– Apply to purchase of health insurance

Genetic information and law enforcement– What will be public concerns over time about DNA

databases?

Financial Privacy

Financial Modernization enacted in 1999– Notice of uses– Choice to 3d parties– Enforcement

Administration Plan announced in April– Choice for affiliates, too– Opt in for especially sensitive data, including

medical– Other provisions

Other Privacy Legislation

Children’s Online Privacy Protection Act of 1998– FTC rules took effect 4/2000– Key is “verifiable parental consent”

Identity Theft law in 1998 Pretext Calling law in 1999 “Opt in” for motor vehicle records for

marketing in 1999

Summary on privacy legislation

Significant level of legislative activity Significant level of public concern

– WSJ poll in 9/99 Seek balance among multiple goals

– Privacy and public safety goals– Privacy and use of information for economic growth– Which uses of data are net beneficial, upon

thoughtful consideration

III. Government as a Model

Government web sites Government computer security Privacy Impact Assessments Oversight mechanisms

Government web sites

How is data collected and used at government web sites?

OMB guidance 6/99 for federal sites All federal agencies had clearly posted

privacy policies by the end of 1999

Government computer security

Good security is necessary for privacy– Weak security allows access to tax records, criminal

investigative files, etc.– Good security stops hackers and other unauthorized

users Good security is not sufficient for privacy

– What can an authorized user do with the data?– Post it to the Internet?– Privacy policies govern authorized users

Privacy Impact Assessments

Idea: build good security and privacy into new information technology systems

IRS has been approved as a Federal CIO Council “best practice”

FBI and Bureau of Justice Statistics in process

PIAs (continued)

Structured set of questions– What laws apply? Privacy Act? Others?– What agency or other policies apply?– The “friends and family” test -- do our practices

seem reasonable and fair when they become public?

Oversight mechanisms

New databases and flows of information often achieve important public safety and other goals

What mechanisms exist to consider privacy and other values?

There may be public questions in the absence of oversight mechanisms?

IV. Public Records

Many criminal and other court records are “public records”

Dialogue with states on public records Recent Supreme Court cases The example of bankruptcy records

Supreme Court cases this term

United Reporting v. Los Angeles Police– State law with stricter limits on marketing than

for press uses– State law upheld

Reno v. Condon– Federal statute limiting state release of motor

vehicle records– Federal law upheld against federalism challenge

Bankruptcy records

What’s in the public bankruptcy file?– Bank account numbers– Social Security numbers

Should we place these online for millions of Americans?

President has asked OMB, Justice & Treasury to issue a report this year

Concluding thoughts

Many flows are good, but not all flows are good Take advantage of new technologies to promote

public safety, economic growth, public education, and other values

But, thoughtful consideration of the subset of flows that are possible but not advisable:– Home addresses of vulnerable people– Bank account numbers of individuals

For the justice system(s)

Improving technology makes many new flows less expensive and more practical

PIAs -- your practices should meet the requirements of– Applicable law– Applicable policies– Confidence of the public

Concluding thoughts

In the Information Age, there will be a constant stream of issues -- which information flows are good?

President Clinton has asked: how do we keep our traditional value of privacy in this era of new technology?

Conclusion

The answer will be in the good will of all of us who build the new information systems:– Medical– Genetic– Financial– Government generally– Justice systems in particular

We look forward to that challenge