Comments of the Privacy Rights Clearinghouse and the Electronic Frontier Foundation to the U.S. Department of Justice
Office of General Counsel
Executive Office for United States Trustees
901 E Street, NW Suite 780
Washington, DC 20530
Re: Comments on Study of Privacy Issues in Bankruptcy Data
Dear Leander Barnhill:
The Privacy Rights Clearinghouse and the Electronic Frontier Foundation are pleased to respond to the Survey conducted by the Department of Justice, Department of the Treasury, and the Office of Management and Budget (the "Study Agencies") regarding the intersection of bankruptcy law and privacy issues.
The Privacy Rights Clearinghouse (PRC) is a nonprofit consumer information and advocacy program based in San Diego, California. It was established in 1992, and since that time, we have counseled thousands of consumers on a variety of privacy-related issues. Issues include identity theft, credit reporting, telemarketing, "junk" mail, Internet privacy, medical records, and workplace issues. The PRC responds to consumers through a hotline, written guides and a web site that is continually updated to include testimony given by the PRC in both state and federal forums on pending privacy legislation and administrative policy. See www.privacyrights.org.
At the core of the PRC's information and education program is the belief that all individuals have the right to control how their personal information is disseminated and used. This right is particularly important when the information at stake is personal financial information. This right to privacy should not be surrendered simply because of unfortunate circumstances that lead an individual into bankruptcy court. While the loss of control over personal information can be viewed in various ways with any number of results, the crime of identity theft is a most tangible result of the unfettered flow of personal information. For that reason, our comments are directed primarily toward this crime, although, as we later discuss, easy access to sensitive information will also make vulnerable debtors easy targets for a variety of scams.
Before responding to some of the specific questions posed in the survey, it seems appropriate to share some important facts on the increasing crime of identity theft, which is certain to be fueled by easy, on-line access to personal financial information such as that required in connection with bankruptcy proceedings. First, the variations on identity theft are limited only by the imagination of the thieves involved. It occurs when someone uses bits and pieces of personal information about an individual, often the Social Security number, to represent him or herself as that person for fraudulent purposes.
The thief may use personal information to obtain a credit card, a loan, open utility accounts, rent an apartment or even to complete major transactions such as purchasing a car or a home. Based on information obtained from a 1998 U.S. General Account Office report ("Identity Fraud," Report No. GGD-98-100BR, 1998, p.40, www.gao.gov) and the Trans Union credit reporting agency (CRA), the PRC estimates the number of victims of identity theft this year alone to be 500,000 to 700,000. [Sept. 2003 Update: Recent surveys show there are currently 7-10 million victims per year, greatly exceeding our earlier estimates. For more information, www.privacyrights.org/ar/idtheftsurveys.htm.]
A recent study conducted by the PRC in coordination with the U.S. and California consumer organizations U.S.PIRG and CALPIRG (Public Interest Research Groups) describes many of the problems and frustrations experienced by victims of identity theft. This study is available through the PRC web site at www.privacyrights.org/ar/idtheft2000.htm. As the study notes, victims of identity theft often spend years restoring their financial health, and in extreme cases, victims are astonished to learn that they have criminal records because an identity thief has committed crimes in the victim's name.
The Electronic Frontier Foundation (EFF) is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression, privacy, and openness in the information society. EFF is a member-supported organization and maintains one of the most-linked-to Web sites in the world. See www.eff.org.
We join PRC in submitting these comments to highlight that bankruptcy proceedings are yet another area in which the law has failed to protect against threats to an individuals privacy in their personal information once that information has been transferred to a database and made available electronically. EFF therefore will comment specifically on the threats to privacy once personal information is made available on the Internet as well as the threats that storage of personal information in databases can create.
In response to specific questions posed by the Study Agencies, the PRC and EFF offer the following comments:
(1.5) Are certain types of data more sensitive than others; that is, are there types of data in which debtors would have a stronger privacy interest? If so, which ones?
