Privacy Journal

Click and type in a question or comment

Excellent resources on this site for those interested in online privacy. Nice work!

I would be interested in your thoughts on what we're doing at privacychoice.org, and how we can improve it.

http://www.privacychoice.org

Jim Brock

From Andre, Albany, Ga.: I was trying to send money overseas using Moneygram service. It came to my surprise that they asked me for my SSN and they even went beyond that by asking to have my SS card copied for their files. I offered them my driver license but they refused it. They cited the reason was the amount being sent above two thousand dollars.

How do you take at that? Do you think I can fight them?

Response: The USA PATRIOT Act requires financial institutions to "know your customer" and often this means collecting Social Security numbers and asking for ID from new customers. The institution wants to copy the documentation to prove that it complied.

A cash transaction of $10,000 usually triggers a required report to U.S. government authorities, although other aspects of a smaller transaction can trigger a Suspicious Activity Report by the bank.

In general, DON'T provide a Social Security number unless it is for Social Security itself, tax purposes or Medicare. (A transaction involving a significant amount of money usually has tax consequences.)

DON'T provide a Social Security number by telephone or online unless you are positive of the identity of the organization.

Try to persuade the requester of the dangers of identity theft or the indignities of being enumerated. If that doesn't work, shop elsewhere. There are competing money-transfer businesses. (This response was revised June 17.)

Comment: Why don't you have a well publicized Facebook privacy settings page design competition?


Comment: What can be done about Google, who are now showing search results of old newspaper articles? A search of my name shows articles from a 23-year-old court case for which I was acquitted. This can now be seen by my colleagues, wife , neighbors, acquaintances, etc. It is very embarrassing and could result in my dismissal, ridicule, harassment and even physical harm. My 11-year-old son could be subjected to harassment. It reveals personal medical information and I am outraged over this. Google responded to my complaint suggesting I contact the owner of the Web site. Of course, the newspapers think their poorly written and vindictive articles from the past are above reproach and truthfully represent historical fact. This is hogwash and a present threat to my personal security and privacy. Google claims innocence and in my opinion are culpable for any harm befalling myself or family!
Innocent but still prosecuted.

Response: This is going to be very difficult, because Google does not own the material you are objecting to; it merely points to it, along with billions of other bits of information. The news organization is generally not obligated to remove such information because the First Amendment prevents the government, including a court, from requiring this.

TWO EXCEPTIONS: If elements of the story are untrue and you can prove it, you may sue for libel. If the information is true but puts you in a false light for any reason including the passage of time, you may sue for invasion of privacy. For more on this, see the Supreme Court case of Wolston v. Readers Digest, 443 U.S. 257 (1979). Google it.

If this is your situation, a demand for the news organization to remove the item may be successful. If that doesn't work, (1) ask the news organization to place your short rebuttal with the electronic entry; (2) get your name listed in Google so many times that the damaging entry is reduced in importance and lowered in Google's search results; (3) start a personal Web page or blog that refutes the 23-year-old entry and portrays yourself as you wish to be portrayed now (and this Internet entry will be picked up in a Google search); (4) and certainly anticipate that this old event will continue to come up and so tell family members and employers in advance about it, with documentation on hand to prove the acquittal.

The news organization would seem to have a moral obligation to include reference to the acquittal in any electronic version of the old story and to make sure this shows up in a Google search.

But remember, even if the original entry is removed from the Internet, search engines have previously cached the displayed information. In other words, they have stored it and it will show up in a subsequent search (labeled "cached.")

From Phoenix: Outlaw the use of our Social Security numbers as identifiers. Thirty years ago it didn't matter if someone had your Social Security number; it was for one purpose only. My Social Security card was shown for only one purpose: employment or collection of benefits.

Ban the sale of personal information for profit; this is your work product, bits of your life, snapshots sold off for profit. Shouldn’t our life’s work information be just like a copyright? Make the credit and information collection companies have to pay a fee to use and sell your information and allow you to opt out completely.

Ban credit and insurance scoring. Credit scores were completely ignored by lenders ready to make a quick buck on what was thought to be a never-ending balloon of home and property values. Insurance scoring penalizes the poor and those who have had financial problems.

Comment: If I feel there are subliminal advertisements in College Textbooks as explained in Wilson Brian Keys book "The Age of Manipulation" page 51. Where do I get help in rectifying the matter? I wrote to the FTC and the university dean and got nowhere.

Response: The FTC is the proper place to seek an investigation. See the Web address for complaints below.

Comment: In survey after survey, including a recent MSNBC survey, more than 90 percent of the American people say that workplace discrimination based upon someone’s personal credit report is wrong and should be illegal. The practice was always wrong and from the start has always been a gross invasion of Americans’ privacy. The information has always been used by employers to low-ball wages and intimidate employees based upon the level of desperation depicted in their credit report – while employers use the smoke screen of saying the information is used to protect them from fraud and theft. It’s “the people” that need protection from corrupt politicians and dirty corporate money . . . not the other way around!

