[Federal Register: July 31, 2000 (Volume 65, Number 147)]
[Notices] [Page 46735-46738]
From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr31jy00-86]

Leander Barnhill
Office of General counsel
Executive Office for the United States Trustees
901 E Street, NW Suite 780
Washington, DC 20530

Re: Comments on Study of Privacy Issues in Bankruptcy Data

Introduction

These comments respond to a joint request for comments from the Department of Justice, the Department of Treasury, the Office of Management and Budget, and the Administrative Office of the U.S. Courts on the privacy issues in bankruptcy data, Fed. Reg. (, 2000). The Center for Democracy and Technology appreciates this opportunity to comment on the important privacy issues arising in this interaction between citizens, the government, and businesses.

The Center for Democracy and Technology (CDT) is dedicated to preserving and enhancing democratic values and civil liberties on the Internet and other interactive communications media. CDT pursues its mission through public education, grass roots organizing, litigation, and coalition building. CDT is a non-profit, public interest organization (501 (c)(3)). Along with other privacy and consumer organizations CDT has urged policy makers to ensure that the privacy of individuals' personal information is respected during interactions with the government and the private sector.

This study of privacy issues in bankruptcy proceedings is timely. Across the country government agencies at all levels are exchanging arcane paper files and legacy computer systems for sophisticated data networks. The move to distributed, relational databases and systems promises greater efficiency. The government and citizens can benefit from new technologies that provide faster, cheaper, access to government records. The Internet is erasing barriers to access such as distance, hours of operation, and lines, providing citizens with real-time access to information from their homes, offices, or community centers.

At the same time, the move to advanced information systems and the use of the Internet to promote citizen access to government records highlights the weaknesses -- or oversights -- in our information policies. The private information -- including in the instance of bankruptcy filings social security and bank account numbers and other highly sensitive data -- contained in public records were often protected from widespread distribution by barriers of time and location, and the inefficiencies of paper systems. The dusty papers in Courthouse basements and town hall files were difficult to cull through and expensive to transcribe and distribute. These barriers and inefficiencies resulted in what the Supreme Court referred to as the expectation of practical obscurity. While private information was frequently legally accessible to the public at large, in practice it was rarely sought and rarely disclosed. The adoption of advanced information systems by all levels of government has removed these barriers to access. As a result information that was once legally available but practically private has become the backbone of a growing trade in personal information about individual citizens. In response, several states have begun to look at whether their information policy adequately addresses the privacy concerns of citizens.

The examination of bankruptcy proceedings places the privacy issues in strong relief. Individuals declaring bankruptcy must participate in this system administered by the government in conjunction with the bankruptcy trustees. To gain the protection afforded by the bankruptcy system individuals must reveal the intimate details of their household finances -- debts, spending habits, and assets. Such information is necessary for the bankruptcy system to fairly structure relief for debtors and secure payments for creditors. However, under the existing system such information is available to any other entity that seeks it. Thus, in using the bankruptcy system -- clearly an avenue of last resort -- citizens expose the details of their financial lives to the public at large. It is hard to imagine how such unmoderated access serves the interest of society, the debtor, the creditor, or even the bankruptcy system itself.

Information from bankruptcy records along with other data culled from public agencies and private sources is compiled by information brokers into detailed profiles on individual citizens. These profiles are in turn sold for a variety of purposes -- most of which have absolutely nothing to do with the bankruptcy system. Thus, establishing an appropriate public policy framework to address the privacy issues surrounding access to personal information about individual citizens contained in government files is directly related to the growing concern with the private sector use and disclosure of personal information. While the focus of this study is narrowly focused on bankruptcy records the reason for this inquiry and the responses it elicits should be considered more broadly as various levels of governments review and update their public record laws and policies and information systems.

Comments

CDT expertise is in privacy protection. We are not experts on the bankruptcy system or process generally and therefore will look to those with more knowledge of the system to provide responses to questions that require such expertise. Our comments provide guidance on how to structure the examination of the bankruptcy systems use of personal information to best ensure that privacy protections are built in to future information policy and information systems.

The 1973 Code of Fair Information Practices developed by the Department of Health, Education and Welfare (HEW) is a useful starting point for reconsidering the information policy of the bankruptcy system. This study largely seeks to address two major changes in information technology since the 1970s -- the emergence of large, privately-held databases, and the development of interactive technologies. In large part these changes magnify existing weaknesses in the bankruptcy system's information policy rather than present distinct new issues.

In 1972, then-Secretary of HEW Elliot L. Richardson, appointed an Advisory Committee on Automated Personal Data Systems to explore the impact of computerized record keeping on individuals. In a report published in 1973, the Advisory Committee proposed a Code of Fair Information Practices published in Records, Computers and the Rights of Citizens: Report of the Secretary's Advisory Committee on Automated Personal Data Systems.

The 1973 Code of Fair Information Practices supplied the intellectual and statutory framework for the Privacy Act of 1974 and served as a model for privacy legislation in this country and worldwide. The basic principles of the 1973 Code, as published in the Advisory Committee's Report, are:

1. There must be no personal data record-keeping systems whose very existence is secret;

2. There must be a way for an individual to find out what information is in his or her file and how the information is being used;

3. There must be a way for an individual to correct information in his or her records;

4. Any organization creating, maintaining, using, or disseminating records of personally identifiable information must assure the reliability of the data for its intended use and must take precautions to prevent misuse; and

5. There must be a way for an individual to prevent personal information obtained for one purpose from being used for another purpose without his or her consent.

In general, the Code: requires a purpose for the collection of data to be established; limits the collection of data to that which is necessary to support the process; limits the use and disclosure of data to those that advance the purpose; establishes the individual's right to access and correct personal information; and, requires the collecting entity to secure the information it maintains.

Building on the Privacy Act, the process of establishing an information policy framework to govern the bankruptcy system would begin with answers to the following questions:

• What is the purpose of the system?
• What data is necessary to support the functioning of the system?
• Who needs access to the various data collected to meet the system's goals?

While the questions asked in the Federal Register Notice touch upon each of these questions in varied ways, they are not directly posed. Questions found in the notice such as (1.6) How valuable is the information in the marketplace? and (1.2) Which of these data elements are public record data?, while perhaps useful should not be the focal point of the inquiry. The approach set out in the Federal Register Notice could be taken to suggest that unless there is a compelling privacy interest personal information collected through the bankruptcy process should be publicly accessible. The presumption should be in favor of protecting the privacy of individual citizens who interact with the bankruptcy system by limiting the use and disclosure of personal information to those that necessary to support the bankruptcy process.

Free Speech | Data Privacy | Government Surveillance | Cryptography | Domain Names | International | Bandwidth | Security | Internet Standards, Technology and Policy Project | Terrorism | Authentication | Right to Know | Spam

Our Mission / Get Involved / Staff / Publications / Links / Search CDT / Jobs / Action! Previous Headlines | Legislative Tracking | CDT's Privacy Policy