Social Security numbers (SSNs), credit card numbers, loan account numbers, dates of birth, and bank account numbers represent a gold mine to dishonest individuals as well as the rising number of organized criminal enterprises and gangs that specialize in systematic identity theft.
As previously noted, the Social Security number is the piece of personal information most commonly associated with identity theft. Our experience has shown that a thief, with access to no more than an individual's Social Security number, can obtain a driver's license, open a new credit account, apply for a loan, and/or obtain a copy of the victim's credit report.
A thief with access to only one or two bits of personal information can easily use one successful instance of fraud, such as obtaining a driver's license, to acquire a collection of credit cards and bank accounts in the name of an unsuspecting victim. The frauds are often made easier due to the willingness of banks and credit card companies to change an address without independent verification. The circumstances we have described and our experience, we believe, illustrate just how easy it now is to assume the identity of another for fraudulent purposes. Still another online resource for thieves in the form of electronic bankruptcy information could only add to the ever-growing number of victims of identity theft.
Many of the federal bankruptcy courts make their documents available on the Internet now and at no charge. The SSNs of those individuals who file for bankruptcy are displayed in full on many of these web sites. This sensitive information should be redacted because of the risks of identity theft and other types of fraud to which these individuals are exposed. See, for example, www.caeb.uscourts.gov. Click on "Case Information," then "New Case Filings," and then select any date. You will see complete names and SSNs displayed.
As an aside, you might think that individuals who file for bankruptcy would not be at risk for identity theft because of their poor credit histories. But the PRC has talked with many individuals who have negative credit reports who have been victims of identity theft.
(1.6) How valuable is the information in the marketplace?
The sale of personal information in the form of so-called "credit headers," directed marketing lists and pre-approved credit lists has long been big business. The widespread use of the Internet has meant that virtually anyone can anonymously obtain the most personal details of an individual's life without limitation on how the information is used.
As the Study Agencies are no doubt aware, personal bankruptcy information is already available online from companies that specialize in selling lists and individual personal information derived from public bankruptcy records.
- One such company, National Bankruptcy Information, www.bkauthority.com, claims to be able to find "any document with the original case file" which it then "compiles [into] one large database."
- Two other companies also offer, again to anyone, lists of people who have filed for personal bankruptcy. One of these companies, International Technologies, Inc. (www.inft.net) claims its "Financial Hardships" database is "an excellent source for marketing leads."
- A third company, Discreet Research, Inc., www.discreetresearch.com, as well as International Technologies, Inc., offers a number of items of personal information about bankruptcy petitioners, including Social Security number.
There are many more such companies, and ease of access through online availability of entire bankruptcy files will surely increase the number of companies profiting from the sale of personal financial information.
Highly personal information such as that contained in bankruptcy schedules would no doubt be valuable to so-called "legitimate" information brokers and would likely result in annoying but relatively harmless intrusions in the form of increased "junk" mail and unsolicited telephone calls. More problematic, however, is the almost certain prospect that easy online access to personal bankruptcy information will prove a bonanza for identity thieves, unscrupulous telemarketers and fraudulent credit repair services. Other scams directed solely at those in desperate financial straits include the foreclosure scam, described in all its variations by the U.S. Government's Bankruptcy Foreclosure Scam Task Force (www.usdoj.gov/ust/fs03.htm). Such scams victimize not only the debtor but the bankruptcy courts as well by clogging the system with fraudulent filings.
3.A. Public Record Data
(3.6) Is there certain information that need not be made available to the general public, but could be made available to a limited class of persons?
The PRC and EFF recognize the long-standing principle that the public interest is served by open court proceedings, and that, in fact, public disclosure of bankruptcy proceedings is mandated by statute. However, we can conceive of no public interest to be served in a system that would readily subject individuals in bankruptcy to identity thieves and unscrupulous marketing. Access to an individual's personal information is obviously required in order for court personnel and bankruptcy trustees to do their jobs. But, access beyond this necessity to Social Security numbers, bank account numbers, credit card numbers and other personal information on the Internet would seem to be an invitation for abuse.
(3.8) Is there a need to make the following data elements publicly available: (a) Social Security numbers, (b) bank account numbers, (c) other account numbers?
