Effective democracies and representative governments have two absolute prerequisites: (1) their citizens must have timely access to adequate information on which to base sound decisions as they participate in the process of their own governance, and (2) they -- the body politic -- must have the functional ability to identify and effectively communicate with its members.
One access principle is easy in a free society:
Information about government policies and agency processes, that does not involve information about individuals or private organizations, should be -- must be! -- promptly and completely available to the public, as much as is practically possible. To do anything less not only reduces the ability of citizens to be informed participants in their government; it invites and almost guarantees abuse of power by the small minority of unscrupulous individuals who are inside of government (who are inside any organization).
Thus, information such as legislation, bill analyses, draft budgets, proposed regulations, internal processes, decision-making procedures and proceedings, etc. -- that often do not contain confidential information about private organizations or personal information about individuals -- should and must be readily accessible public records.
Public access must not be merely an incidental function of government; in a free society, it must be as central to the process as any other aspect of governmental function.
But how much information should we (citizens!) have about our community's private businesses and organizations, where confidentiality is appropriate and important, or about our fellow citizens, who are our community's fellow decision-makers? Balancing public access -- the public's right (and need!) to know -- with citizens' desire (and need) for and right to personal privacy is an eternally insoluble problem. It has no fully satisfactory solution. ("Community," as used here, can be anything from a neighborhood to a state or nation -- or the planet.)
This insoluble balancing problem is made even worse as information acquisition and access alternatives expand.
But the access-privacy balancing dilemma does have some guiding principles:
If information about a private organization or individual is not reasonably useful in citizen decision-making about the governance of their community, then it should remain private -- even from the government.
If confidential or personal information is collected by government, at a minimum, the organization or individual that is the subject should be fully and promptly informed as to the information's collection and the limits on its uses, except when there is the strongest justification for nondisclosure (e.g., a criminal investigation in progress).
If there is justification for government to collect information about an individual, there is a presumption that such information impacts the community, and thus all decision-makers in the community -- the citizens -- should have access to the information, unless there is strong justification for its nondisclosure to them. To adopt any other principle implies that government is somehow better and more elite than the governed -- and should be done only with strong justification.
(To put it more bluntly, if it's important enough for government to collect, it's probably important enough for the community's real decision-makers -- the citizens -- to know! Admittedly, that's a difficult view for public officials to accept, but anything less almost defines "elitism," which should be minimized in a free and democratic society.)
ACCESS AND PRIVACY
Regardless of those vague -- and controversial -- principles, here are a few small thoughts about implementing effective, semi-automatic public access and appropriate privacy protection in computerized records systems:
When designing a system or database for formatted data, from the outset, include a 2-bit flag for each field of information, and allow three possible settings. The flag's possible values are "definitely disclosable," "definitely nondisclosable" or "may be disclosable." The first two settings facilitate automated access or redaction; the third setting mandates staff review