19 minute read

Privacy

Legislation



In addition to the constitutional and common-law principles that offer protection of privacy interests, a host of statutes and regulations have been passed to define privacy in a variety of contexts. State and federal legislation regulates the circumstances under which information from financial, educational, and government records can be revealed. State and federal legislation also prescribes the conditions under which employers may subject their employees to drug testing. Federal laws strictly limit the use of electronic surveillance in both the public and private sectors.



Congress passed the FAIR CREDIT REPORTING ACT of 1970 (15 U.S.C.A. § 1681 et seq.) to prevent unreasonable and careless invasions of consumer privacy. The law permits employers, lenders, and other persons to obtain a copy of an individual's credit report for a legitimate business purpose. However, businesses may not request a credit report unless it is related to a transaction initiated by the consumer, such as a job interview or bank loan.

Commercial entities may not use credit reports for the purpose of marketing. Nor may a person or entity obtain a credit report through the use of FALSE PRETENSES, fraud, or misrepresentation. The statute authorizes consumers to review the information contained in their own credit reports and challenge inaccuracies. Credit bureaus have an obligation to correct any inaccuracies within a reasonable amount of time after learning of them.

The PRIVACY ACT OF 1974 (5 U.S.C.A. § 522a) requires the federal government to use fair practices in the collection and use of information about U.S. citizens and is designed to prevent federal agencies from disclosing certain personal information contained in their records. In general, federal agencies may not release government records without first obtaining consent from the persons who are referred to in the records. Every individual maintains the right to inspect federal agency records, correct mistakes, and add important details. In the event that an individual's right is infringed under this law, he or she can sue the federal government for money damages or a court order directing the agency to obey the law.

Do DNA Databases Violate Privacy?

All 50 states and the federal government maintain DNA databases of certain convicted criminals. DNA, or deoxyribonucleic acid, is the chemical that reveals a person's genetic makeup. A database containing the DNA of convicted criminals helps law enforcement find and identify repeat criminal offenders. Prior to 1998, the federal DNA database and the state databases were not completely integrated, so sharing DNA information between the states was not an easy task.

In October 1998, the FEDERAL BUREAU OF INVESTIGATION (FBI) began operating a nationwide DNA database called the National DNA Index System, under the DNA Identification Act of 1994 (Public Law 103 322). The system consists of the DNA databases from all 50 states and the FBI's own DNA database. As of 2003, it contained approximately 1.3 million DNA samples. The national database makes it possible for law enforcement officials in one state to compare DNA found at a crime scene with DNA samples that exist in the DNA databases of other states. When the national DNA database was installed, FBI director Louis Freeh predicted that it would be of great value to city, county, state, and federal law enforcement agencies if they work together to apprehend violent criminals.

The national DNA database in the United States is similar to the one that has been used in England since 1995. In Great Britain, the empire-wide DNA database includes DNA samples from crime scenes, from anyone convicted of a crime, and from persons who are suspects in unsolved cases. The Police Superintendents Association in England has even proposed obtaining DNA samples from every person in England. There is no plan in the United States for such widespread DNA gathering.

Who, then, should be required to provide a DNA sample? This question comes up again and again concerning the use of, DNA databases. Almost all states require that persons convicted of serious SEX OFFENSES give a DNA sample upon their conviction. However, the states differ on whether to mandate DNA profiling of all violent felons, persons paroled from jail, and juvenile offenders. And what about an individual who is on PAROLE for a past crime? Should he or she be required to retroactively provide a sample? A national DNA database may be a boon for law enforcement personnel, but it raises concern over protection of privacy.

In March 1999, U.S. Attorney General JANET RENO requested that a federal commission look into the possibility of requiring all arrested persons to give a DNA sample. In 2003, the GEORGE W. BUSH administration backed the proposal. The administration also pushed to require DNA samples from juvenile offenders. The notion that a person may be required under federal law to give a DNA sample based on the mere suspicion of criminal activity is chilling to civil libertarians. The FBI, however, insists that DNA EVIDENCE is the future of law enforcement and that the national database has already resulted in a number of successes. As of 2002, over six thousand DNA samples had been matched to unsolved crimes. The FBI is also quick to point out that the DNA database is a secure system, and that all users, including researchers, are required to undergo background checks.