No. See comments to question (3.6) above. Any argument that could be made in favor of a public interest in this very personal type of information would be far outweighed by the potential harm that would be done by making the information widely and easily accessible to anyone.
3.B. Non-Public Data
Neither PRC nor EFF is fully familiar with the work of bankruptcy trustees. However, as discussed further in (4.8) and (4.9) below, we believe easy online access to such records as tax returns and reports of investigation mentioned by the Surveying Agencies as information likely to be maintained in the files of bankruptcy trustees has the potential for serious harm to debtors and others as well.
4.A. Public Data
(4.1) Do debtors have privacy interests in information contained in public record data made available through the bankruptcy courts? If so, what are those interests? Do they vary by data element? If so, how?
The noble principle that fairness to all who come before the courts is best achieved through open proceedings, when coupled with technology and easy access to personal account and other information, has the unintended consequence of being not only unfair but potentially destructive. The end objective of bankruptcy court is, of course, to help restore the debtor to financial health and not to strip the debtor of all interests, including privacy, enjoyed by others. As we have said, the type of highly personal information at issue here, although now publicly available but difficult to obtain, will certainly prove a gold mine to criminals if and when access becomes effortless.
4.B. Non-Public Data
(4.8) What, if any, privacy interests lie in non-public data held by bankruptcy trustees?
The Surveying Agencies cite tax returns, investigations about wrongdoing and a debtor's payments to creditors as examples of the kinds of information maintained in the files of bankruptcy trustees. First, a person's tax return is one of an individual's most private documents. The Internal Revenue Service closely guards the privacy of taxpayer information to the extent that access to even IRS employees is only available on a need-to-know basis. A bankruptcy trustee's files made in connection with an investigation of wrongdoing would no doubt contain even more personal information about the debtor that would not otherwise be accessible to anyone.
Furthermore, an investigative file might also disclose the names of people interviewed during the course of the investigation and thereby infringe on the privacy interests of people other than the debtor. An investigative file would be likely to include conclusions and recommendations that may never ultimately be sanctioned by the courts. Public access to a debtor's record of payments under Chapter 13 bankruptcy just simply adds more unnecessary detail for those who have no need to know.
(4.9) If non-public data were made widely available to the public or to creditors for other non-bankruptcy purposes, what might be the consequences?
The consequence of widely available non-public data maintained in bankruptcy trustee files would be the same as that discussed in our answer to (1.5) above. Given the sensitivity of information that could be included in non-public data, we would expect this to result in increased instances of identity theft, increased contacts of debtors by unscrupulous marketers, increased contacts by fraudulent credit repair services, and an increase in other schemes such as the foreclosure scams.
(4.10) Are privacy interests affected if the distribution of non-public data bankruptcy information is for profit?
Yes. As soon as profits become involved, consumers will surely see a loss of privacy with regard to their financial records. As discussed previously in Section 1.6, personal information is quite valuable to marketers. Personal information is often used to create profiles of individuals and the more information that is added to an individual's profile (see Section 5.1 and 5.2 for details), the more that individual is pigeon-holed into a particular demographic - rightly or wrongly. Bankruptcy information will be one more data-point.
Compounding the problem is that data collectors often view consumer data as their own -- and treat it accordingly. Access to information in profiles then becomes an issue. For example, during the discussions at the Federal Trade Commission's Advisory Committee on Online Access and Security, many of the marketers present felt that it was proper to limit access to consumer information by consumers. In fact, the most restrictive view of the panel would only allow access to personal information collected if the record itself could be changed.
5.0 What is the effect of technology on access to and privacy of personal information?
As discussed in our comments to question (1.6) above, personal information is a valuable commodity. This is evident from the number of companies that offer online sales of compilations of personal information characterized as mailing lists, lead lists, or marketing lists. And, again, there are already a number of companies that sell compilations of personal information specifically obtained from public court files in bankruptcy cases. However, as far as we have been able to determine, such companies offer Social Security numbers but not yet information about credit card or bank account numbers.
