In the pre-Internet era, there was inherent safety in the rigidity of filing cabinets, locked doors and 9-to-5 office hours. But now that governments are putting more and more of the data they hold about their citizens into digital files and combining those files on huge databases, it is no longer that much of an effort for, say, nosy neighbors--or people with malice in their motive--to use their browsers to try to check out personal details, be it about the family down the street or someone living several states away. Data privacy has become a hot-button concern--and a growing challenge--for an online enterprise: how to protect from unauthorized eyes the information it holds when that information is no longer kept in disparate files and no longer protected by lock, key and clerk.
This is not a simple or frivolous issue. It has the potential to stymie e-government and the efficiencies it offers an enterprise. That's why state and local governments are beginning to focus their efforts on policies and tools to shore up the way they protect the privacy of information in their keeping.
LEAP OF FAITH
There is a basic assumption many citizens have about the personal data their state or local government holds: that officials will use it appropriately. Now that much of that information is digitized, they expect that their government "won't share it, won't put it on public Web sites, will keep it in secure systems and that people will be trained in how to handle information of a confidential nature responsibly," says Sharon Dawes, director of the Center for Technology in Government at the State University of New York at Albany.Should anything disrupt that expectation, though, it could put the whole online enterprise at risk. As it is, the expectation sits on a rocky foundation. More than 45 percent of Americans are worried about the security and privacy of the personal information they submit to government, according to a recent Council for Excellence in Government survey.
That still means the majority of people are at ease, but such comforts can vary with the temper of the times. After the 9/11 attacks, the public was less hostile to the idea that some of the information governments store about them might be shared with, say, law enforcement officials bent on rooting out terrorists. With the passage of time--and a rise in the fear of identity theft--there's been a tilt back toward less disclosure.
Guarding the privacy of information is, in short, a constant challenge. It's what Aldona Valicenti, Kentucky's chief information officer, calls "a delicate balancing act." Policy makers make initial decisions about how and where to post public information or protect the privacy of the data their government has amassed--only to amend or undo those policies when citizens react negatively or there are unintended consequences.
In Nassau County, New York, for instance, there had been complaints about the fairness of residents' tax bills. Officials posted on the county Web site the names and addresses of property owners along with other data about their properties so people could compare assessed value. However, homeowners became incensed that such personal information was made public. The names came down, leaving a sanitized version of property listings with photos, a sketch layout and statistical information. Earlier, the county had removed a feature that allowed computer users to search for property by the owner's name. That, too, had raised hackles.
Privacy debates often center on what to post: Just because you can put information online, does that mean you need to or should? Carolyn Purcell, Texas' recently retired CIO, suggests that "more attention should be given to minimizing the amount of information we collect, keeping it private and getting rid of it once its usefulness is fulfilled." State officials have, in fact, begun limiting the collection of citizen information and the availability of citizen information online, along with adopting privacy policies. Washington's governor, Gary Locke, issued an executive order several years ago prohibiting the placement of personal information on state Web sites and limiting access to databases reachable via the Internet.
It is a point Floyd Abrams, chair of the New York City Commission on Public Access to Court Records, raises as well. "Can there be too much availability of public records?" he asks. Taking note of databases that hold information that is accessible in real time to various arms of the court system, he wonders, "Should Internet access in particular lead us to take a second look, to take care what finds its way into public judicial records in the first place?"
In dealing with privacy protection, there are several areas where states and localities are coming face to face with the issue, where they are being forced to develop policies about how they will handle this sensitive question.
BENCH MARKS
New York State is grappling now with the issue of putting court records online. News reporters, judges, lawyers and representatives from various advocacy groups have been meeting to debate how to make public records accessible online to those who need them without compromising the sensitive personal information they may contain.At this point, case information is not available electronically, and it is relatively difficult to search paper records. Even though the courts provide for full and open access to public documents, gaining access to the information can require a trip to a court during business hours, a long wait for files and much time spent riffling through stacks of papers.