Other proponents of the national database herald the coming of a national DNA database for its exculpatory potential. A person may easily be eliminated as a suspect through DNA evidence and, in some cases, DNA evidence can prove a convicted defendant innocent, which results in freedom and true, albeit tardy, justice. Opponents of a comprehensive national DNA database concede that DNA evidence can be exculpatory, but groups such as the AMERICAN CIVIL LIBERTIES UNION (ACLU) are gearing up for a legal battle that will almost certainly reach the U.S. Supreme Court.

FURTHER READINGS

Kaye, David, et al. 2001. "Is a DNA Identification Database in Your Future?" Criminal Justice 16 (fall).

Puri, Allison. 2001. "An International DNA Database: Balancing Hope, Privacy, and Scientific Error." Boston College International and Comparative Law Review 24 (spring).

Webster, Warren R., Jr. 2000. "DNA Database Statutes and Privacy in the Information Age." Health Matrix 10 (winter).

Similarly, the FREEDOM OF INFORMATION ACT (5 U.S.C.A. § 552 [1996]) contains limitations on the disclosure of agency information when such disclosure would constitute a "clearly unwarranted invasion of personal privacy." In most other instances, the Freedom of Information Act guarantees the right of Americans to request a copy of any reasonably identifiable record kept by a federal agency. However, the U.S. government may refuse to disclose certain sensitive information that relates to national security, foreign policy, or other classified areas. Persons who have requested information and been denied may challenge the decision in court. The Freedom of Information Act serves the twin purposes of protecting private and classified documents from disclosure while requiring the uninhibited exchange of all other information that is consistent with an open society and a democratic government.

In 1974, Congress enacted the Family Educational Rights and Privacy Act (20 U.S.C.A. § 1232g), which gives parents the right to examine the scholastic records of their children. The act broadly defines scholastic records to include all records, files, documents, and other materials containing information directly related to a student that are maintained by an educational agency or institution. The act permits only certain individuals to have access to student records, including other institution officials who have a legitimate scholastic interest in the records, such as teachers, principals, and student loan officers. Otherwise, a school must obtain consent from the student or parent before disclosing any information contained in an educational record. The Family Educational Rights and Privacy Act applies to all public schools, including COLLEGES AND UNIVERSITIES, and to private schools that receive federal funding.

The Right to Financial Privacy Act of 1978 (12 U.S.C.A. § 3401 et seq.) entitles bank customers to a limited expectation of privacy in their financial records by requiring that law enforcement officials follow certain procedures before information can be disclosed. Unless a customer consents in writing to the disclosure of his financial records, a bank may not produce such records for government inspection unless ordered to do so by an administrative or judicial subpoena or a lawfully executed SEARCH WARRANT. Other formal written requests for bank records may be granted if they are made for a legitimate law enforcement purpose. The Right to Financial Privacy Act applies to credit unions, trust companies, and savings and loan institutions.

The Omnibus Crime Control and Safe Streets Act of 1968 (18 U.S.C.A. § 2510 et seq.) governs the use of electronic surveillance in both the public and private sectors. In the public sector, the act outlines detailed procedures the federal government must follow before conducting any form of electronic surveillance. Pursuant to authorization by the U.S. attorney general or a specially designated assistant, federal law enforcement agents must make a sworn written application to a federal judge that specifically describes the location where the communications will be intercepted, the reasons for the interception, the expected duration of the surveillance, and the identity of those persons whose conversations will be monitored. The judge must then review the surveillance application to ensure that it satisfies each of the statutory requirements and establishes PROBABLE CAUSE to justify electronic eavesdropping.

The Omnibus Crime Control and Safe Streets Act governs the use of electronic surveillance in the private sector as well. The act prohibits any person from intentionally using or disclosing information that has been knowingly intercepted by electronic or mechanical means without the consent of the interested person. Nearly 70 percent of all reported WIRETAPPING involves DIVORCE cases and custody battles. Often, divorcing spouses, attempting to obtain embarrassing or discrediting information against one another, plant recording and listening devices throughout the marital home. Although most federal courts have ruled that the Omnibus Crime Control and Safe Streets Act applies to interspousal electronic surveillance, some courts have created a spousal IMMUNITY from civil liability under the act in an effort to preserve any remaining remnants of marital harmony.

