Course:ARST573/Privacy

From UBC Wiki

One of the most important tasks archivists must face is to strike a balance between the individual’s right to privacy and the public’s right to access. Archivists are guided by both legislation and the professional ethics of their occupation. Balancing privacy and access often creates a number of challenges for archivists.

Focussing on privacy rights and concerns in both Canada and the United States, this page will identify the main issues of privacy in each of these countries and how archivists have attempted to mitigate these challenges.

Definition

Privacy refers to the “condition of being protected from unwanted access by others – either by physical access, personal information or attention.” [1]

History

Our modern conception of privacy is historically linked to the eighteenth century Enlightenment with the idea of “natural” rights. Natural rights were the essential elements needed for an individual to grow and be fulfilled in society. Privacy, however, was a right that was only articulated implicitly, rather than explicitly.

It was not until the nineteenth century that privacy emerged “as a right distinctive from other individual rights.” The first articulation of the right to privacy in the United States was made in 1890 by Samuel Warren and Louis Brandeis in an article entitled “The Right to Privacy [the implicit made explicit]”. Warren and Brandeis argued that the right to privacy was needed to protect individuals “against the unjustifiable exposure of their private affairs without their consent.” Privacy for the two authors encompassed both a legal and moral dimension, as the unauthorized release of an individual’s personal information could inflict pain and distress and may subject a person to bodily harm.

In the early 1970s further debates emerged about privacy. In the United States, the Privacy Act of 1974 laid out a set of principles to protect the privacy of individual’s through the collection of personal information and to “provide reasonable and enforceable expectations of confidentiality.”[2] Spurned by the passing of privacy legislation in the U.S., debates in Canada ensued to create similar laws at both the federal and provincial levels.

One of the key reasons for the creation of such legislation was the need to protect the privacy of individuals. “A joint task force of the Departments of Communications and Justice” was launched in 1972 to investigate the consequences posed by computers in data-matching and information retention. The investigation concluded that concerns existed for individual’s privacy and appropriate measures should be undertaken to prevent a privacy crisis. In 1977 the Canadian Human Rights Act was passed with a provision to protect individual personal information; however, it was deemed insufficient. In 1980 the recommendation to create privacy legislation was advocated by the Organization for Economic Co-operation and Development to all its members, of which Canada was one.

Closely associated with privacy concerns were issues regarding access. As early as 1967, a policy governing the transfer of government records to the National Archives was passed by Cabinet; along with a methodology governing access to those records. In 1973 access to legitimate researchers was codified with Directive No. 46; this directive was renamed the Access Directive in 1977. The terms of access under the Directive laid out that government records that were at least thirty years old could be made available to researchers. Documents less than thirty years needed departmental approval for access.

Further demands to expand access resulted in the draft of Bill C-43. The approval of Bill C-43 in June 1982 created the Privacy and Access to Information Acts.[3]

Canadian Privacy Laws

Federal

The Privacy Act

The Privacy Act was brought into effect on 1 July 1983. The obligations set out in the Act require that federal government departments and agencies must respect the privacy of citizens through limiting the amount of personal information collected, and the use and disclosure of such information. The Privacy Act also gives individuals the right to access their personal information and to request corrections regarding their information as held by the federal government. [4]

A provision within the Act allows personal information to be disclosed “to the Library and Archives of Canada for archival purposes.” The personal information collected by a government body can be transferred to the custody of Library and Archives Canada provided that the records are kept for “historical or archival” purposes. The personal information contained within a record (or set of records) can be disclosed to “any person or body for research or statistical purposes.”[5]

The Personal Information Protection and Electronic Documents Act

The Personal Information Protection and Electronic Documents Act (PIPEDA) was created in response to a growing concern by Canadian citizens and the international community to tighten the rules regarding personal information. PIPEDA was tabled in the House of Commons in 1998 as Bill C-54 to complement the existing Privacy Act. In 2000 it was made into law as Bill C-6.
[6]