NOT ONE SINGLE study or shred of evidence exists to demonstrate that Americans with damaged credit reports steal or commit fraud at a higher percentage than other Americans.

Response: Reps. Steve Cohen, D-Tenn., Luis Gutierrez, D-Ill., and 51 others are pushing a federal law to prohibit use of credit reports in the employment process, even with consent, except for national-security, government, or financial jobs. HR 3149 is similar to, perhaps more stringent than, laws passed now in three states, including, as reported in the April issue, Oregon on Mar. 29.

You should write to your Members of Congress with your views about this important proposal.


Inquiry: A few years ago, to protect my privacy, I opted out of ussearch.com. My information has since reappeared and they now demand $10 a year to remove my information. Is there any legal precedence to stop online companies from charging a person to protect their privacy by opting out of their service?

Response: Interesting question. We suggest that you notify the Federal Trade Commission, with as much detail as possible. https://www.ftccomplaintassistant.gov/
And notify the World Privacy Forum, which objected to the FTC about this a year ago. www.worldprivacyforum.org/

Depending on what your agreement was with the company in the beginning, this could be an illegal deceptive practice or a violation of the FTC's opt-out guidelines.

From Florida: Do plaintiffs in a court case owe a duty not to disclose a defendant's Social Security number in a complaint or exhibits filed with the clerk of the court, under either state (Florida) or federal law?

Response: Everyone who has our Compilation of State and Federal Privacy Laws knows where to find the answer:
"Until January 1, 2011, if a social security number or a bank account, debit, charge, or credit card number is included in a court file, such number may be included as part of the court record available for public inspection and copying unless redaction is requested by the holder of such number or by the holder's attorney or legal guardian. On January 1, 2011, and thereafter, the clerk of the court must keep social security numbers confidential and exempt as provided for in s. 119.071(5)(a), and bank account, debit, charge, and credit card numbers exempt as provided for in s. 119.071(5)(b), without any person having to request redaction."
That's the law in Florida. We believe that less specific laws in AZ, CA, CT, HI, IL, KY, MD, MN, MO, NJ, NC, RI, UT, VT, VA, and WA could be interpreted to prohibit this disclosure in court filings, especially if a business is the plaintiff or defendant.

Question: When will the 2010 supplement to the compilation of state laws be published?

Response: It's ready. You may order it now, $25 plus $4 shipping. Specify hard copy or electronic pdf version.

Click and type in a question or comment

Comment: I'm trying to spread awareness of http://www.dirtyphonebook.com among privacy advocates because there's nothing else like it out there. Be very careful about this.

Question: If I wish to view my complete medical records what is the procedure? Do I just ask my doctor, or do I need to make a special appointment? Can a doctor refuse to show me the records or withhold a portion of the records? When I change to a new doctor can they refuse to see me if I do not have my records transferred to them? And if I do have my records transferred do they include all records from birth?

Response: It depends. It depends. If you have seen the same doctor for many years, there will be a large file dating back to your beginning date, but certainly not since birth. Most doctors records do not have information from outside the doctor-patient relationship unless you asked for them to be placed there. Doctors are obligated to transfer records to a new practitioner. If you are seeing a new practitioner for a new condition, there would seem to be no need to transfer records if you wish not to. If for an existing condition, it would make sense. At any rate, there is no law on this one way or another. The HIPAA regulation does not require a special appointment to see your records, but an office has 30 days to arrange for you to see your record and may charge you for copying expenses.

Comment: Awesome story about cloud computing in your Oct. issue.

Comment: I just ordered the updated supplement to the privacy laws and thought that there was a place where I could order the pdf version. I couldn't locate it so I ended up purchasing the paper copy. The site is much improved over the years I have been a patron.

Response: The text of our 2002 compilation of state privacy laws AND the most recent supplement are both available in pdf format as an email attachment. Same prices as the hard copies, but no shipping charges.

Comment: How can we stop the medical field from using our SSN as an identifier? I live in Florida where there is no law that says they can't use it, and they give me a hard time whenever I don't want to give my number. They must stop this dangerous practice!

Response "A hard time" is a small price to pay for sticking up for your dignity. By objecting to collection of Social Security numbers, you may educate the doctor's office and you may lead others in the medical profession to understand that many Americans object to the practice and therefore the profession should do without Social Security numbers. Just as there is no law preventing them from asking for a SSN, there is no law requiring you to provide it to get medical treatment. Point out to the doctor's office that you will have to forego medical treatment if compelling SSNs is its policy. Maybe you will shame them into waiving the request; most of the time it will. Otherwise report the office to the local medical association. ONE EXCEPTION: The SSN is the Medicare/Medicaid number and there is no way around that presently. In this case, ask the doctor's assistant to write in the file: "The patient does not consent to disclosure of his or her Social Security number."