The Omnibus Crime Control and Safe Streets Act also governs the use of electronic surveillance in the area of employment. A number of employers videotape employee movement throughout the workplace, search employees' computer files, monitor their telephone calls, and read their electronic mail. Courts have generally permitted employers to engage in such surreptitious snooping so long as it serves a legitimate and significant business purpose.

In the rest of the private sector, the Omnibus Crime Control and Safe Streets Act applies to information intercepted from telephone satellite unscrambling devices, cellular telephones, and pagers, as well as from traditional forms of electronic surveillance, such as telephone taps, microphones, and other bugging devices. However, the act does not cover information intercepted from pen registers, which record the telephone numbers of outgoing calls, or caller identification devices, which display the telephone numbers of incoming calls, because neither captures conversations of any sort. In addition, the act does not apply to information intercepted by videotape. In a 2001 decision, Commonwealth v. Rekasie, 778 A.2d 624 (Pa. 2001), a Pennsylvania court held in a 4–3 decision that a defendant does not have a reasonable expectation of privacy in a telephone conversation from his home with a confidential police informant; therefore, the Commonwealth was not required to obtain a determination of probable cause before tape recording the conversation.

The Total Information Awareness (TIA) program is a federal program sponsored by the DEPARTMENT OF DEFENSE (DoD) designed to detect, classify, and identify foreign terrorists—and decipher their plans—and thereby enable the United States to take timely action to successfully PREEMPT and defeat terrorist acts. To that end, the TIA program states its objective as creating a counter-terrorism information system that: (1) increases information coverage by an order of magnitude and affords easy future scaling; (2) provides focused warnings within an hour after a triggering event occurs or an evidence threshold is passed; (3) can automatically queue analysts based on partial pattern matches and has patterns that cover 90% of all previously known foreign terrorist attacks; and (4) supports collaboration, analytical reasoning, and information sharing so that analysts can hypothesize, test, and propose theories and mitigating strategies about possible futures, so decision-makers can effectively evaluate the impact of current or future policies and prospective courses of action.

Critics of this program have been outraged that the government has implemented it. The DoD claims that it recognizes American citizens' concerns about privacy invasions and that it has certain safeguards in place to prevent this and to ensure that data are protected and used only for lawful purposes.

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT ACT, or USAPA), Pub. L. 107-54, 115 Stat. 272, introduced a plethora of legislative changes which significantly increased the surveillance and investigative powers of law enforcement agencies in the United States. The act does not, however, provide for the system of checks and balances that traditionally safeguards civil liberties in the face of such legislation. Legislative proposals in response to the terrorist attacks of September 11, 2001, were introduced less than a week after the attacks. President GEORGE W. BUSH signed the final bill, the USA PATRIOT Act, into law on October 26, 2001. The act was a compromise version of the Anti-Terrorism Act of 2001 (ATA), a far-reaching legislative package intended to strengthen the nation's defense against terrorism. The ATA contained several provisions vastly expanding the authority of law enforcement and intelligence agencies to monitor private communications and access personal information. The USA PATRIOT Act retains provisions appreciably expanding government investigative authority, especially with respect to the INTERNET. Those provisions address issues that are complex and implicate fundamental constitutional protections of individual liberty, including the appropriate procedures for interception of information transmitted over the Internet and other rapidly evolving technologies. The AMERICAN CIVIL LIBERTIES UNION and various library and booksellers' organizations filed suit in October 2002 under the Freedom of Information Act (FOIA) seeking the disclosure of information concerning implementation of the controversial USA PATRIOT Act. The lawsuit covered some of the information the JUSTICE DEPARTMENT withheld from the House Judiciary Committee in response to a set of detailed questions. A court ordered compliance with the FOIA; however, the government withheld many documents claiming national security interests. As of 2003, this controversy continued.