Between 1998 and 1999 the Industry Committee held hearings on Bill C-54. Of the many groups held to testify, there was a small archival voice. “The Canadian Historical Association, the Association of Canadian Archivists, the Association des archiviste du Quebec, and the Institut d’historie de l’Amerique francaise feared that privacy legislation would affect the creation, preservation, and use of archival records for future generations of Canadians.” These groups called for exemptions in the interest of historical research and the care of archives. The archival community pressed upon the committee to look beyond the issue of privacy to take a broader look at the cultural consequences that could occur if too stringent a view of privacy was taken. Terry Cook “explained that without core records appraised by archivists for long-term retention as a continuation of their original purposes, then business itself, government, advocacy watchdogs, and citizens would not have the sources necessary for analyzing long-term trends, for holding government accountable, for protecting citizen’s rights, and for shaping our collective identities.”
[7]

PIPEDA is a rule-book for private organizations regarding the collection, use or disclosure of personal information for their business activities. The rules set out in PIPEDA apply to “federal works, undertakings and businesses” as it relates to the personal information of their employees. Individuals can access their personal information and have their information corrected via request.

PIPEDA applies to organizations in all provinces, except in provinces that have their own privacy laws that are substantially similar to the federal law. Provinces where the provincial privacy legislation is remarkable similar, the provincial law will be applied instead of PIPEDA.

PIPEDA allows an organization to disclose personal information without the consent or knowledge of the person to whom it applies if the information is being used for scholarly research or statistical purposes; or the information was “made to an institution whose functions include the conservation of records of historic or archival importance, and the disclosure is made for the purpose of such conservation”; or one hundred years has passed since the creation of the record; or twenty years have passed since the death of the individual with whom the information pertains to. [8]

Provincial

Personal Information Protection Act (Alberta)

The purpose of the Personal Information Protection Act (PIPA) is to regulate how the collection, use and disclosure of personal information by the private sector both respects the rights of individuals to have their personal information protected and the “need[s] of organizations to collect, use or disclose personal information for purposes that are reasonable.” The Act defines reasonable as the actions a reasonable person would take given the circumstances presented. Similar to the federal legislation, PIPA does not apply to personal information about an individual who has been dead for at least twenty years, or information that was collected in a record that is at least one year old. Also, any personal information that was transferred to an archival repository before the Act came into force and “where access to the record a) was unrestricted before the coming into force of this Act, or b) is governed by an agreement entered into by the archival institution and the donor of the record before the coming into force of this Act”, or following the enactment of PIPA records containing personal information was transferred to the archives and an access agreement exists between the donor of the record and the repository before the enforcement of this Act, is not subject to PIPA. The disclosure, collection and use of personal information is allowed if it is done for archival or research purposes “and it is not reasonable to obtain the consent of the individual whom the information is about”. [9]

Personal Information Protection Act (British Columbia)

The purpose in the creation of the Personal Information Protection Act is to recognize and protect the rights of individuals whose personal information is being collected, and the needs of organizations in the collection, use and disclosure of personal information, provided that it is done for reasonable purposes. The Act does not apply to information that is collected, used or disclosure for “journalistic, artistic or literary purposes”. Disclosure of personal information by an archival repository is permitted, provided that the information being disclosed does not contain too sensitive of materials about the individual being disclosed, the information is for historical research, the person has been deceased for at least twenty years, or the information contained within the record is at least a hundred years.[10]

Personal Health Information Protection Act (Ontario)

There are four purposes in the creation of the Personal Health Information Protection Act. First, to create a set of rules governing the collection, use and disclosure of personal health information that protects the confidentiality and privacy of individuals. Second, to provide access to individuals related to their health information. Third, to allow individuals the right to make corrections to their health information. Fourth, “to provide for independent review and resolution of complaints with respect to personal health information”. Lastly, to provide resolutions for violation to this act.

As it relates to Archives, the transfer of personal health information to an archive can occur provided that it is done by a “health information custodian”. A health information custodian is defined as either a person or organization “who has custody or control of personal health information”. This includes health care practitioners, health service providers, a person who operates a health care service, program or facility, a board of health medical officer, or “the Minister, together with the Ministry of the Minister if the context so requires.”[11]

Personal Health Information Privacy and Access Act (New Brunswick)

The Personal Health Information Privacy and Access Act sets out eight purposes in the creation of this Act. One, to provide individuals with the right to access their personal health information. Two, to provide individuals with the right to make corrections or amendments to their health information. Three, to set out a set of rules that govern custodians “collection, use, disclosure, retention and secure destruction of personal health information”, protecting the confidentiality and privacy of the individuals whose information it relates to. Four, to enable effective health care planning and management. Five, to ensure the accountability of persons who have custody or control over the personal health information of individuals. Six, to establish mechanisms of control to ensure the safety and integrity of the health information taken into custody. Seven, to provide independent reviews for the resolution of complaints made to personal health information. Lastly, “to provide effective remedies for contraventions of this Act.”

