Electronic Records and the Right to Privacy.
THIS ARTICLE EXAMINES:
* the U.S. constitutional right to individual privacy
* how technology has made access to private information easier and protecting that information more difficult
* who should take the lead in ensuring the privacy of individual information
Electronic records pose career challenges to records managers. Greater numbers of information technologists are focusing on records management requirements of electronic records. One day soon, records professionals may find that records management theories and methodologies have been subsumed within information technology (IT). Information technologists certainly have the skill and power -- if not the training and perspective -- to make this happen. More traditional records managers have been slow to recognize the implications of such a convergence. Protecting people's right to privacy may create a significant opportunity for the records and information management (RIM) discipline to embrace more fully the information age. It might also make a critical difference in the long-term health of the RIM discipline.
For years, e-mail and other electronic documents have been used for document creation, communication, and storage. Most have viewed this medium as merely a document-processing vehicle with little thought to its records implications. Though electronic document management software was maturing in the middle-and late-1990s, mainstream products -- with rare exception -- ignored records management issues (e.g., retention) until the more recent emergence of RIM software components. Until recently, most records management policies and procedures in the United States reflected the view of the National Archives and Records Administration (NARA): If electronic documents qualify as records, they should be printed and managed in a physical repository. This view was most directly challenged in the now well-known lawsuit Public Citizen v. Carlin, in which it was demonstrated that NARA's General Record Schedule 20 did not produce the desired result: the reliable management of electronic records.
Privacy vs. Access
Personal information takes many forms and is collected and accessed in many ways. Almost always, the use of personal information is connected to actions within some process context (e.g., buying, selling, regulating). Even though the ability to produce explicit data -- information extracted from its original context -- has for decades been possible in an electronic form, most implicit data -- information left in its larger context -- has remained imbedded within physical documents.
The right to privacy is often a complex and contentious issue, one dependent upon many variables that can range from the constitutional guarantees against government intrusion into individual rights to the rights of individuals against those who would, for whatever reason, invade their privacy. Concerns about privacy increasingly involve collected and stored information, and that information is increasingly available electronically.
To the extent that electronic information is considered to be subject to records management policies, privacy protection becomes a concern for all records managers. In fact, records managers have always had some responsibility for privacy -- however indirect -- by controlling access to and disposition of records. Historically, the very dispersal of records into disparate physical repositories under records management control provided another inherent protection of privacy. Yet, the increasingly wide availability of electronic records for use in business processes and e-commerce is the very essence of the efficiencies hoped for in the goal of the so-called "paperless office" so highly prized in the IT community. The surprise to a lot of individuals is that this easy access to personal information by many users also threatens individual privacy in new and profound ways. And so the question looms, can there be easy access without individual privacy being threatened?
Those in the IT and records communities approach this issue from very different perspectives. Even the term record has different meaning to data managers and records managers. A data record is information managed as a unique instance in the context of a database. Since the data itself can be independent of context, it is the database that defines the relevance of otherwise meaningless data by creating context through data relationships. By contrast, for the records manager the record defines the context by which contained information is organized in order to document activities, typically for legal, fiscal, or business-process reasons.
Protecting records and privacy is a natural role in managing records but rather alien to managing simply data. Database managers spend little time on questions about the life cycle of the data; retention valuation is outside their domain. Their prime directive has been never to lose data and to maintain data integrity through various means, not the managed disposition of individual records as they reach milestones within their larger life cycle or continuum. Their outlook on electronic documents is similar to data. There is an opportunity for records managers to demonstrate that records management methodologies can assure the protection of records and privacy simultaneously. To do that, however, one must look deeper into the roots of both.
"We hold these truths to be self-evident ..."
