250 likes | 266 Views
Professor Peter P. Swire discusses the legal background on court openness and privacy, with a case study on federal bankruptcy and privacy. He also examines relevant federal laws and the impact of privacy assessments on computer security.
E N D
“Privacy in Court Records and County Records” Professor Peter P. Swire The Ohio State University Center for American Progress NACo Legislative Conference March 3, 2008
Overview • My background • Legal background on court openness and privacy • Case study on federal bankruptcy and privacy • Some other relevant federal laws • Privacy Impact Assessments & computer security • Conclusion
I. My Background • Currently: • Professor of Law, Ohio State University • Senior Fellow, Center for American Progress • I live in the DC area • “Privacy Year in Review” distributed to all IAPP members • “Information Privacy” – official manual for Certified Information Privacy Professional • www.peterswire.net
Chief Counselor for Privacy • Office of Management & Budget, 1999 to early 2001 • HIPAA medical privacy rule • GLB financial privacy law & rule • Chair, White House Working Group on how to update wiretap & surveillance laws • Safe Harbor with European Union • Government records, including study on privacy & bankruptcy records
I. Background on Public Records • History of both legal openness and significant, practical obscurity • History of legal openness • Common law right “to inspect and copy public records and documents, including judicial records and documents” • Nixon v. Warner Communications, Inc., 435 U.S. 589 (1978)
Legal Openness • 6th Cir. “Trial court must set forth substantial reasons for denying” access to its records, U.S. v. Beckham, 789 F.2d 401(1986) • 5th Cir. “While other circuits have held there is a strong presumption in favor of the public’s common law right of access to judicial records, we have refused to assign a particular weight to the right.” SEC v. Van Waeyenberghe, 990 F. 2d 845 (1993)
Legal Openness & Discovery • Presumption of access stronger for filed than non-filed documents • Less clear on documents filed in connection with discovery • Some courts find no right to access to discovery documents submitted in connection with discovery motions, Anderson v. Cryovac, Inc. 805 F.2d 1 (1st Cir. 1986)
Legal Openness & 1st Am. • 1st Amendment right to attend criminal trials, to guarantee freedoms such as speech & press, Richmond Newspapers Inc. v. Virginia, 448 U.S. 555 (1980) • No Supreme Court ruling on 1st Amendment right of access to civil trials or court documents • McVeigh case & denial of press requests for sealed documents, 119 F.3d 806 (1997)
Privacy Limits on Access • Even where presumption of openness, courts may restrict access: • “Every court has supervisory power over its own records and files, and access has been denied where court files might have become a vehicle for improper purposes” Nixon v. Warner Communications.
Practical Obscurity • US DOJ v. Reporters Committee for Freedom of the Press, 489 U.S. 749 (1989) • Recognized privacy interest in rap sheets & other information publicly available but “practically obscure” • Court noted “the vast difference between the public records that might be found after a diligent search of courthouse files, county archives, and local police stations throughout the country and a computerized summary located in a single clearinghouse of information”
Accountability & Privacy • In Reporters Committee, in FOIA setting, the Court defined the public interest as “shedding light on the conduct of any Government agency or official”, not acquiring information about a particular private citizen • “The fact that an event is not wholly private does not mean that an individual has no interest in limiting disclosure or dissemination of the information”
II. Federal Bankruptcy Study • Released January 19, 2001 • Bankruptcy as a federal system • Then pending proposal to put all bankruptcy records on-line, with Internet access • Sensitive data • SSNs • Bank account numbers and balances • Credit card numbers • These are targets for thieves
Goals to Achieve • Fair and efficient administration of bankruptcy system • Needs of the parties in interest • Accountability to the public • Balance with privacy interests, especially for sensitive information • Fit with GLB and other relevant laws
Recommendation 1 • Public access to core information • Core information includes fact an individual has filed, type of bankruptcy proceeding, identities of parties in interest
Recommendation 2 • No general public access to sensitive information • SSNs, credit card numbers, loan accounts, dates of birth, bank account numbers • Schedules should be removed from public record that show detailed profiles of personal spending habits and debtors’ medical information • Care for non-filing spouses and others’ data
Recommendation 3 • Parties in interest should have access to much non-public information • This is important for exercising their rights and responsibilities • However, general re-use and re-disclosure limits for purposes unrelated to administering bankruptcy cases • E.g., don’t create database for resale gathered from parties in interest
Recommendation 4 • Incorporate Fair Information Principles • Notice • Consent for unrelated uses • Data available, though, for certain government uses • Access by the debtors • Data security and integrity • Accountability
III. Other Relevant Law • Protective orders • Longstanding judicial practice, upon proper motion • Trade secret cases • Many settlement agreements • Should we move from retail protective orders to more wholesale approach for categories of cases?
Other law • HIPAA medical privacy rule as a useful model • Sec. 512(d) -- judicial & administrative proceedings • Covered entities can only disclose medical records as permitted • 1st option -- notice to the individual and opportunity to object
Other law -- HIPAA • 2d option -- “qualified protective order” • Covered entity must seek agreement that the other party will keep data confidential • Records used only for the proceeding • Must be returned or destroyed after that • HIPAA does not apply directly to courts • But, strong national policy that privacy protection should be built into judicial and administrative proceedings
IV. Building Privacy & Security • Privacy Impact Assessments as a “best practice” for federal agencies, 2000 • E-Gov Act of 2002 requires PIAs for new computer systems • Dept. Homeland Security as one leader, with many posted on its web site • The Bankruptcy study was basically this • Special attention to SSNs and other breeders of identity theft • You might consider this for your new systems
Computer Security • FISMA mandates self-assessment for security, and risk-based security measures, for federal systems • Outsider attacks much more common for Internet than previously • Insider attacks, though, are likely bigger risk in many applications • HIPAA, GLB, Sarbanes-Oxley & general expectation for this as expected practice • You should likely be doing security & privacy analyses as part of new and upgraded systems
V. Concluding Thoughts • Some thoughts for court records: • Should the price of filing for bankruptcy be disclosure of your current bank account? • Should the price of filing for disability be Internet access to your lifetime medical records? • What rules are appropriate for information about minors and non-parties? • In short, reasons for privacy as well as openness/convenience
How Decide on Privacy v. Open Access? • FOIA and open records are crucial values • That said, here is a simple test about privacy: • How would you want the records of your own family treated? • Do you have the privacy and security practices in place that you would want for your spouse and children? • If you meet that test, you can be proud of your county • Thank you.
Contact Information • Professor Peter Swire • www.peterswire.net • www.americanprogress.org • www.thinkprogress.org • Moritzlaw.osu.edu