From Maryland: In this state, there is a law called the Maryland Social Security Number Privacy Act of 2006 which is supposed to prevent the transmission over the internet, mailing, and displaying someone's Social Security Number. But, as me and my family have learned the hard way, a lawyer could care less about the law and can violate this law anytime they want because they feel that no other lawyer would either sue or prosecute them out of profession courtesy. Do you know of any attorneys in Maryland that would want to hold another attorney's feet to the fire in a civil lawsuit regarding a lawyer breaking this law by purchasing, transmitting, and mailing Social Security Numbers WITHOUT someone's permission?

From Massachusetts: On obtaining a search warrant police install a GPS device on a suspects vehicle, can information resulting from the GPS tracking (search) be used or should it be suppressed @ trial under the exclusionary rule, if the warrant went stale? Do you know of any case law relating to GPS searches and monitoring that could be used as support of the argument in Massachusetts. This is a question put to me be my instructor, but is based on a real case, Commonwealth v. Connolly SJC-10355 Fourth Amendment issues richc60@yahoo.com


Response: An answer will require legal research. If you want our legal research services, email the publisher.

From Minneapolis: We've recently acquired your "Compilation of State and Federal Privacy Laws" for our law firm's library, and it is a very impressive piece of work.

From Fort Wayne Indiana: Worthwhile newsletter.

From Pittsburgh PA:: The state sent my name, address, Social Security number, phone number to someone else. Do I have a claim?

Response: Not in Pennsylvania, which is not one of the dozen states with "fair information practices acts," which prohibit such disclosures in some cases. Still, a court might rule for you if a judge or jury were to find this information private and sensitive AND the disclosure "offensive and objectionable to a reasonable person of ordinary sensibilities."

Question: Can you tell me if there is any current statute in VT addressing consent to record a telephone conversation? CR- Cleveland, OH

Response: Vermont has no law on electronic surveillance, according to our Compilation of State and Federal Privacy Laws. Interstate calls to or from Vermont are covered by the federal law.

Comment: Your analysis of what our government is doing could not be further from the truth. You have no understanding of biometrics much less the real danger they present. You speak about retina scans without having a clue of what you are speaking about. Please research iris scans. Fingerprinting is not the most accurate biometric. Facial recognition is the biometric of choice. You may want to read ICAO 9303, volumes 1, 2 and 3. I know you have no understanding of AAMVA so I would not expect you to know why what is being done is being done or who is promoting the policies. I know you may not believe it but the public needs facts. I have testified in many states on subjects say you are an expert on. What scares me is people actually probably do hire you as an expert. I recommend that you learn what a unique identifying number is before you speak about Enhanced Driver's Licenses and RFID technology. DHS is not the only agency responsible for EDL's. You may want to learn more about WHTI. Also research the State Department's involvement in EDL's. I will provide my name and a site for people to become informed based on fact not speculation. Co-Founder Stop Real ID Coalition. Mark Lerner

Click and type in a question or comment

Comment: I heard an official of Homeland Security say on national TV that Americans do have a right to privacy, but we do not have a right to anonymity. One could argue that giving up my anonymity requires that I give up my name, my address, my SSN, and the state of my bank account, the state of my gall-bladder, my firstborn's name and whereabouts, and more. Where is any privacy left?

Response: We think that the Department of Homeland Security is not the place to get advice about your right to privacy, any more than Privacy Journal would purport to give advice about terrorist threats. In fact, law cases show that Americans have both a Constitutional right to privacy and a right to anonymity. See: "The Law of Privacy Explained," available from us on this Web site ("Books").

I find it ironic that on a Web site for "privacy," there are "500 names, address, phone numbers, and Web sites of the top experts and organizations in the field of personal privacy" for sale.

Response: We appreciate your sense of irony. You are referring to our Directory of Privacy Professionals, listed for sale at "Books." In fact, the right to privacy covers matters that are personal, intimate, and sensitive to an individual, not his or her professional affiliations. And, imagine a world in which only matters that a person consents to may be reported, published, listed, or commented upon!

Question: Have you published any recent articles regarding "use of SSNs as patient identifiers"?

Response: Yes, our newsletter covered the debates over whether to make that patient number the SSN or parts of the SSN. Ask us for three back issues (at $10 each).

Congress in 1996 decreed that there should be a unique ID number for each patient, to ease processing of health information in a national network. In the end, Congress enacted another law essentially freezing any action on a patient identifier if it involves all or part of a patient's SSN. There has been no action on this since 2001.