Under the Act, archives are designated as “information managers”. The information manager is defined as either an individual or organization that works on behalf of custodian and is responsible for “process[ing], stor[ing], retriev[ing], archiv[ing] or dispos[ing] of personal health information”, or de-identifies or “transforms personal health information”, or “provides information management or information technology services.” Information managers must sign a written agreement with the custodians holding personal health records that provides protection for the records against unauthorized use, access, disclosure, destruction or alteration of the information within.[12]

Personal Health Information Act (Newfoundland and Labrador)

There are six purposes listed in the creation of the Personal Health Information Act. One, to establish the rules regarding the collection, use and disclosure of personal health information to protect the privacy and confidentiality of the individuals they refer. Two, to provide access to individuals with respect to their personal health information. Three, to allow individuals to make corrections or amendments to their health information. Four, to ensure the accountability of the persons responsible for the custody of the records regarding personal health information and to protect the security and integrity of the information contained within the records. Five, “to provide for an independent review of decisions and resolutions” to complaints regarding personal health records while in the custody and/or control of said custodians. Six, to establish procedures that ensure compliance with the Act for the persons who have custody or control of the personal health records.

There is no mention of the archives within this Act, however, the title “information manager” is used to describe any person or body who “provides information management or information technology services to a custodian” or “processes, retrieves, stores or disposes of personal health information for a custodian.” [13]

An Act Respecting the Protection of Personal Information in the Private Sector (Quebec)

The intention for the creation of this Act is to set out the rights regarding the protection of “personal information relating to other persons which a person collects, holds, uses or communicates to third persons in the course of carrying on an enterprise.” The act does not apply to personal information that is used or collected for “journalistic, historical or genealogical” work. Information regarding the communication of personal information is exempt provided that the person is authorized to do so for “study, research, or statistical purposes”. Archival repositories are also exempt from asking for consent to communicate personal information provided that it its objective is to acquisition, preserve and distribute records for their “information value and if the information is communicated as part of the transfer or deposit of the archives”. Other exemptions include: the document is more than one hundred years old or the person has been dead for over thirty years. No information regarding the health of the individual concerned can be released without consent of the individual or one hundred years has elapsed since the document was created. However, this information can be communicated for research purposes without permission of the person concerned “if the documents containing the information are not structured to allow retrieval by reference to a person’s name or identifying code or symbol and the information cannot be retrieved by means of such a reference.” The researcher is responsible for preserving the confidentiality of the personal information.[14]

United States Privacy Laws

Federal

Privacy Act

Enacted in 1974, the Privacy Act was created to set controls over the collection, maintenance, use and dissemination of personal information by the Federal government. The Act applies only to records located in a “system of records.” A system of records is defined as “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.” The Act allows three primary rights: one, to view records about oneself; two, to make requests or amendments to any record; and three, protection against unjustified “collection, maintenance, use, and disclosure of personal information.” [15]

Electronic Communications Privacy Act of 1986

The Electronic Communications Privacy Act requires government employees to obtain permission from a federal judge before “intercept[ing] or obtain[ing] electronic communications” (i.e. email, library patron records, Internet Service Providers logs).[16]

Privacy Protection Act of 1980

The Act does not deal with privacy directly, serves to protect the rights of free. Government is prohibits from the search or seizure of any works belonging to a person “intending to disseminate it to the public in some form of public communication.” As of 2005 there has been no ruling on whether the Act applies to online message boards and other electronic communiques.[17]

Family Educational Rights Privacy Act (FERPA)

Also known as the Buckley amendment, FERPA governs all access to student records if the institution receives public funds through the U.S. Department of Education. These can include both and private institutions and some educational agencies. The disclosure of “any personally identifiable information about students” is prohibited without the individual students (or their parent or guardians) permission. Material that does not contain a student name but contains information that could reasonably identify that student is also protected. The definition of an educational record is broadly defined as “[the] records, files, documents, and other materials [that are] maintained by an educational agency or institution, or by a person acting for such agency or institution.”