Genetic privacy has also been at issue in recent years. Cloning is a process by which cells are isolated from an organism through a biopsy and cultured under laboratory conditions. They grow and divide, producing new cells identical to the original cells. With the exception of sperm and egg cells, cloning from even a single cell of a mammal is possible because every cell in the organism contains a complete set of genes necessary to make an identical copy. Unlike artificial fertilization and other modern methods of conception, cloning requires just one parent. In July 2001, the House of Representatives passed the Weldon-Stupak bill, which criminalizes cloning in humans, whether for reproductive or research purposes. This bill was introduced in the Senate as the Brownback-Landrieu bill and was endorsed by President Bush. Senator Sam Brownback (R-KS) reintroduced legislation in 2003 that would ban all human cloning, including somatic cell nuclear transfer, also known as therapeutic cloning. The Human Cloning Prohibition Act of 2003 reintroduces language from Brownback's prior bill that ended in a Senate stalemate in the 107th Congress.

Alcohol and other drug testing is another form of employee surveillance that raises privacy questions in both the public and private sectors. Many legislators consider drug testing by urinalysis to be intrusive, and the practice has been regulated in at least 18 states. Three states require employers to demonstrate probable cause of illegal drug use before they can compel an employee to submit to urinalysis. Six states specify that employers can instigate drug testing only if they have reason to suspect an employee of illegal drug use. In general, however, no pervasive public policy against mandatory employee drug testing exists in either the public or private sector.

Drug testing in the workplace gained momentum in 1986 following a presidential commission report on drug abuse (America's Habit: Drug Abuse, Drug Trafficking, and Organized Crime). The commission recommended drug testing in both the public and private employment sectors. Based on this recommendation, President RONALD REAGAN ordered drug testing for federal employees in positions that require a high degree of trust and confidence (Exec. Order No. 12,564, 3 C.F.R. 224 [1986]). Guidelines promulgated by the DEPARTMENT OF HEALTH AND HUMAN SERVICES established scientific and technical requirements concerning specimen collection, laboratory analysis, and interpretation of test results for the federal drug-testing program.

In response to this federal impetus, employers have dramatically increased drug testing of employees. Many state laws now encourage private employers to periodically test their employees for illegal drug use, and many private employers have asked their state legislatures to pass drug-testing laws. In the public sector, however, the U.S. Supreme Court has ruled that random drug testing of government employees constitutes a "search" that must comply with the requirements of the Fourth Amendment before it may be deemed legal (National Treasury Employees Union v. Von Raab, 489 U.S. 656, 109 S. Ct. 1384, 103 L. Ed. 2d 685 [1989]).

The meaning of the term privacy changes according to its legal context. In constitutional law, privacy means the right to make certain fundamental decisions concerning deeply personal matters free from government coercion, intimidation, or regulation. In this sense, privacy is associated with interests in autonomy, dignity, and self-determination. Under the common law, privacy generally means the right to be let alone. In this sense, privacy is associated with seclusion. Under statutory law, privacy often means the right to prevent the nonconsensual disclosure of sensitive, confidential, or discrediting information. In this sense, privacy is associated with secrecy.

The privacy issues associated with genetics have led to various legal disputes. The lawsuits over genetic research and testing concern matters such as the taking of the blood or tissue; the use of the blood or tissue; the distribution of the blood or tissue; the use of previously acquired samples of blood or tissue to conduct new tests; and whether a gene can receive patent protection. One of the more emotional issues associated with genetic testing is the testing of persons without their consent. In Norman-Bloodsaw v. Lawrence Berkeley Laboratory, a research lab under the U.S. DEPARTMENT OF ENERGY was sued for secretly testing certain employees.

Norman-Bloodsaw began in 1994 when Marya Norman-Bloodsaw, a forty-one-year-old clerk in the accounting department of Lawrence Berkeley Laboratory, asked to see her medical records. When she inspected her records, Norman-Bloodsaw recognized the code for syphilis testing. Norman-Bloodsaw did not recall being told that she was being tested for syphilis, nor did she recall requesting such testing. At Norman-Bloodsaw's urging, several other employees consulted their own medical files and found that they too had been tested for genetic defects and other medical conditions without their knowledge or consent.

The secret testing seemed to establish a pattern of discrimination. Although the lab had tested all new employees for syphilis, African Americans and Latinos were re-tested for the disease. The lab also tested and re-tested its African American employees for sickle cell anemia, and women were tested regularly for pregnancy. White men were not re-tested for any diseases, except for white men who were married to black women who secretly tested for syphilis.

