Tuesday, December 22, 2009

Privacy, Identity Theft and Genealogy -- Privacy, an issue?

Review:

The purpose of this series is to highlight the real privacy and identity theft concerns associated with genealogy. In my first post in this series, I explained that the danger from identity theft has been dramatically overblown in the media. For example, it is twice as likely that you will have your wallet stolen, than to have a problem with identity theft via the Internet. This post continues with a discussion of privacy.

Privacy... What is really private and what is not.

Because genealogists research personal family matters, it may not be obvious, but they should be concerned about privacy and privacy laws. With the access to large online databases, people compile information about their family and then put that information online, sometimes in completely public Websites. As a genealogist, it is a good idea, before "sharing" private information, that you have some basic ideas about the privacy laws in the jurisdiction where you live.

To start out this discussion, there are two phrases that get tossed around a lot relating to privacy; first, is the so-called "right to privacy," and the second, is the so-called "expectation of privacy." A definition of the"right to privacy" is elusive, partly because there is a gap between the general perception of the meaning of privacy and the legal definition. For example, there is no comprehensive U.S. Constitution level definition of the right other than the interpretation of the Fourth Amendment to the U.S. Constitution, the prohibition against unreasonable searches and seizures. On the other hand, the "expectation of privacy" is a legal test (meaning it must be interpreted by a court) defining the scope of the protection of the Fourth Amendment.

Privacy laws are mostly limited to smaller jurisdictions and are sometimes only local. Unlike the U.S., some countries, such as Canada, have a broad national privacy act. Notwithstanding the privacy laws that exist, generally, as far as genealogy is concerned a person's right to privacy dies with the individual. Obviously a dead person has no "expectation of privacy." Even so, some jurisdictions have laws prohibiting the release of "private" information about a dead person until, up to, thirty years after death or even longer. The information that can be disseminated varies from jurisdiction to jurisdiction. In Texas for example, Chapter 26 of the Texas Property Code and the secretary of state’s administrative rules found in title 1, chapter 76 of the Texas Administrative Code govern the use of a deceased individual’s property rights, including the deceased individual’s name, voice, signature, photograph, or likeness. A person who claims to own a property right of a deceased individual may register that claim with the secretary of state. Registration of a claim is prima facie evidence of the claim’s validity, and a registered claim is generally superior to a conflicting, unregistered claim. Tex. Prop. Code § 26.007.

One well known limitation on the access to genealogical information about dead people is the seventy-five year limit on the publication of U.S. Census data. The latest Census presently available is from 1930 and the 1940 Census will not be made publicly available until 2012. Other countries extend that prohibition to 100 years.

Live people are another matter altogether. California even has a state agency dedicated to Privacy Protection. For living folks, privacy laws focus primarily on medical records (HIPAA or Health Insurance Portability and Accountability Act of 1996) and financial records. However, personal information that businesses and government agencies ask you for, may include the following: your name and home address, your home phone number, your email address, your Social Security number, your driver’s license number, your financial information, such as credit card numbers, bank account numbers, and household income, your medical information, such as your health insurance plan, diseases or physical conditions, and prescription drugs used, your education and work experience, and other details of your personal life, such as your date of birth, the names and ages of your spouse or children, and your hobbies. See California Office of Privacy Protection.

In addition, quoting from the U.S.Department of Health & Human Services, "the Privacy Act of 1974 as amended at 5 U.S.C. 552a, protects records that can be retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual is entitled to access to his or her records and to request correction of these records if applicable." See HHS.gov. "However, the Privacy Act binds only Federal agencies, and covers only records in the possession and control of Federal agencies. The Department of Health and Human Services has specific Privacy Act Regulations. There are additional privacy acts; the Privacy Act of 1974 requires that agencies create and maintain, as necessary, a System of Records Notices (SORN) as defined in the Privacy Act provisions. A system is subject to the Privacy Act if it contains a system of records; any item, collection, or grouping of information about an individual that identifies the individual, and where those records are retrieved by the name of the individual or by some type of identifier unique to the individual." See HHS.gov.

There are good reasons to be extremely cautious about putting sensitive, private information about anyone living online, especially where the information can be accessed by the public at large. However, most people would be utterly surprised at the amount of "private" information readily available on the Internet, either for free or for a very small fee. In future posts, I will give more information concerning the availability of personal information on the Internet, including how to find living people, but for right now, the kinds of information that you can obtain without much effort includes voter records, wills, marriage records, birth records, residence, Social Security numbers, information about neighbors, title searches, employment history, civil litigation records, criminal background checks, sex offender registries, credit history, major purchases, and many, many other categories of information.

When someone expresses a concern about giving out their Social Security number, that is a real concern, but practically anyone, with a few dollars, could find out your Social Security number in an few minutes' search on the Internet.

To quote a commentary by Bruce Schneier in Wired, the online magazine:
Aerial surveillance, data mining, automatic face recognition, terahertz radar that can "see" through walls, wholesale surveillance, brain scans, RFID, "life recorders" that save everything: Even if society still has some small expectation of digital privacy, that will change as these and other technologies become ubiquitous. In short, the problem with a normative expectation of privacy is that it changes with perceived threats, technology and large-scale abuses.
More on privacy in the next post.

No comments:

Post a Comment