The type of information that can be disclosed to the public include “directory information (i.e., name, age, parents’ names, and addresses).” Access to educational records can also be made if the removal of personal identifiers is done. Following the shootings at Virginia Tech in 2008, further access can be provided in the interest of health and safety. [18]

The Driver's Privacy Protection Act

Information obtained by a state department of motor vehicles is prohibited from disclosing such information for marketing, unless consent is provided by the driver. Personal information can be disclosed without permission for other purposes, such as identity confirmation, toll payments, or private investigations.[19]

The Right to Financial Privacy Act

The Act provides protection for bank records, by ensuring that records cannot be seized or accessed without proper authorization (i.e. search warrant). Also the Act stipulates that banking institutions “cannot obtain ‘blanket’ consent from customers to release records as a condition of doing business.” Customers have the right to access records containing their personal information.[20]

The Fair Credit Reporting Act

The Fair Credit Reporting Act allows the Federal Trade Commission to regulate the private sectors credit reporting. Individuals have a right to access their personal information. The granting of access, however, requires that individuals submit a fee.[21]

The Financial Modernization Act

The Financial Modernization Act is also known as the Gramm-Leach-Bliley Act and was created as the first attempt privacy regulations within the financial sector. All financial institutions are required to have privacy policies in place. These policies need to have been brought to the attention of their consumers. While consumers are able to tell their institution that they do not want their personal information shared, affiliated businesses are allow to share such information freely.[22]

The Cable Communications Policy Act

Cable companies, under this Act, are not allowed to collect or disclose personal information without consent from the individual(s) involved. [23]

The Videotape Privacy Protection Act

Video stores are prohibited from disclosing customer records without their direct consent. Also, the Act stipulates that video stores must destroy all personal information “within a year of the date that it is no longer necessary for the purpose for which it was collected.” The Act was passed following the release of a list of video rentals of Judge Bork during his Supreme Court nomination.[24]

The Telecommunications Act of 1996

The Act is an update to the Communications Act of1934, which sets out specific privacy measures to “limit marketing on behalf of telephone companies, based on their ability to access their customers’ calling patterns.” Consent must be provided by individuals to have their information used for marketing. A problem with the legislation is it does not state how consent is to be obtained.[25]

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA was enacted to protect the privacy and confidentiality of individual’s personal health information; to keep people’s health insurance; and to control the costs of the healthcare industry.[26] A central role of HIPAA is privacy to which HIPAA extends to all “health-care providers that transmit patient information electronically, health-care data clearing houses, and health plans.” The act includes all formats of patient records, whether it be electronic or paper-based. [27]

The Children's On-line Privacy Protection Act of 1998

The intention of the Act is to protect the personal information of children against the inappropriate “collection and misuse by commercial websites.” Children under the age of 12 require parental consent against the collection of such information.[28]

The Patriot Act

The Patriot Act was passed just a few weeks following the 2001 September 11 attacks. The Act amended several of the Acts that protected personal privacy. The amending of these Acts was done to allow government greater access to individual’s personal information “to intercept and obstruct terrorism.” The legislation makes it possible to obtain information such as the sites visited by a suspect and what they were searching for. One of the Acts amended by the Patriot Act was the Family Educational Rights Privacy Act, which allowed government officials to access student records without the authorization of any court based on the belief that the information provided “likely” contained data related to terrorism.[29]

State and Federal

Freedom of Information Acts

The Freedom of Information Act was created to allow access to governmental records by all citizens. The statute states that anyone has the right to know the activities of the federal government. There are nine exceptions that restrict access. Individuals requesting information are not required to submit the reason for access, however, if any agency denies access a reason must be provided. The federal law specifies a specific limit to respond to requests. Nearly all states have freedom of information laws, though individual states may lay out different parameters for access and restriction. [30]

Issues Affecting Archives

Privacy and Access Debates

Heather MacNeil writes that Freedom of Information legislation provides the public with a legally enshrined right to know about its government. The right to know and the right to privacy is historically linked as a natural right. The French philosopher Voltaire claimed that citizens have a right to criticize and have knowledge of the workings of their government as stipulated by the terms of the social contract. Passage of both the Freedom of Information Act (United States) and the Access to Information Act (Canada) created a right of access to all government records, except those exempt to protect the interests of the State and individuals private information. A balance is needed to ensure the transparency of government and the rights of the individual. In an effort to deal with instances when privacy and access collide, one value has been favoured over the other. “In the United States, the bias [favours] access; in Canada, privacy is given preference."[31]