New York State Chief Judge Judith Kaye created the Commission on Public Access to Court Records to examine the oft-competing interests of access and privacy, sunshine and confidentiality. She wanted the New York court to work carefully and deliberately to shape policy on the best way to put detailed court records on the Internet, particularly when they could contain individuals' personal information. "Subjecting case files that sit in practical obscurity in a dusty courthouse basement to the large-scale, high-speed searching capabilities of the Internet raises difficult questions regarding individual privacy rights, as well as concerns over how to prevent the misuse of personal data," according to Chief Administrative Judge Jonathan Lippman.
In other words, turning paper records into electronic ones that would be accessible online would make it easier to get the information but also would introduce a whole set of privacy pitfalls. That was recently the case in Mobile, Alabama, when the county's probate court put up on the Internet the names of people involuntarily committed to mental institutions. Advocates for the mentally ill were up in arms over the posting. They feared that landlords or employers could use the information to discriminate against those who have been institutionalized. However, should Mobile decide to take the information off the Internet, it still is publicly available at the courthouse.
Other jurisdictions are also tackling the issue, applying common- sense reasoning to what they do. The courts in Harris County, Texas, for example, decided to convert their civil, juvenile and family court documents to digital images but to put only certain public-information records online. Civil documents are available on the Internet, but juvenile records are not since they are closed to the public in any form. As to family court proceedings, the county decided that although they are public record, they will not appear on the Internet because they contain so much personal data, such as Social Security numbers, bank account information and details from divorce and other cases. Yet, as in Mobile, all that personal data is publicly available at the courthouse.
Harris County cobbled together a decision based on its best guess as to what would be right. "We're operating in the dark," says Charles Bacarisse, Harris County district clerk. "There's no state statute, no Supreme Court guidance. We're out there on the edge, trying to cut a prudent path that provides ease of access by the public and protection of privacy."
HIPAA HURDLES
While it is up to states or localities to decide how they handle personal information in court documents, the overarching policy for privacy of health care data is set by the federal Health Insurance Portability and Accountability Act of 1996. The rules behind the many regulations that deal with the handling of health care information have been slow in coming and are only now beginning to be implemented- -amid much confusion. One of the first deadlines is the privacy rule on patients' health care information, which officially went into effect on April 14.The privacy rule is intended to limit the use and release of medical records, establish standards to safeguard that information, allow for the disclosure of health information when there is a public responsibility to reveal it and give patients more control over their own health records. With so many health records going online (the "P" in HIPAA is, after all, for "portability"), it's not a matter of locking them in an office and guarding the key. And since governments operate hospitals, community health centers, community health departments, adoption agencies, guardian programs, foster care, school nursing facilities--all entities covered under HIPAA's privacy rules-- they have a lot of complying to do.
Given the April 14 deadline, states and localities were busy all winter long attending workshops to figure out what the rules would mean to the way they do business. Holt Anderson, executive director of the North Carolina Healthcare Information & Communications Alliance Inc., which runs many HIPAA workshops, figured the people in the privacy work group would disappear on April 15. Not so. Despite all the pre-deadline workshops, "there's a lot of planning they're still trying to do," he says. For instance, how should the working group advise the sheriff's department handling personal health information for prisoners being taken to the hospital? "Those ground rules aren't totally settled," Holt says.
Many states already had privacy procedures in place, but HIPAA preempts those that are contrary to federal rules. There are exceptions where state law is more stringent than federal law, but in trying to implement the privacy rule, states are left with little federal funding or guidance. States need to see what laws they already have that deal with privacy and what they're required to do by HIPAA, and then see which is more stringent and which to follow. For example, in law enforcement, police often will get access to a lot of information to track down rapists and murderers, such as physical evidence from a dead body. "Cases are won and lost on that kind of evidence," says Katherine Keefe, a lawyer with an active HIPAA practice. HIPAA prohibits a covered entity from providing DNA evidence for suspect-identification purposes. But many state laws permit the transfer of that evidence to law enforcement agencies. For a state to continue doing so, it would have to get an exception to the HIPAA rules. And that's just the beginning. "State rules on privacy are myriad and they're found in many, many regulations," says Keefe.