The International Research on Permanent Authentic Records in Electronic Systems (InterPARES), which was described in the January 2001 issue of The Information Management Journal, seeks to re-examine basic assumptions related to the authenticity, retrievability, and accessibility of electronic records over long periods of time. This is mentioned analogously for examining the relationship between privacy and records because both require a suspension of current beliefs -- together with a willingness to examine carefully the opportunities, methods, and standards that will provide improved practices. If records managers are to fully understand the relationship between records and privacy in practical management terms, they will, at some point, have to mount an effort similar to that of InterPARES to examine the basic assumptions concerning privacy.
For example, when pondering privacy one must confront the basic beliefs underlying the assumptions in statements like "we hold these truths to be self evident." The U.S. Declaration of Independence, authored by Thomas Jefferson, forcefully argues that "all men are created equal" is self-evident. That basis of truth rested upon a perspective held by the French philosopher Rene Descartes, that the test for truth was whether the statement (or concept or experience) was "self-evident." His view grew from the idea that the mind (as separate from the body) would naturally recognize truth from experiencing things in the world that were "clear and distinct." Though seemingly obscure, most commonsense metaphors have been constructed upon this dubious artifice; hence, clarity is celebrated and ambiguity condemned. People see themselves as trying to make sense out of the world - as many readers are doing now.
Nonetheless, Jefferson needed a sound basis for declaring American rights as independent from the divine right of King George. By declaring Americans' right to liberty to be inalienable, he also implied their inherent right to privacy, for is it not self-evident that individual privacy can exist only within individual liberty? Yet just as liberty is not absolute, privacy is also constrained by the "public welfare" and other interests of the larger community. Today, then, individual freedom of speech is balanced against individual freedom of privacy. Thus, privacy is anything but clear and distinct.
"the right to be left alone"
Constitutional protections of privacy in the United States, as with most democracies, are explicitly focused on the intrusion of government into the affairs of the individual. This view of individual rights, as framed constitutionally, flows from this sense about arriving at truth. The direct result is that government is thereby modeled as a necessary evil requiring guarantees to individuals. The rights concerning search and seizure, self-incrimination, speech, assembly, and religion are primary examples of this recognition of an individual's right to be secure unless overridden by fundamental communal necessities (e.g., national security). But democracy itself requires a certain unfettered exchange of ideas in open discourse, not to mention the more mundane aspects of life, such as commerce. So if the questions concerning privacy are complex and contextual, the answers will not likely be clear and distinct but, rather, vague and ambiguous.
Further utilizing the U.S. model for this analysis, the use of wiretaps by the government framed privacy in the context of prohibitions against unreasonable search and seizure and self-incrimination in the case Olmstead v. United States. The Supreme Court found no physical trespass and thereby no search and seizure. Dissenting in a minority opinion, Justice Brandeis argued in 1928 that individuals had a basic "right to be left alone." Not until 1967 did the Supreme Court overturn Olmstead in Katz v. United States, declaring that wiretapping constituted a search under the Fourth Amendment. These cases illustrate an important privacy thread that has a mature constitutional basis, but it has proved more difficult to expand constitutional protections to areas of common intercourse, such as medical, financial, or insurance information. The U.S. Supreme Court has consistently left these privacy concerns to federal or state statutes. However, in Whalen v. Roe (1977) the Court stated that the responsibility to disclose information only to those authorized "arguably has its roots in the Constitution." This opinion created much confusion in the lower courts and resulted in cases decided on all sides of the constitutional interpretations of information and the right to privacy (Gellman 1998).
Wiretapping is a good example of how effective statutory solutions for privacy protection have arisen from court decisions. The Katz decision shifted the burden of persuasion to those wanting to wiretap, forcing them to obtain a prior warrant and encouraged them to seek redress through legislative compromise. Privacy proponents generally view the resulting law, Title III of the Omnibus Crime Control and Safe Streets Act of 1968, as a success.
"greatly magnified the harm to individual privacy ..."