In Canada the preference to favour privacy is seen in many of the debates archivists encounter between the two issues. Some privacy advocates have suggested that the control of personal information should lie with the individual who created the document or to whom the document relates to, even if that means that the destruction of the records. Some archivists have contested this viewpoint. Tim Cook states that “in the interest of protecting our collective culture and history, archivists must not only be aware of these issues, but quite possibly pit themselves against privacy advocates in this struggle over contested ground and concepts.”

Other advocates for privacy contend that the collection of data compiled by an organization for a specific purpose, should be destroyed once the primary purpose to which it was collected is finished. Privacy advocates argue that any personal information collected can be used against citizens. Some advocates have articulated that this right to protect sensitive personal information transcends death. Terry Cook argues that “by this mind-set, government accountability, individual rights, history, and heritage are to be sacrificed to this fear over possible misuse of personal information. Such an action is damaging, short-sighted, and not in the interest of citizens.”[32]

Privacy and Living Persons

Modern archives often contain personal correspondence and other writings of individuals still living. The administering of access and protecting the individual’s privacy rights presents a challenge for archivists as these materials often contain both private and confidential materials.

The ways archives have dealt with privacy issues has been to develop policies within their institutions laying out the rules for access, talking to the donors about the location of sensitive and confidential information, having donors sign donor agreements listing out the parameters of access. Each of these approaches has problems associated with them. The rules of an institution may not be too restrictive or lax, potentially prompting legal action or strained relations with donors or researchers. Having donors lay out the parameters for access, they may not be aware of the location of all sensitive or confidential material; and problems may arise from excessive restrictions. Sara Hodson’s article argues that repositories that deal with authors and celebrities presents unique challenges for archivists. Hodson lists four reasons for these challenges: (1) the paper of celebrities and authors are high-profile, garnering a lot of public interest. (2) The records held within these collections “often deal with personal matters, rather than with historical events or situations.” (3) Copyright is often entangled with issues of privacy. Lastly, the collection of living authors in repositories is relatively recent.

Hodson ends by saying that there is no real solution on how to deal with high-profile celebrities and authors. It is up to institutions and archivists to determine the acceptable risks in providing access to potentially sensitive material. It is up to archivists to develop policies and procedures that reflect both the ethical and legal aspects in dealing with individual’s privacy. [33]

Third-party Privacy

A primary concern of archivists relates to the protection of third-party privacy. Marybeth Gaudette aptly calls the individuals effected by third-party privacy as “blind donors.” Blind donors refer to “individuals whose creations are contained within a collection without their consent regardless of their knowledge of that fact.”[34] The rights of third parties is particularly difficult as they “had no voice in deciding the fate of the papers, and are unlikely to have been consulted about any potential sensitivity in the collection.” Furthermore, material that contains letters are intended as private communications, meant only to be seen by the recipient. Private communications may contain sensitive or confidential information.
[35]

Steven Bingo argues that the difficulties in determining access can be mitigated by understanding the provenance of the document(s). Using Helen Nissenbaum’s theory of “contextual integrity”, Bingo argues that understanding the context to which the personal information was “supplied, gathered and used” will help in mediating risk and determining access.

Bingo’s endorsement of contextual integrity is similar to macro-appraisal, whereby, for example the papers of a University professor would not be assessed solely on the work of the professor. The risk assessment would be broadened to include the University as well.