If bankruptcy and trustee files are available online to the general public, there should be some limitations on the types of information generally available. The public interest in open court proceedings as well as the privacy interests of debtors could both be served by limiting access to sensitive information to trustees and court personnel directly engaged in the administration of bankruptcy cases. This could be accomplished by use of passwords or other means to enable those with legitimate access needs to obtain the full text of the bankruptcy documents. For wider public access, the bankruptcy record should be limited to a digest of the key data elements. The full text of the documents should not be available via the Internet to the general public for reasons explained in previous sections.
(5.1) Do privacy issues related to public record data in bankruptcy cases change when such data are made available electronically? On the Internet? If so, how?
Privacy issues regarding public records become magnified as more and more personally identifiable data are made available on the Internet because the availability of such data allows for more extensive profiling of individuals. Profiling allows corporations to create detailed dossiers about individuals' lives, which can lead to creation of markets for secondary uses of that information that the consumer could never have imagined. Few consumers realize the long-term privacy implications of these profiling practices.
Companies have been constructing very detailed profiles about their customers, storing the information they collect in databases where the information can be analyzed and merged with other databases. Bankruptcy information would be just one other category of information to be used in this way.
We are concerned that sharing and selling of personal information, including the additional data elements needed for the administration of bankruptcy proceedings and any resulting profiles based on that information, can have detrimental effects regarding activities that we take for granted in a free society, particularly in the area of free expression. Up until recently, we have had the freedom and ability to read and seek out information without being constantly monitored and identified. Now, pieces of information that had little meaning when viewed separately are now being aggregated, resulting in extensive profiling of individuals.
For example, the merger of companies Doubleclick and Abacus has given the new single company the ability to merge the online advertising database of one company with the offline direct marketing database of the other, thus marrying the offline and online behaviors of consumers into one database. The profiles created from information in the new database show a much more detailed view of individual consumer behavior than either of the separate databases could have shown alone.
Adding the personal information found in the public records from bankruptcy actions, including bank balances, income, and a detailed listing of assets, will only exacerbate the situation. Once consumers become informed of the extensive abilities of corporations to gather and profile consumers' online habits, including records that indicate their level of "financial health," consumers may be less likely to visit particular web sites, engage in e-commerce, or post to newsgroups, particularly if there are negative consequences, such as a potential employer gaining access to that profile and making hiring or firing decisions based on the contents.
The dangers of profiling are well expressed by Jeffrey Rosen, professor of law at George Washington University and author of The Unwanted Gaze: the Destruction of Privacy in America (Random House, 2000, p. 115):
Privacy . protects us from being objectified and simplified and judged out of context in a world of short attention spans, a world in which part of our identity can be mistaken for the whole of our identity.
(5.2) Do privacy interests in non-public data change when such data are compiled electronically for ease of administration of bankruptcy cases? For commercial use? For other use?
As personal information finds its way into more and more commercial and governmental databases, the less individuals are able to control who has access to their personal information.
Creation of new databases
Easing the administration of bankruptcy cases may necessitate the creation of a new database containing the data elements necessary for the administration of those cases. The resulting databases will necessarily contain sensitive personal information about individuals that go through a bankruptcy proceeding. The information kept in the database would include both public and non-public information including bank accounts, credit card account numbers, Social Security numbers, and tax records.
We have noted the increased creation of national databases with little public accountability and few privacy protections. The Federal Bureau of Investigation (FBI) is scanning all of its paper fingerprint cards to create digital images and feeding them into the National Crime Information Center (NCIC) computer, which gets over two million queries a day. Attorney General Janet Reno would like to add DNA samples of anyone arrested to the NCIC database. The Federal Aviation Administration (FAA) has recently issued regulations that require the airlines to create profiles of everyone who flies to determine if a particular flier fits the profile of a terrorist. U.S. Postal Service (USPS) regulations also necessitate the creation of a new database to track those who use a Commercial Mail Receiving Agency (CMRA) as well as the CMRA itself. The proposed medical records rules under the Health Insurance Portability and Accountability Act (HIPAA) would also create a new national database. Information that is collected in a database to help in the administration of bankruptcy cases could be matched or added to any of these existing databases, thus adding to the profile of the individual.
