“privacy and the future of justice statistics”
DESCRIPTION
“Privacy and the Future of Justice Statistics”. Peter P. Swire Chief Counselor for Privacy OMB/OIRA National Conf.on Privacy, Technology & Criminal Justice Information May 31, 2000. Overview. Free flow of information Administration privacy policy Government as a model Public records - PowerPoint PPT PresentationTRANSCRIPT
“Privacy and the Future of Justice Statistics”
Peter P. Swire
Chief Counselor for Privacy
OMB/OIRA
National Conf.on Privacy, Technology & Criminal Justice Information
May 31, 2000
Overview
Free flow of information Administration privacy policy Government as a model Public records Concluding thoughts
I. “Free flow of information”
A noble goal, but what does it mean? – Security -- free flow to hackers?– Intellectual property -- free flow to pirates?– Privacy -- free flow to intruders?
Moral:– Many wonderful flows– Not all flows are wonderful
“Free flow” in the justice context
Common practice -- police have had unlisted phone numbers and addresses
Police concern about their own and their family’s safety at home
The Durham, N.C. example
Law enforcement officer concern After debate, city council decided to make
name a hidden field for all property records County disagreed -- register of deeds
decided to keep owners listed, online County tax assessor plans to post blueprints
of houses -- additional l.e. concern
Observations on “free flow” of information Which flows of information make sense? Do the flows happen automatically in the
course of putting information on web sites? When should there be thoughtful
consideration of whether personal information should become increasingly available?
II. Administration Privacy Policy
Support self-regulation generally Sensitive categories deserve legal
protection– Medical & Genetic– Financial– Children’s Online
Government should lead by example
Internet Privacy
Quantity of policies– 15% to 66% to 88% from 1998 to 2000
Quality of policies– Seek continued improvement
Incentives for good action by companies Concern about “free riders” with no policies
Medical Records Privacy
HIPAA 1996 called for legislation by 8/99 President announced proposed regs 10/99 Over 53,000 submissions of comments SOTU promise to make the regs final this
year
Medical Records (cont.)
Fair information practices– Notice– Patient choice– Access– Security– Enforcement
Regs have other provisions, including for law enforcement access to medical records
Genetic Discrimination
February 8 Executive Order– Prohibits federal agencies from using genetic
information in hiring or promotion Call for legislation
– Extend protections to private sector– Apply to purchase of health insurance
Genetic information and law enforcement– What will be public concerns over time about DNA
databases?
Financial Privacy
Financial Modernization enacted in 1999– Notice of uses– Choice to 3d parties– Enforcement
Administration Plan announced in April– Choice for affiliates, too– Opt in for especially sensitive data, including
medical– Other provisions
Other Privacy Legislation
Children’s Online Privacy Protection Act of 1998– FTC rules took effect 4/2000– Key is “verifiable parental consent”
Identity Theft law in 1998 Pretext Calling law in 1999 “Opt in” for motor vehicle records for
marketing in 1999
Summary on privacy legislation
Significant level of legislative activity Significant level of public concern
– WSJ poll in 9/99 Seek balance among multiple goals
– Privacy and public safety goals– Privacy and use of information for economic growth– Which uses of data are net beneficial, upon
thoughtful consideration
III. Government as a Model
Government web sites Government computer security Privacy Impact Assessments Oversight mechanisms
Government web sites
How is data collected and used at government web sites?
OMB guidance 6/99 for federal sites All federal agencies had clearly posted
privacy policies by the end of 1999
Government computer security
Good security is necessary for privacy– Weak security allows access to tax records, criminal
investigative files, etc.– Good security stops hackers and other unauthorized
users Good security is not sufficient for privacy
– What can an authorized user do with the data?– Post it to the Internet?– Privacy policies govern authorized users
Privacy Impact Assessments
Idea: build good security and privacy into new information technology systems
IRS has been approved as a Federal CIO Council “best practice”
FBI and Bureau of Justice Statistics in process
PIAs (continued)
Structured set of questions– What laws apply? Privacy Act? Others?– What agency or other policies apply?– The “friends and family” test -- do our practices
seem reasonable and fair when they become public?
Oversight mechanisms
New databases and flows of information often achieve important public safety and other goals
What mechanisms exist to consider privacy and other values?
There may be public questions in the absence of oversight mechanisms?
IV. Public Records
Many criminal and other court records are “public records”
Dialogue with states on public records Recent Supreme Court cases The example of bankruptcy records
Supreme Court cases this term
United Reporting v. Los Angeles Police– State law with stricter limits on marketing than
for press uses– State law upheld
Reno v. Condon– Federal statute limiting state release of motor
vehicle records– Federal law upheld against federalism challenge
Bankruptcy records
What’s in the public bankruptcy file?– Bank account numbers– Social Security numbers
Should we place these online for millions of Americans?
President has asked OMB, Justice & Treasury to issue a report this year
Concluding thoughts
Many flows are good, but not all flows are good Take advantage of new technologies to promote
public safety, economic growth, public education, and other values
But, thoughtful consideration of the subset of flows that are possible but not advisable:– Home addresses of vulnerable people– Bank account numbers of individuals
For the justice system(s)
Improving technology makes many new flows less expensive and more practical
PIAs -- your practices should meet the requirements of– Applicable law– Applicable policies– Confidence of the public
Concluding thoughts
In the Information Age, there will be a constant stream of issues -- which information flows are good?
President Clinton has asked: how do we keep our traditional value of privacy in this era of new technology?
Conclusion
The answer will be in the good will of all of us who build the new information systems:– Medical– Genetic– Financial– Government generally– Justice systems in particular
We look forward to that challenge