The lab testing by Lawrence Berkeley Laboratory allegedly constituted illegal discrimination and the violation of privacy rights. Vertis Ellis, a 47-year-old African American woman, for example, had been tested for sickle cell anemia and for pregnancy, but she had never requested the tests, authorized the tests, or received results from the tests. "I felt so violated," Ellis told U.S. News & World Report. "I thought, 'Oh, my God. Do they think all black women are nasty and sleep around?'" Norman-Bloodsaw, Ellis, and five other employees of Lawrence Berkeley Laboratories filed a CLASS ACTION suit against the lab, alleging violations of privacy and CIVIL RIGHTS.

Lawrence Berkeley Laboratory, the oldest research lab in the country, argued that it was not liable because the employees had all agreed to receive comprehensive physical examinations. A defendant in the case, Thomas Budinger, a former medical director of the lab, defended the testing of African-Americans for syphilis. "[T]hat's where the prevalence of the disease is," Budinger explained to Hawkins. "How come only people over a certain age would get an EKG? See the logic?" The laboratory also denied that the testing was done in secret. According to attorney Douglas Barton, the lab posted test results on a wall in the exam room. The plaintiffs in the case disputed that assertion, and they argued that they had not agreed to repeated testing without their consent, but the federal district court in San Francisco dismissed the case. According to Judge Vaughn Walker of the federal trial court in San Francisco, the tests were administered as part of a comprehensive medical examination to which [the employees] had consented.

The plaintiffs appealed the dismissal of the case to the Ninth Circuit Court of Appeals. In February 1998, the federal appeals court reversed the ruling and remanded the case for trial. Norman-Bloodsaw v. Lawrence Berkeley Laboratory, 135 F.3d 1260 (9th Cir. 1998). According to the appeals court, the testing violated constitutional privacy rights if the employees had not given their consent and there were no reasonable medical or public health needs that justified the testing. The testing also violated Title VII of the CIVIL RIGHTS ACT OF 1964 if the testing was conducted based on race and gender-specific traits. The appeals court put a stop to the testing and ordered the lab to delete all of the secret test results from the personnel files of the employees.

The Norman-Bloodsaw decision is important because it places some limits on the use of genetic testing of employees. Every year, genetic researchers are discovering new genetic predictors for diseases, and insurance companies may begin to base eligibility for their medical and life insurance policies on a person's genetic predisposition to diseases. If, for example, a person seeking insurance is genetically tested and found to have a predisposition for a fatal disease, the insurance company may wish to deny coverage.

State departments of motor vehicles (DMVs) require drivers and automobile owners to provide personal information, which may include a person's name, address, telephone number, vehicle description, SOCIAL SECURITY number, medical information, and photograph, as a condition of obtaining a driver's license or registering an automobile. Finding that many States sell this information to individuals and businesses for significant revenues, Congress enacted the Driver's Privacy Protection Act of 1994 (DPPA), which establishes a regulatory scheme that restricts the States' ability to disclose a driver's personal information without the driver's consent. In Reno v. Condon, 528 U.S. 141 (2000), South Carolina and its attorney general brought suit alleging that the DPPA violates the Tenth and Eleventh Amendments to the U.S. Constitution. Concluding that the DPPA is incompatible with the principles of FEDERALISM inherent in the Constitution's division of power between the States and the federal government, the district court granted SUMMARY JUDGMENT for the State and permanently enjoined the DPPA enforcement against the State and its officers. The Fourth Circuit affirmed, concluding that the Act violates constitutional principles of federalism. The Supreme Court ruled that the DPPA is a proper exercise of Congress' authority to regulate interstate commerce under the COMMERCE CLAUSE, U.S. Const., Art. I, §8, cl. 3. The motor vehicle information which the States have historically sold is used by insurers, manufacturers, direct marketers, and others engaged in interstate commerce to contact drivers with customized solicitations. The information is also used in the stream of interstate commerce by various public and private entities for matters related to interstate motoring. Because drivers' personal, identifying information is, in this context, an article of commerce, its sale or release into the interstate stream of business is sufficient to support congressional regulation.

Additional topics

Law Library - American Law and Legal InformationFree Legal Encyclopedia: Prerogative orders to ProhibitionPrivacy - Constitutional Law, Protecting Your Privacy, Common Law, Legislation, Do Dna Databases Violate Privacy?