From the point of view of an access advocate, the strides being made in protecting personal privacy seem to grow monthly, if not daily. However, the access/privacy conflict is one of those classic "half-empty" or "half-full" illusions: Gains or losses always look different depending on who is doing the looking. It is also a matter of where the battles are being won and lost, where access is losing and privacy is gaining, and whether the trade-offs represent the best policy mix.
On the government-information side of the equation, privacy has largely won the day. This is not to say that all personal data in the hands of all levels of government is kept under a figurative lock and key at all times. There are still many instances in which personal information is disclosed in land records, voting records and the like. Records are still being put up on the Internet with little forethought concerning the privacy implications of those records. And there are still decisions being made to disclose personal information because a determination has been made that disclosure is in the best interests of society.
The public interest in public availability of traditionally open records, such as land records and voting records, is thought to outweigh the privacy considerations attached to those records. Massachusetts decided recently to make professional licensing information available online, and the Department of Health and Human Services has an online database containing the names of doctors who have defaulted on their student loans. All these records implicate a privacy interest, but the determination has been made that the magnitude of that interest is less than the public's right to know.
Where the war is being won by privacy interests is the consistent gnawing away of the parameters of what constitutes a privacy interest in public records. Gone for good -- at least at the federal level -- are the old notions that only intimate details of one's life are eligible for privacy protection and that disclosure of more routine personal information -- which we might normally share with others -- is not protected because disclosure would not constitute an unreasonable invasion of privacy.
The Supreme Court's ruling in Dept. of Justice vs. Reporters Committee changed that equation when the court ruled that any personally identifying information qualified for privacy protection if weighed against the very restrictive public-interest test that the information, on its face, must shed light on government activities or operations.
Harm From Release?
When Congress passed the Freedom of Information Act in 1966, and, particularly, when it strengthened it in 1974, proponents believed that public information should generally be disclosed unless the government could delineate a harm flowing from release. The requesting community has always scoffed at government arguments that, by necessity, were based purely on speculation that disclosure of various kinds of information could lead to untoward events. It was never necessary for agencies to show that, without doubt, harm would occur, but it was, at least, expected that they must carry the burden of showing that harm was probable.
However, it is now clear that privacy advocates have ultimately benefited from this speculative approach to harm. Arguments of potential stalkers, harassers and those who might misuse government information are the litany upon which denials of personal information are built. Since the likelihood that someone could be harmed by disclosure of personal information is real, the harm is virtually always speculative. While some people are victimized by credit information scams, it is not a solid policy basis to conclude that all people will be subject to such scams. About the only thing that follows from the disclosure of personal information is that it will end up in the database coffers of marketers, and we will all be inundated by unwelcome junk mail and telemarketers.
That rationale was apparently adequate for a federal judge in Alabama who ruled in March that the Driver's Privacy Protection Act (DPPA) was constitutional and that Congress had passed the law under its Commerce Clause authority to regulate disclosure of personal information that would inevitably make its way into the hands of data brokers. Perhaps overlooked by the judge was that one of the myriad of exceptions Congress allowed for disclosing motor-vehicle registration information at the state level was for bulk mailing purposes. In other words, the data brokers have the right to access the information, albeit perhaps not in as convenient a form as they might wish.
While the fight over DPPA has been lost in most forums as states acceded to the requirements of what some opponents view as a power grab by Congress, a
handful of states challenged the law on 10th-Amendment grounds, arguing that Congress does not have the constitutional authority to tell states what they must do with their public records. Two federal courts have agreed, particularly in light of the Supreme Court's decision in Printz vs. United States, where a sharply divided court struck down the background checks provision of the Brady handgun law because Congress did not have the authority to order the states to conduct such checks. In Alabama, Judge Ira De Ment concluded that Printz was not controlling because DPPA acted as a prohibition against disclosure of personal information and not as a federal regulation of how personal information should be treated.
Since De Ment found the Commerce Clause persuasive authority for Congress' actions, he did not have to address the government's other claim -- that the law was passed to protect the due-process rights of victims of stalking -- although he indicated in a footnote that the argument probably would have been convincing.
That Congress has a right to tell states how to disclose public records, because it is protecting the rights of stalking victims, is something of a germaneness issue all by itself, but the idea that disclosure of public records can violate the constitutional due-process rights of victims is one that adds considerable strength to the privacy side of the equation. Much like the Sixth Circuit's ruling in Kallestrom vs. City of Columbus, where the court ruled that disclosure of personal information of undercover police to drug dealers was a violation of a constitutional right to privacy, De Ment has identified a constitutional right to informational privacy that has no decisive case law to support it.
Both cases refer back to the Supreme Court's decision in Whalen vs. Roe, a case in which the court found there might be a right to informational privacy in personal information contained in a New York state database pertaining to prescription drugs. The court itself never relied on that finding, but lower courts are able to make of the allusion what they may. It is also a step toward firmer informational privacy rights when lower courts decide to advance the Whalen argument to its potential affirmative conclusion. Until the Supreme Court rules on an informational privacy issue directly, its standing in case law is not solid. But based on the conflicting rulings on the constitutionality of the DPPA, this argument may end up in the Supreme Court. Certainly, its decision in Reporters Committee indicates the court is concerned about privacy implications inherent in the collection of personal information by government and its subsequent public dissemination.
These trends -- the ready acceptance of speculation in determining invasions of privacy and the constitutional right to informational privacy -- do not bode well for access. However, they are encouraging signs, if the pendulum of public policy is moving in the right direction toward greater privacy protections. The openness of public records containing personal information is founded on a belief that public knowledge helps keep our political and social playing field level. Perhaps the evils inherent in the disclosure of personal information have not been adequately addressed; the pendulum's shift may signify that the public is, at this time, more interested in protecting personal privacy than in being able to monitor the nitty-gritty of public institutions.
Harry Hammitt is editor/publisher
of Access Reports, a newsletter published in Lynchburg, Va., covering open government laws and information policy issues.
July Table of Contents