Issues of Privacy and Access
Presentation by Beth Givens
San Diego County Technology Summit
San Diego County Supervisors
Bill Horn, Chair
Thank you Chairman Horn for convening this Technology Summit today, and for inviting me to speak.
Privacy has become one of the hottest societal and public policy issues of our time. You can't open up a newspaper these days without seeing an article about the implications of a new technological development affecting personal privacy.
- In yesterday's paper it was a story on the Social Security Administration's recommendations regarding the implementation of a fraud-proof SSN card, and the implications for its use as a de facto national ID card.
- The day before, there was a front-page story in the New York Times on the impending development of a "new hire" database for the purpose of locating elusive deadbeat parents who don't pay child support -- and how such a massive national database could be used for illegitimate purposes as well.
Advances in technology give rise to the classic double edged sword. There are obvious benefits, such as locating and garnishing the wages of deadbeat parents. But there is also the downside, the development of a cradle to grave electronic dossier which can pose threats to personal privacy and which can be used for purposes of social control.
My presentation will focus on the privacy implications of advances in technology and the importance of crafting policies to enable the benefits to proceed while minimizing the negative consequences.
In the interest of time, I'm going to skip over who we are -- only to say that the Privacy Rights Clearinghouse is a nonprofit consumer informatoin and advocacy program. Our purpose is to raise consumer awareness on how technology affects personal privacy and what consumers an do to safeguard their privacy.
And we bring consumers' concerns before public policy proceedings such as this one today.
Now on to my remarks:
There are several trends in information technology that have implications for personal privacy.
- It has become almost cliche to mention it, but I will. Information technologies are advancing at such a breakneck pace that laws are not keeping up.
- With these advances have come dramatic increases in the public's concern about privacy.
- A third trend is increased public access to computerized public records. More and more public records from local, state and federal agencies are being made available on the Internet, many of them containing personally identifiable information.
I'm enthusiastic about the public availability of this information because it brings citizens closer to their government and allows them to be better watchdogs. But a recent poll of Internet users found that 3/4 of respondents believe there are privacy problems in putting public records with personally identifiable information on the Internet, even though they can obtain them in manual form.
- A fourth trend is the increasing integration of data from many sources, along with the blurring of distinction between public and private sector data. The information vendor industry is growing rapidly. Companies like CDB Infotek, IRSC, Lexis-Nexis and Information America are becoming massive clearinghouses of data derived from public and private sector sources. This is an industry that is virtually unregulated.
I want to read you a passage from a federal government study on privacy.
"The real danger is the gradual erosion of individual liberties through the automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable."
That was written in 1977, twenty years ago, as part of the study to determine the effectiveness of the Privacy Act. And it's just as valid today as it was then, perhaps more so.
- A final trend is the continuing degeneration of society, coupled with the failure to approach these societal problems at their roots, and the concomitant use of information technologies to solve social problems.
- The problem of deadbeat parents? Let's develop a data base to track them down.
- Gun violence? How about a data base of people who should not be licensed to own guns.
- Illegal immigration? Let's develop a data base that can be used to track immigration status.
- And so on.
While I don't object to the use of information technologies to address these very real problems in the short run -- what I fear is happening is that the root problems will never be addressed and that all these data bases that we're developing will go on to have a life of their own. They'll be used for far more purposes than originally intended, eventually becoming the cradle-to-grave electronic dossiers that we in this country have such a deep-seated aversion to.
At the Federal Trade Commission's privacy hearings this past June, the Center for Democracy and Technology nicely summarized the "social, political and economic consequences [that] can result from our society's failure to adequately preserve individual privacy." And I quote:
"If people continue to lose control over their ability to choose when, what, and to whom to divulge personal, sensitive information, they will not only lose the capacity to retreat from society and seek solitude, they will also be reluctant and unwilling to step forward and fully participate in society, fearing unwanted exposure, judgements, discrimination and government surveillance and repression."
I've laid out five trends and problems regarding information technologies and privacy. Where do solutions lie?
I think we can find a public policy solution in the development of a privacy code, called generically the Fair Information Principles.
The concept of a privacy code is not new. The Fair Information Principles were first developed in 1973 by the U.S. Department of Health, Education and Welfare. Their code consisted of five principles, those being: openness, disclosure, record correction, prevention of secondary usage and security.
These principles went on to form the basis of the Privacy Act of 1974, and the equivalent acts in about half the states, including California's Information Practices Act. And interestingly, the code was picked up by many European countries to form the basis of their omnibus privacy laws, something we don't have in this country by the way.
Since the early 1970s, these principles have been altered to fit a number of different situations. I'm going to suggest a set of ten principles, compiled from a number of different versions. A similar Code has been adopted by the City of San Diego in its Telecommunications Policy of October 1994.
- Consideration of privacy effects:
Privacy is recognized as an issue to be considered ... in introducing and using information technologies.
What this principle suggests to me is that a privacy impact assessment should be conducted when new uses of data and/or information technologies are being considered, much like the environmental impact assessments that we're so familiar with.
- Openness: (a very American principle)
There must be no record-keeping systems whose existence is secret. San Diegans have a right to know what personal information is collected about them by local governments and how it is used.
This brings up the necesity of having sufficient infrastructure in place to allow individuals the ability to view, correct and/or amend their records.
- Collection limitation:
Only the personal information necessary for the stated purpose of the agency shall be collected.
The sale of public records to the information vendor industry opens up a Pandora's box of temptations, a major one being the temptation to gather more information than is necessary because it would increase the sale value of the records. I have no evidence that this is actually taking place, but it certainly could and it's something to watch for.
- Information integrity:
Every effort shall be made to ensure that records are accurate and up-to-date, and that record disposal procedures are established.
How extensive is the use of shredders?
Another aspect of records disposal that is pertinent in this age of computers and their almost infinite storage capacity is the question of record retention. How long should records be kept. Forever? Or, like credit reports, just 7 years. Should someone's graffiti vandalism misdemeanor at age 19 prevent that person from getting a job ten years later when that person has straightened out his or her life?
- Access and correction:
Citizens shall have reasonable means to obtain and review, and when necessary, correct and amend information about them.
- Secondary usage: (the most powerful and least observed principle)
Personal information will not be made available for secondary uses without notice to the subjects of the information, allowing them, when appropriate, to opt-out of such uses.
This is to avoid the practice of fishing trips, and the creation of profiles using all available data to create suspects lists. This principle would also prevent the use of public data for marketing purposes without the consent of the data subjects.
Government entities will establish reasonable physical, technical and administrative safeguards to protect personal information against the risk of unauthorized access, collection, use, disclosure or disposal.
A vitally important aspect of security is ongoing training of all staff who access data bases containing personally identifiable information. Training should stress what are the legitimate and illegitimate uses. And there should be electronic audit trail capability with individual password access so all uses of data bases can be tracked back to the individual who used them. And there should be strict penalties, including termination, of misuse.
Government entities will make reasonable efforts to educate San Diegans about the existence and use of its records containing personal information.
This principle relates to the first principle of Openness. Citizens will not be able to exercise their rights of access and correction unless they know what records are kept about them. Education is also a good antidote to citizen mistrust. The more light that is shed on information collection and handling practices the better.
- The 9th and 10th principles are Oversight and Review.
There should be a commission, perhaps, or a task force comprised of citizens and government officials to monitor on a regular basis the efficacy of these principles -- and whether or not they're up to date. Perhaps spot checks of agency practices could be done, and goals established for certain practices to be adopted, as well as a grievance forum for citizens and agency staff members.
That concludes my presentation. Thank you for attention.