Unfortunately, other statutes have not achieved the same success. The Privacy Act of 1974 is a prime example. It was largely designed to curb the power of government to invade individual privacy and focused primarily upon the use, or abuse, of computer technology. The act explicitly stated that computer technology "greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information" (Gellman 1998). Certainly the concept of a "big brother," aware of our every move, is merely the modern version of government viewed as a "necessary evil." In the post-Watergate era, this law was an attempt to articulate and apply the principles of fair information practices as governmental policy. But good policies are not always well implemented. The general principles applied in the policy are
* openness and transparency -- no secret recordkeeping systems
* individual participation -- subject of record has the right to review and correct
* collection limits -- personal information gathering should not metastasize
* relevance -- personal information gathered should be relevant to a legal purpose
* recordkeeper limits -- personal information limits on agency internal sharing
* disclosure -- information disclosure is prohibited without consent or legal basis
* security - administrative, technical, and physical security precautions
* accountability -- criminal and civil sanctions for violations of rules or procedures (Gellman 1998)
The inability of the Privacy Act to ensure compliance with these general principles can be traced to its lack of specific mechanisms for oversight. In contrast, the Paperwork Reduction Act (1994) requires thorough examination of need and approval prior to authorizing a federal agency to collect personal information. This is done in order to reduce the information demands on business and individuals. Yet, no such controls are in place for the Privacy Act.
"... because of the lack of an oversight agency"
Wiretapping is a narrow focus that was tightly constrained by the Katz decision and the Title III statute, providing much needed oversight within court-sanctioned rules and procedures. The Title III statute has been seen as successful because it
* has a clear constitutional foundation
* provides a distinct and easily understood definition of "threat to privacy"
* provides an existing framework for rules and procedures
* has a narrow focus on specific activities
* involves a limited number of government officials
* provides for independent oversight (search warrant issued by a judge)
* provides for an auditable trail of actions and accountability (Gellman 1998)
By contrast, the Privacy Act was enacted by a wide consortium of interests concerned about the "potential" abuse of personal information in an expanding public and private automated electronic environment. This was a huge undertaking without an existing frame of understanding or precise rules and procedures. Privacy scholar David Flaherty believes that American privacy laws are, in part, ineffective since "[t]he United States carries out data protection differently than other countries, and on the whole does it less well, because of the lack of an oversight agency" (Flaherty 1989).
The Office of Management and Budget was charged with oversight responsibility, but has done less and less over the years to assure compliance with the letter or the spirit of the law. The primary reasons for the current limited effectiveness of the law to the present include that it
* has a vague constitutional foundation
* is ambiguous in its definition of "threat to privacy," making it dependent upon many variables
* has no pre-existing commonly understood rules and procedures
* has broad unfocused limitations to virtually infinite activities
* involves an unlimited number of government officials
* provides for no independent oversight (such as judiciary or inspector general)
* does not provide for an auditable trail of actions and accountability
* is subject to a broad consortium of antagonistic commercial interests
* has not had efficient and effective methodological and technological solutions
Alan Westin, a well-known privacy scholar, said that definitions of privacy are nearly impossible to attain because the meaning of privacy changes depending upon a context of "values, interests, and power" (Gellman 1998). If the very meaning of privacy is vague and ambiguous, depending upon the perspective, how is individual privacy to be protected?
A Standards Perspective
Perhaps more important than achieving a common definition of privacy is to consider the functionality, standards, and best practices needed for extending the privacy protections inherent in records and information management by managing the access to and disposition of all records, including data. Building upon that capability, privacy could be managed within the three context variables expressed above by Westin. The best example of that kind of capability today is found in the blend of methodology and technology in electronic recordkeeping systems.
Records are evidence of transactions within business processes. Electronic recordkeeping system (ERS) software is the integration of electronic document management systems (EDMS) and RIM requirements and provides the necessary components and functionalities to make available effective privacy management within the recordkeeping repositories. There remains considerable disagreement over exactly what functionalities should be provided in ERS and how privacy management should be achieved, but standards are slowly emerging. One highly regarded de facto standard is the Department of Defense's (DoD) DoD 5015.2-STD Design Criteria Standard for Electronic Records Management Software Applications. Now in its second version, it sets forth the "certification" requirements for electronic recordkeeping system software to be eligible for implementation within DoD. There are other standards (e.g., Australian and Canadian), but all ERS software incorporates sufficient functional flexibility today to manage privacy concerns concomitant with records information.