There are some privacy protections associated with some of the above databases, particularly with the HIPAA, but they are generally weak. Without proper safeguards and enforcement, information collected for the ease of administration is also likely to find its way into corporate databases resulting in unintended uses of the information without the knowledge or consent of the individual. The general information at the beginning of the Federal Register notice itself states that "In addition, some trustees and creditors are considering compiling information contained in bankruptcy records electronically for easier administration of bankruptcy issues in which they have a claim. They may also envision some possible commercial use."
We therefore believe that the privacy interests in non-public data are threatened by the creation and use of these databases. Individuals continue to lose control over this information particularly when a corporate entity is involved.
6.0 What are current business or governmental models for protecting privacy and ensuring appropriate access in bankruptcy records?
A starting point when considering privacy protection is always the "fair information principles," or FIP. Several versions of the Fair Information Practices have been developed, starting in the early 1970s. We prefer the principles developed by the Organization for Economic Cooperation and Development (OECD) in 1980. (www.oecd.org) The eight OECD FIP criteria are: collection limitation, data quality, purpose specification, use limitation, security, openness (notice), individual participation, and accountability.
We also prefer the FIPs developed by the Canadian Standards Association (CSA). These closely parallel the OECD Principles and the European Union Data Protection Directive. The CSA code contains these principles: accountability, identifying purposes, consent, limiting collection, limiting use-disclosure-retention, accuracy, security safeguards, openness, individual access, challenging compliance.
The Federal Trade Commission (FTC) has developed an abridged version of five FIPs. These are: notice, choice, access, security, and enforcement.
While "choice" regarding data use may not be workable in the context of public bankruptcy cases, as a minimum a published "notice" of the "routine uses" of personal information such as that required by the federal Privacy Act, 5 U.S.C. §552a, would advise bankruptcy debtors of the ways personal information could be legitimately used.
Debtors should also be given notice of the fact that information may be obtained, either online or by examining public court files, for commercial purposes by companies in the business of selling personal information. Public agencies should be required to provide a list of all the commercial information brokers to whom they sell bankruptcy records. If the debtor learns of errors in the documentation, he/she can locate the information brokers who have obtained the record in order to notify them of the errors.
In addition, information brokers should be required to keep records of the customers who obtain bankruptcy records on specific debtors. They too must be notified if they have obtained erroneous records. This is especially critical in cases of identity theft. Such record-keeping and error-correction provisions might need to be mandated by federal law, necessitating amendments to the Fair Credit Reporting Act (15 U.S.C. § 1681). The ability to trace who has accessed such records is part of the Fair Information Principle of "accountability."
We recognize that the judicial branch of government is not subject to the Privacy Act or the FIPs. We suggest only that these principles be used as a model to protect personal financial information in otherwise public documents.
A useful discussion of the Fair Information Principles can be found in an April 5, 2000 report, "Privacy Design Principles for an Integrated Justice System." This report was prepared by the Office of the Ontario [Canada] Information and Privacy Commission in collaboration with the U.S. Department of Justice, Office of Justice Programs. (http://www.ojp.usdoj.gov/archive/topics/integratedjustice/pdpapril.htm)
7.0 What principles should govern the responsible handling of bankruptcy data? What are some recommendations for policy, regulatory or statutory changes?
See response to Questions 5.0 and 6.0 above.
The PRC and EFF appreciate the opportunity to comment on some of the questions raised by the Study Agencies. We commend the Agencies' recognition of the inherent contradictions in having the Government safeguard an individual's personal information in one context when considering that same information is easily available to any member of the public in another context.
Director, Privacy Rights Clearinghouse
3100 - 5th Ave., Suite B
San Diego, CA 92103
Research Director, Privacy Rights Clearinghouse
Staff Attorney, Electronic Frontier Foundation
1550 Bryant St., Suite 725
San Francisco, CA 94103
(415) 436-9333 x106