by Lynn Peterson and Genie Tyburski, Guest Writers
Worried that your personal details may be stored away in a database for anyone to see? Two public records experts describe exactly what is -- and is not -- included in "big brother" databases.
Do you know that your FBI profile resides in a database where employers -- or anyone willing to pay the fee -- may review it?(1)
That the database, and others like it, contains your social security number, credit profile, employment history, travel records, court records, personal interests, and serious health conditions?(2) That information brokers regularly sell such data to identity thieves?(3)
These attention-grabbing messages appear with increasing frequency in the news. But while they make the stuff of a good legal thriller, they reek of inaccuracies and distorted facts. Rather than informing about what personal information exists online, how it gets there, and who has access to it, some would have you believe that your life is an open book for all to read. Or worse, that anyone wanting a new identity may buy it.
What information appears in commercial, or publicly accessible, databases about you? Any transaction or event that generates a public record may find its way online. If you purchase a home, for example, information about the sale, including the sale price, amount mortgaged, and the mortgagor, becomes public record.
Likewise, if you file for bankruptcy, own a business, obtain a professional license, or become involved in a lawsuit, then information about you resides in public records. Criminal convictions and, in some states, marriage, divorce, death, boat or vehicle ownership, vehicle accidents, applications for fishing or hunting licenses, and voter registration also produce public records.
Increasingly, public records reside in commercial or government-sponsored databases, but restrictions concerning their access and use make illegal some of the claims you read in the news. Major federal laws governing the sale or distribution of personal information include the Fair Credit Reporting Act, the Drivers Privacy Protection Act, and the Gramm-Leach-Bliley Act.
Other federal laws also provide some protections: e.g., the Family Educational Rights and Privacy Act (school records), the Health Insurance Portability and Accountability Act (medical records), the Privacy Act (data collected by government agencies).
Various state laws govern the disclosure or use of driving records, vital records, workers' and unemployment compensation claims, and even criminal records. For example, driver histories are not public records in Pennsylvania, but with some exceptions, such records in Florida are public.
Who makes this data available electronically? Who may access it? Major commercial public records vendors include ChoicePoint Asset Company, LexisNexis, West Group, Seisint, Inc. (Accurint), and Dun & Bradstreet. Other smaller companies cover certain regions (e.g., Superior Information Services, LLC), or types of data (e.g., GovernmentRecords.Com), and sometimes supply data to the major vendors.
In addition to commercial vendors, government agencies provide online access to public records. The Health Resources & Services Administration of the Department of Health and Human Services, for example, publishes information about people who default on a Health Education Assistance Loan.
Various state corrections bureaus offer databases containing prisoner information. Many federal and state courts enable online access to court dockets and case information. Some county governments make property ownership and tax assessment records available.
While many government-sponsored databases enable free or low-cost easy access, the same is not generally true of commercial vendors. (KnowX LLC, owned by ChoicePoint presents one exception, but it provides access to data deemed public information for all legal purposes.)
Commercial vendors usually sell subscriptions only to businesses, or other groups, that meet the permissible use requirements of the various federal privacy laws. These typically include law firms, private investigators, law enforcement, financial institutions, and insurance companies.
Applying for access normally involves filling out an application, providing references and evidence of business status, and submitting a permissible use statement. Remaining a subscriber may mean submitting to audits and providing a permissible use for each query. Those who violate the privacy laws, or a vendor's self-policing policies, may find their account terminated, or face FTC sanctions or fines.
Despite what some news articles suggest, permissible uses do not include providing nosy neighbors with a report containing your "social security number, credit profile, employment history, travel records, court records, personal interests, and serious health conditions."
Credit reports, or documents that list your credit transactions with financial institutions and other businesses, and that typically contain your current home address, telephone number, social security number, and employer, are available to businesses only under certain conditions; e.g., you apply for employment, credit, or insurance.
Travel records, personal interests, and serious health conditions do not constitute public information unless you make it available via a public document like an openly accessible Web page or a court filing. On the other hand, employers may retain information about your business travel for tax purposes.
Similarly, doctors, hospitals, and insurance companies may have access to information about serious health conditions. But data in these categories does not reside in public records databases like those provided by ChoicePoint, LexisNexis, Seisint, and others.
What about your FBI profile? Is it available for sale? No.
Neither employers, nor others outside law enforcement, may access your FBI profile. You, on the other hand, may obtain a copy by submitting a written request under the Freedom of Information Act and paying the required fee.
As for the sale of personal information to identity thieves, unscrupulous information brokers undoubtedly exist. The Federal Trade Commission (FTC) in fact charged, sanctioned and fined three last March who obtained consumers' private financial information under false pretenses.(4)
The agency also issued over 200 warning letters to individual firms whose Web sites or advertising boasted illegal practices known as pretexting.(5) While these deplorable acts cast a shadow on the entire profession, such shysters nonetheless represent a minority.
Moreover, the FTC does not know how many incidents of identity theft actually result from the illegal sale of personal information from online sources like ChoicePoint. The agency's recent statistics indicate that in cases where the victim learned how the personal information had been gathered, the most common access method involved a relative or person known to the victim.(6)
(1) What They (Don't) Know About You
Wired, 11 May 2001
(2) FBI Will Tap into Personal Profiles
San Diego Union Tribune, 3 September 2002
(3) Daniel J. Solove, Access and Aggregation: Public Records, Privacy and the Constitution
86 Minn. L. Rev. 1137, 1191 (2002)
http://law.shu.edu/faculty/fulltime_faculty/soloveda/Privacy-Records FINAL (PDF).pdf
(4) Information Brokers Settle FTC Charges
Press Release, Federal Trade Commission, 8 March 2002
(5) Chairman Details Progress Made in Implementing The Federal Trade Commission's New Privacy Agenda
Federal Trade Commission, 11 June 2002
(6) Identity Theft: Prevalence and Cost Appear to be Growing
General Accounting Office, March 2002
Lynn Peterson is president of PFC Information Services, Inc., a public records research firm located in Oakland, California. Genie Tyburski is Web Manager of The Virtual Chase, a service of the law firm Ballard Spahr Andrews & Ingersoll.
NOTE: Article links often change. In case of a bad link, use the publication's search facility, which most have, and search for the headline.