Question from Springfield, Mass.: I appreciate very much the necessary service that you provide. In my student debate research I've been unable to find published material supporting a very necessary claim. It is affirming the resolve that: Individual claims of privacy ought to take precedence over competing claims of societal welfare. The actual contention is, that in the most real sense, no harms are inherently caused by the individual's claims to privacy, in actuality, the harms society commonly associates with privacy are subsequent to much larger and specific sociological injustices...(or something like that). For example, 9/11 and incidents like it could not have, nor ever really could be ratified by being more imposing in terms of security standards affecting privacy, because their cause is completely independent of privacy, which is the perception of the US to religious sects such as the Taliban. I know that solutions like this are considerably impractical, but as an ideal, I believe that it is true nonetheless. I think this is a very good argument that needs to be introduced into the debate, however, I can be guaranteed little to no success if I don't support it with the stamp of an expert and/or professional. Can anyone help me prove this claim more conclusively, either by simply rendering it with your own views as to whether or not it is right or wrong, or stating so if you agree with it, or in any other way? Any response offered will be hugely appreciated.

Response: Our belief is that personal privacy is essential for mental health – and for public health. It’s a human craving at some level, and essential for an individual to develop fully, in order to take intellectual and emotional risks, to experiment, to “let go” without accountability or embarrassment so long as no one is victimized, to grow as a person. Thus, any successful society must foster a sense of privacy, especially a democracy, if it wants to develop strong citizens and a strong culture.

Even military and law-enforcement people who are necessary to defend a society must be nurtured in a culture that allows them privacy, autonomy, and intellectual growth. Societies like Orwell’s 1984 don’t develop creative people. Ultimately, such societies are more vulnerable to external threats, like terrorism. People in them are narrow-minded, fearful, and vulnerable.

An additional consideration is that there is a lot that a society can do to protect itself from terrorism and external threats without ever threatening the privacy, autonomy, and dignity of its own citizens. Dispelling the hatred in much of the Arab world is one. We can also secure cargo in airplanes; secure cockpits; add tracking “taggants” to fertilizer, weapons, and other substances used as instruments of terror; secure office and hotel buildings more than we do; pre-interview air passengers; cease American support for sects that later turn against the U.S. as terrorists; establish personal identity, where necessary and relevant, by means other than relying on paper or plastic documents; instruct and encourage citizens to protect themselves and recognize terrorist patterns in the U.S.; perhaps add air marshals to commercial flights (there are currently fewer than 3500 air marshals to protect 35,000 daily flights); keep personal information about U.S. citizens out of the hands of terrorists (and therefore off the World Wide Web); protect computer networks against terrorism. None of these threatens privacy.

Most of the “security” precautions since 2001 are mere window dressing. They insult our own citizens and do nothing to track potential terrorists or to keep them away from likely targets.

* * *
i'm robert ellis smith's son, ben, and i wrote the "child's introduction to intrusive bureaucracy". [PJ May 04] i'm bored and in school so i'm checking out this website.

* * *
Question: What can citizens do to encourage their state government to step up when it comes to issues of personal information? As a citizen of a state in your last tier, it is disappointing to me that this is held in such small regard...

Response: Start with a well placed state legislator, either a representative or senator from your area or the chair of the judiciary or government oversight or consumer affairs committee in either house. Sit down with that person and articulate your concerns, provide literature and Web sites about the issue. Then motivate public-interest groups with regular access to the state legislature so that they follow up with meetings and mailings to that member. Then engage a few other members and point out that your first contact is engaged. Perhaps arrange a joint meeting of your new recruits in the state legislature and review with them Privacy Journal's rankings and our criteria, found at ADVOCACY on this Web site. In addition, arrange a speech for your primary legislator so that he or she is forced to gather thoughts about privacy and come up with a legislative agenda. And keep us informed of your progress. - RES

Send us your questions here and we'll answer them.

* * *
Do you permit other Web sites to link to yours?

Response: Do we have a choice? Is there a way to prevent other sites from linking to ours? (We in fact welcome credible Web sites to link to ours.)

* * *
Do you still publish a list of actions that celebrities should take to maintain their privacy to the highest degree possible? I remember reading about this in 1999.

Response: Not quite. Our Celebrities and Privacy describes lawsuits brought by celebrities to protect their physical privacy and the commercial rights to their personalities. Also, it includes comments by celebrities who have successfully protected their personal privacy. It is still available, for $16.50 from Privacy Journal. This has been a popular item among celebrities who are increasingly concerned about their vulnerability.

Send us your questions here and we'll answer them.
What are your rights? How to create a privacy policy? Where can you find help? How does certain technology function? What's ahead for the FBI, Department of Defense, or the airport near you?

* * *
Comment: Pretty timely Web site. How long have you been around?

Response: PJ was founded in 1974 - same year as People magazine. Before email, before the Internet, before city-wide TV monitoring, before automated telemarketing, before biometrics, before camera surveillance. We have had a Web site since 1991.

* * *