Considering that information related to individual privacy, as anticipated by the Privacy Act, is predominantly gathered or disclosed as a consequence of actions within business processes, it follows that RIM is poised to accept formally this additional facet of management responsibility. Moreover, this additional responsibility -- already set out in ARMA's Code of Professional Responsibility -- will leverage the unique perspective of RIM to a larger and more pivotal role within organizations, and RIM professionals should ensure they play that role.
"... opt in or opt out ..."
Certainly, privacy advocates argue that the burden to manage privacy should be on the government or business that uses the information. Some businesses, looking for a way to avoid privacy regulation, are pursuing the concept of allowing an individual to "opt out" of having their information collected. But even this approach, according to some, places an unnecessary burden to act or be vigilant on the individual, and that information should not be collected or used without that individual's express permission. Making the choice is not the burden, but rather the burden is to know whether one has inadvertently given approval by not taking action. That is, the burden to obtain an individual's permission to use information about them should be on the party wanting to use that information. Since the collection and disclosure of all personal information is related to a legitimate need or right (e.g., legal, contractual) to use that information, enforcement of privacy claims will ultimately be decided by courts or public opinion.
Finally, all records and privacy concerns pivot on the question of trust. Individuals live within envelopes of trust. They form relationships, establish governments, and transact business trusting that the obligations of each to each will inure to their benefit as prescribed by implicit or explicit agreements. When that trust is violated they feel, in varying degrees, violated. While that often makes them fearful or angry, records and information management provides the evidence supporting or denying the performance of that trust.
Individuals all have some perspective on privacy. Understanding that, RIM professionals should know that privacy concerns are growing in importance and that some oversight will be mandated. Whatever the perspective, most know that trust is important and have a sense of what is fair use of private information. When individuals think that their trust has been unfairly violated and seek redress, evidence will be needed to arrive at the truth. The case for linking electronic records and privacy is clear and distinct. Don't "opt out" of the future.
Alderman, Ellen, and Caroline Kennedy. In Our Defense: The Bill of Rights in Action. New York: Avon Books, 1992.
--. The Right to Privacy. New York: Knopf Publishing, 1995.
Flaherty, David. Protecting Privacy and Surveillance Society. Chapel Hill, NC: University of North Carolina Press, 1989.
Gellman, Robert. "Does Privacy Law Work?" Technology and Privacy: The New Landscape. Boston: MIT Press, 1998.
Editor's Note: The importance of protecting the right to privacy is emphasized in the Code of Professional Responsibility sponsored by ARMA International. See www.arma.org/publications/ethics.cfm. The impact of Public Citizen v. Carlin is explored in greater detail in "Electronic Records Management Defined by Court Case and Policy" by David A. Wallace in the January 2001 issue of The Information Management Journal and in John Montana's column on page 54 of this issue.
Charles R. Booz is the president of Knowledge Solutions in Sacramento, California. He has 15 years experience in the information management field, specializing in evaluating and implementing solutions in records management areas, including workflow, electronic records, conversion methodologies, and business process design. He is president of the Greater Sacramento Capitol chapter of ARMA International. Booz received his BA in philosophy and has completed work in computer science and hermeneutics. The author may be reached at k-solutionsonline.net.
|Printer friendly Cite/link Email Feedback|
|Author:||BOOZ, CHARLES R.|
|Publication:||Information Management Journal|
|Date:||Jul 1, 2001|
|Previous Article:||RIM: A Liberal Arts Model.|
|Next Article:||The New International Records Management Standard: ITS CONTENT AND HOW IT CAN BE USED.|