Wednesday, January 03, 2007

Privacy, Public Records, and Genealogy

The beginning of a new year typically brings the effective date of new laws in many states. In the current era, many of these laws are intended to address privacy, identity theft, and security issues. Nobody will be surprised that on such important issues, legislators sometimes overreact. On the other hand, there are sometimes unintended consequences of well-intended laws.

This year, several states have enacted laws concerning the management of public records that contain Social Security Account Numbers (SSAN). I've reviewed a few of these laws and generally I think they're on the right track. For example, in Arkansas, it's now illegal to publicly post or display an individual's SSAN or to require a person to transmit his or her SSAN over the Internet without encryption. This is a sensible approach to identity theft prevention (although the potential downside in the near term for public agencies and genealogical researchers is how to deal with existing public records that contain SSANs). Hawaii has a similar law that became effective on Monday. In other states, like Wisconsin, recently enacted laws require businesses and governments to notify consumers and citizens when there has been a breach of private data that creates a material risk of identity theft. That, too, is a sensible approach to a vexing problem.

An approach that has little to commend itself is the restriction of access to birth, marriage, and death records. For nearly 400 years in America, these records have been regarded as open to the public. In the 17th century, these records were maintained by churches and became state records near the end of the nineteenth century. The theory was that the community had a right, an obligation, and a need to know who was born (when and to whom), who was married (again, when and to whom), and who died (when, how, and where). In fact, it is apparent that the community's access to this information is important to building and maintaining a sense of community and a sense of common security.

Individual privacy is cited along with crime prevention as justification for restricting access to vital records. But each birth, marriage, and death has significant public implications. And these days, there are very few cases of identity theft by birth certificate for the reason that there are simpler ways to do it.

Now I can understand why states might not want to make actual, official documents available on an unrestricted basis. California watermarks vital records as "Unofficial Copy," which renders the document valueless for most commercial or official purposes. This makes sense. But every state should make available, at a minimum, a register of vital information containing complete names, dates, and counties. There simply is no reason not to do this.

On the other hand, there usually is no reason to include a SSAN in the public portion of most records. Overuse of the SSAN by government and business is the true privacy and security threat. We all can improve our privacy and security by safeguarding important personal information such as our SSAN.

Some states have found the right balance. And from time to time, I'll single out the rational approaches for mention here.

No comments: