Features - Online Personal Information: Access vs. ExcessBy Lynn Peterson, Published on October 1, 1997
Lynn Peterson is president of PFC Information Services, Inc., a public records research firm located in Oakland, California. Lynn has been quoted on public records research in a variety of sources including The Wall Street Journal, Kiplinger's Personal Finance Magazine, and The Information Broker's Handbook. PFC Information Services provides public records research for law firms, corporations, lenders, venture capitalists, employers, the media, and other information research firms.
In The Lady with the Dog, Chechov wrote: "The personal life of every individual is based on secrecy, and perhaps it is partly for that reason that civilized man is so nervously anxious that personal privacy should be respected."
Chekhov wrote those words in 1899. Today concerns about the invasion of privacy are reaching a crescendo in response to countless articles about the widespread availability of personal data. Stories about "Identity Theft" abound. A Time Magazine cover story on August 25, 1997 was entitled "The Invasion of Privacy," and the New York Times ran a story September 15, 1997 called "High Tech Sleuths Find Private Facts Online." The story mixed together illegal bugging, computer hacking, theft of medical and bank account records with the retrieval of public records data.
Compounding popular misconceptions about accessibility and misuse of personal data, the federal government and several states have introduced bills alleging to protect personal privacy. Certainly our right to privacy must be protected, but not at the expense of the legitimate need for information.
A generation ago most people knew who their neighbors were, they knew the local merchants and the bankers they did business with, and family doctors were familiar faces in the community instead of faceless names in an HMO directory. Business was transacted with a handshake, rather than by running a credit report. Today millions of faceless people engage in virtual communication in the Electronic Global Village, while seventy-two percent of Americans do not know their neighbors. The need for information about one another has never been as acute.
The problems are complex, and there are no easy solutions. This article examines the use and abuse of digitalized personal information and discusses proposed solutions that address privacy concerns while permitting ethical and appropriate access to continue.
Why We Need Information Access
None of us want to endure unnecessary intrusions into our private lives, but in our highly mobile society it is more important than ever for us to know with whom we are dealing. Carole Lane, author of Naked in Cyberspace, states that "...no one can be blamed for wishing to keep their private lives private. Yet the growing availability of personal information has benefits that can be as important as the obvious potential dangers." Background checks have a legitimate use, as evidenced by tragic consequences in situations ranging from employment to investment due diligence when background checks were not conducted.
Employers have a legitimate need to know whether prospective hires have relevant criminal convictions and employees have the right to a safe and secure working environment. Without access to background checks, employees could potentially be at risk from their co-workers. For example, twenty-eight year old Christina Appleton was stabbed to death in August 1990 by co-worker, Arvie Carroll, a convicted murderer placed with Iron Horse Vineyards by a temporary agency that hadn't bothered to conduct a background check. (SF Chronicle 11/26/92)
In addition to saving lives and mitigating liability, background information is critical to the prevention of fraud. For example, our research firm was contacted by an attorney who requested that we search the public records on file for an individual who was running an "investment club" for senior citizens. A retired gentleman, who had made a $20,000 investment, was about to invest another $20,000. The adult children were alarmed because the promised return-on-investment sounded "too good to be true." The public records we uncovered exposed this as a fraudulent scam.
There are many other important and socially beneficial uses for personal information, such as:
- child support enforcement
- consumer protection from professionals with suspended licenses
- uniting separated families
- locating missing heirs and pension fund beneficiaries
- criminal investigations
- locating bone marrow donors
- insurance fraud investigations
- risk assessment
- collecting on judgments via asset identification
- locating witnesses
The Truth about Information Abuse
Media accounts and public perception of the potential for the abuse of on-line personal information is often exaggerated or inaccurate. For example, privacy proponents have characterized pre-employment background screening as an invasion of personal privacy. The Privacy Rights Clearinghouse publishes a number of different fact sheets on privacy related topics. In a fact sheet titled "Jobseekers Guide to Employment Background Checks" they state that "some people are not concerned about background investigations, others are uncomfortable with the idea of an investigator poking around in their personal history. In-depth background checks could unearth information that is irrelevant, taken out of context or just plain wrong."
It is true that mistakes can be made on background checks. However, employers are required to inform applicants when a pre-employment consumer report is to be run and applicants have the legal right to obtain a copy the report. Therefore, if a report contains erroneous information, the applicant has an opportunity to rebut the report and correct the information.
Properly handled, background checks protect both parties and the benefits far outweigh the potential for harm from inaccurate information or a sense of discomfort that some people experience.
"Identity Theft" has received a lot of attention in the media. These reports appear to be largely anecdotal and there is no evidence to support the claim that online personal data available through commercial vendors has contributed to even one instance of identity theft.
