New privacy laws must permit valuable uses of public records

Let’s be careful not to shortchange the free flow of public data in the rush to pass new privacy.

3 legal law books
Thinkstock

In 1997, the Federal Reserve Board told Congress, “It is the freedom to speak, supported by the availability of information and the free-flow of data, that is the cornerstone of a democratic society and market economy.” The board was especially concerned to preserve the U.S. system of open public records.

The availability of public records enables a wide variety of publicly beneficial activities

Public records play a vital role in ensuring that the press can provide citizens with the facts and information they need to be informed citizens, fulfilling Louis Brandeis’ dictum for democratic government that “sunlight is the best disinfectant.”

These records enable rapid and inexpensive access to credit for consumer purchases and business expansion. They have democratized finance, allowing individuals and small business to demonstrate their credit-worthiness so that, as Fred Cate noted in his 1999 study, “economic opportunities are based on what you have done and can do instead of who you are and who you know.”

National security and law enforcement officials rely on access to public records keep the public safe by tracking terrorists and organized crime figures and to bring to justice perpetrators of everyday crimes.

Companies, government agencies, investors and other institutions need information about individuals in their business capacity and about public companies drawn from public records such as state business registries, filings with the Securities and Exchange Commission, company websites and court documents on liens and bankruptcies to perform essential corporate due diligence, risk management and business intelligence functions.

Public records are used to locate missing family members, witnesses in criminal and civil matters, parents who are delinquent in child support payments, and owners of recalled automobiles.

Businesses use public records to accurately and efficiently identify consumers likely to be interested in a given product or service.

Crucial participants in this information infrastructure are the commercial resellers who invest billions to gather information from open government sources and aggregate it into useable digital files which they maintain, update and make available to the public and institutional customers. It would be as wasteful for news organization, child safety centers, law enforcement, business intelligence services and companies in all sectors of the economy to create and maintain their own public record data bases as it would be for them to generate their own electricity. They rely on these information intermediaries for accurate, relevant and up-to-date information from public records.

To preserve this open system, the laws governing public access to government information treat pubic release as the default and redaction to protect privacy interests as the exception. For instance, the Federal Freedom of Information Act requires the disclosure of all records other than personnel, medical (and similar files) and law enforcement records whose disclosure would “constitute a clearly unwarranted invasion of personal privacy.”

Constraints on the collection, dissemination and use of public records might sometimes be in the public interest

Detailed pictures of individuals can be assembled by curating various bits of information from public sources. No single piece of information is all that revealing but together they form a mosaic that reflects an individual’s interests, tastes and preferences. Combining these public records with privately assembled information about an individual’s behavior in the marketplace and using advanced data analytic techniques can provide even more detailed individual digital portraits.

Congress addressed these data risks 50 years ago in the Fair Credit Reporting Act (FCRA), mandating that consumer credit reports could only be used for certain permissible purposes such as employment, credit or insurance. The FCRA allowed consumers to access their reports and correct inaccuracies and required companies to tell them when an adverse decision was based on their reports. It obliged credit reporting agencies to keep their files accurate, relevant and up-to-date. Congress might need to revisit these issues as it considers a new national privacy regime.

The states have not done a good job of providing Congress with models of effective public data governance regimes

The Vermont data broker law, for example, requires companies that collect and use public records to register with the state of Vermont, for no apparent reason or discernible public purpose. 

The California privacy law appears aimed at companies that collect information from their customers and then transfer it to third parties, and provides customers with the ability to opt out of such transfers and to access, correct or delete information pertaining to them. But it also extends these rights to public records if the use of the public record data is “not compatible with the purpose for which the data is maintained and made available in the government records or for which it is publicly maintained.” 

Unless revised or clarified, this obscure use constraint will almost certainly obstruct valuable public safety uses of public records databases, potentially enabling fraudsters, terrorists and criminals to hide their misdeeds.

Privacy rules restricting the use of public records must pass a First Amendment test

Careful thought about how to protect valuable uses of public records is needed as Congress considers a new national privacy regime. In a privacy framework in which the objective is to control the risk of harm from data use, all data, even data compiled from public records and combined with proprietary non-public information, would be subject to a risk analysis and to constraints when the use creates a significant risk of harm.

This approach of narrowly tailoring privacy rules around public records as an exception to achieve specific government purposes is not only good policy. It is also the constitutional standard that will prevent new privacy rules from running afoul of the First Amendment. Because the collection, dissemination, and use of information, even personal information, is speech under settled Supreme Court case law, privacy laws are subject to heightened constitutional scrutiny. A measure that is more restrictive of the free flow of information than is necessary for the achievement of its public policy goals, including privacy, would not pass judicial review.  

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Fall 2018 digital issue of CIO