The HIPAA privacy rule is providing little backup. Covered entities must establish "reasonable safeguards" to protect the security of health information. "They say you need to keep it secure but they're not going to tell you how to do it," Keefe says. "Because this is so new, it's very difficult to understand how it will be enforced or penalties assessed."
For those working diligently on it, there seem to be technological answers to some of the disclosure issues. "One of the areas we've been pushing is when they design information systems they make them so that disclosure of public records protects privacy," says Bob Freeman, executive director, Committee on Open Government in New York. He describes a court case in 2001 in which a request was made for portions of a database with lead poisoning cases in it. The requesters knew they had no right to and didn't want information that would identify patients, but they needed the rest of the data. The state agency said it couldn't segregate the information. The court brought in a computer expert who was able to show that an agency could remove certain fields from a database so that information that would be blacked out on paper copies could be deleted electronically. In that way, the data could be made public without repercussions for individuals. "Technology can enhance protection of privacy as well as disclosure of public information," Freeman says.
There are other unsettled questions. Because HIPAA says patients have the right to receive a record of any disclosures made of their health information, states and localities have to figure out exactly how to do that. It's a challenge. "People are trying to figure out all the ways that there can be disclosure and through what systems," Anderson says. "They're trying to get those systems to flag disclosures." Anderson is sure that a technological fix will be found, even though at this point there is not an off-the-shelf solution.
THE MIXING BOWL
Another major privacy challenge is cross-agency and cross- jurisdictional data sharing. New York's Sharon Dawes recalls a project she was involved in to develop a prototype for a shared database that a state agency, several local governments and a couple of dozen not- for-profits would build together. Since the database would contain a lot of information about people in distress, project participants were concerned about how clients' identities would be protected in this system. The group worked through a whole variety of technical issues on client information protection and felt reasonably confident about the protocol--until the head of a shelter for abused women joined the project. The group assured the newcomer that no one would be able to get information on who her clients were. But she didn't care if people knew who her clients were. All she cared about was whether someone could find out where they were.It's a lesson in the difficulties of coming up with policies to protect privacy. "To make blanket statements about what information should be treated with the most sensitivity is hard to do," Dawes says. "You have to be at the street level."
Stuart McKee, Washington State's CIO and chair of the National Association of State CIOs privacy committee, heads up an information group in his state that is looking at integrating justice systems. There's an enormous amount of efficiency to be gained but, McKee points out, people get very nervous about how that information is transferred. Even though the court currently sends information to the motor vehicle department and vice versa, when the state tries to automate the exchanges, a lot of people get alarmed and have been letting the powers that be know about it. "In the government sector, those public disclosure requests make our lives a little more difficult," he says.
People do not like the feeling that their privacy is being invaded. But there already is so much information about people up on the Web, it's hard to put the genie back in the bottle. "The real issue of privacy is not the names and addresses," says Freeman. "The reality is that with a good search engine, you can take my name and address and combine it with other information about me and come up with a profile. That is a serious issue we have to think deeply about before we as a government place personal information online."
A well-publicized public concern is the release of Social Security numbers. It is one of those topics that bring on a firestorm of debate and often result in new laws. That's what happened in California after state Senator Jackie Speier, during an October 2001 hearing, displayed personal information about other senators that she culled from birth and death records that were on the Internet.
Speier's tactic spurred the legislature to action. The law it passed took effect in January and prevents the state from selling databases with Social Security numbers and mothers' maiden names in them, a piece of information often used to verify a bank account user.
States have passed a significant number of laws to protect Social Security numbers under the illusion that those numbers are private, says McKee, adding that in real life most of us give out our Social Security numbers to almost anyone who asks. He lists his doctor's office, cell phone company and health club as just a few of the places that have his number. "We can write laws until we're blue in the face, but Social Security numbers are out there."
In the public's mind, the standard for privacy on the part of governments should be much more stringent than in the private sector. People are quite willing to give out their names, addresses and other personal information to get a frequent-flier card or a discount on groceries. "As soon as government is associated with the data, the standard is set exceptionally high," McKee says. "It's the 'Big Brother' syndrome."