To quote the testimony of Beth Givens, Executive Director of the Privacy Rights Clearinghouse at the FTC Consumer Privacy Workshop this summer, "The Privacy Rights Clearinghouse is not aware of any specific cases of data from an information vendor's data bases being used for identity theft."
The Federal Reserve Board recently examined whether there was a significant risk to federally insured banks due to the potential for identity theft from online information pertaining to individuals. They actively solicited evidence of identity fraud stemming from the use of commercially available online data. Not one case was found. They reported to Congress that they found "no hard evidence" that the databases are used to advance identity theft. The Federal Reserve Board warned, however, that ILLEGAL methods of acquiring information are the precursor to this kind of identity fraud.
Legislation to Limit Our Access to Information
Several pieces of legislation limiting access have been introduced to address the concerns about online availability of personal information. Senators Feinstein (D-California) and Grassley (R-Iowa) introduced the Personal Privacy Protection Act of 1997 (S 600). This bill would prohibit the sale and use of Social Security numbers without the written consent of the subject and would include credit header data among the types of information subject to "permissible purposes" provisions of the Federal Fair Credit Reporting Act. The Social Security Online Privacy Protection Act (H.R. 1287) was introduced by Representatives Bob Franks of New Jersey and Wally Herger of California. This bill would prohibit the disclosure by interactive computer services of Social Security numbers or other personal identifiable data without the written consent of the subject.
While these bills seem reasonable at face value, they seek to remedy a problem that has not been proven to exist. Worse, they will limit valuable and legitimate research, such as the senior citizen fraud scam case mentioned earlier. No hard evidence exists to support the perception that stalking and identity theft are occurring across the nation due to the availability of online information. Anecdotal evidence and media hype have inflamed and unnerved a nation of people who value and guard their privacy. The introduction of legislation to limit information access is equivalent to introducing legislation to eliminate automobiles because drunk drivers cause accidents.
If law firms and other legitimate researchers do not have access to critical identifying information it will be impossible to discern which John Smith has a tax lien, judgment, bankruptcy, or criminal record. Without the availability of address histories derived from credit headers, it will be very difficult to discern where public records information should be searched, and avoid confusing individuals who share the same name. The potential for identity confusion without access to this information would be enormous. It is ironic that concern about identity confusion is a core issue among privacy advocates, yet they press to remove the tools that are necessary to insure that this will not occur.
The focus of legislative remedies should be on establishing penalties for identity theft and the misuse of personal information. If we eliminate access to tools that are so vital in this late twentieth century age of anonymity, we will be throwing the baby out with the bath water.
The good news is that there is good legislation in the works as well: AB156 introduced by California Assembly member Kevin Murray would make identity theft a crime in California. On the federal level, Senator Jon Kyl (R-Arizona) has introduced the Identity Theft and Assumption Deterrence Act (S512) which would create penalties for identity theft that crosses state lines. We need more laws to create penalties for the misuse of personal information, not laws that limit information that is so beneficial in so many circumstances.
Industry Self Regulation: Another Solution
The online public records information vendors developed a set of industry principles to respond to concerns regarding their industry's practices. Among the provisions they have agreed to are:
- Educating users and the public about privacy issues.
- Quality control procedures for data gathering.
- Limitation of access to non-public information to subscribers with an appropriate use for the information.
- Establishment of methods to verify and remedy customers abuses of the information.
- Providing consumers with choices available to limit access or use of information about them on databases.
- Creating mechanisms for individuals to find out about the information about them that is available on these databases, including the source of the data.
In addition, the vendors who have participated in the development of these industry principles screen applicants rigorously before they grant access to their databases. Potential subscribers are carefully evaluated to insure that only responsible companies are given access.
In the July California Lawyer magazine article entitled "Look Out for LookupsCommercial databases are a boon for P.I.s and attorneys," author Susan Davis writes, "The answer may be that such 'look-up' public record research services are fine as long as there are controls on who uses which ones, and how. That may also be the key to deciding which service a law firm should use."
While limits on information availability may seem to be an attractive "quick fix" for public anxiety, the truth is that there are grave dangers in such limitations. If access to information is outlawed the black market for information will grow exponentially. It is vital that there be legal avenues for making legitimate, responsible information searches. As we look for means to make information serve the private and public good, it is important that we make a distinction between the illegal acquisition and use of personal information and the legal, ethical, and legitimate access to such information.
James Madison wrote eloquently about the importance of public (or "popular") record access:
A popular government without popular information or the means of acquiring it is but a prologue to a farce or a tragedy or perhaps both. Knowledge will forever govern ignorance, and a people who mean to be their governors must arm themselves with the power knowledge gives.
Madison was right, knowledge gives power, and the revolution in technology has made information more powerful than ever. Pandora's box is already open, and we must make choices about the uses to which we will put our new technologies. Before we relinquish our access to information, in a futile effort to protect personal privacy, we must carefully consider the high price of ignorance.