Bingo is careful to point out the limitations presented in the contextual integrity approach, citing that it does not solve the problem of privacy, but supplies a host of additional factors archivists can assess in determining the “sensitivity of a document”, starting at appraisal, by looking at “the roles of the creator, recipient, and subject of a document.” [36]

Case Studies

National Archives of Canada

Privacy legislation has had an enormous impact on archives. In Canada the passing of the Access to Information and Privacy Acts in 1983 created new concerns for Archivists, especially for those dealing with government records. Daniel German’s 1995 article states that within the National Archives of Canada the creation of Access to Information and Privacy offices were made to deal with the new legislation. The creation of new offices meant that funds were diverted to support the new employees and resources needed to comply with the access and privacy legislation, furthering financial strains at the Archives. Furthermore, the release of government records was slow to researchers. Whereas the thirty-year rule under the Access Directive had provided an easy way to release records; the new exemptions and exclusions set out in the legislation made it impossible to assume that the release of records could be made simply by their date of creation. The request of a file required a thorough examination of the materials inside to ensure no information was released in contravention to the law. [37]

Desegregation Collections in Virginia

Another issue faced by privacy legislation is determining right of use in instances of contradictory access and privacy laws. Sonia Yaco’s case study highlights many of the problems three repositories faced balancing FERPA, HIPAA and FOIA to provide access to desegregation in schools in Virginia. The three types of repositories Yaco looked at were a state library, a public university, and a religious organization. The types of materials held in each of the repositories ranged from staff and student records, birth certificates, physicians notes, and the like.

The first institution, the Library of Virginia, first developed their access policy to the collection based “on the legal classification of [the collections] records.” Staff members decided that school board records were not education records because the board was not a school. Also, most of the records were not medical records, but rather opinions, like “this child is slow.” Since these records were determined not to be medical or school records, FERPA and HIPAA did not apply. Some records were not open to access, such as comments that “might embarrass or humiliate an individual student,” such as notes on sexual abuse, hygiene or mental retardation.

The second repository was the Old Dominion University, located in Norfolk, Virginia. The types of materials donated to the University’s Special Collections encompassed “correspondence, memoranda, depositions, court orders, school directories, school board resolutions, aggregated test data, publications, several education records, and maps.” The Norfolk Public Schools administration donated the records in 2007. All the materials donated had not been examined by the donors to exclude confidential records. The staff at the Special Collections stipulated that “any confidential material found in the collection would be returned to the donor.” The types of records rejected were staff records, student grades and IQ listings. Problems occurred when dealing with court records and school board resolutions as lists of student names, their IQ’s and grades were contained in these public documents. FERPA and FOI hold contradictory testaments about what to do. It was determined that access would be granted to these records as it was a common occurrence in the 1950s and 1960s to discuss confidential information regarding individual students and “current open meeting laws and Freedom of Information acts” allow access to such materials. Further complications were presented regarding material that would be constituted as embarrassing to certain persons, such as racist letters. It was determined that the racist letters would be open as they were written to a public body without the expectation of privacy.

The last repository consulted was the American Friends Service Committee Archives located in Philadelphia, Pennsylvania. The records donated to the religious archives were from the Emergency Placement Project, which placed hundreds of black students with host families across the U.S. to receive an education. The types of materials donated included personal information about individual students. Access to the collection is strictly controlled. Researchers are required to fill out an application that includes references, writing samples, the purpose of their research, and any plans to publish. The collection is accessible to the public, with some confidential information restricted. Neither FERPA nor HIPAA were considered in basing this decision. Researchers are not allowed to include student names in their final product. Photocopying of material from the collection is permitted, but copies of information on individual students is not allowed. [38]

Survey of Policies and Practices in the United States, 1982

Alice Robbin’s conducted a survey of the policies and practices of fifty state archives in the United States in 1982 regarding “privacy and access to restricted records for social research.” In particular Robbins looked at the administering of health and social service records, excluding criminal justice records. The purpose of the survey was to ascertain the knowledge archivists had about privacy and confidentiality as it related to their institutions and the laws that govern access. Questionnaires were sent to all the names listed on the National Association of State Archivists and Records Administrators directory. Forty-seven percent of the questionnaires sent out were returned. The major findings from the survey suggested that archivists were not well informed about state and federal laws governing access, confidentiality and privacy. A review of such laws found that there were varying degrees of “inconsistency, ambiguity, and conflict” between the different laws at the state and federal levels. However, seventy-two percent of the respondents stated that no conflict existed. The policies and practices responding to requests for restricted materials were not well developed. Few of the archivists carried out follow-up referrals to the originating office for a researcher or pursued access for a researcher. Lastly, the institutions archivists worked, placed access to confidential records as low priority for social researchers. [39]

East Germany

A case study on the Stasi files after the fall of the Berlin Wall in East Germany is provided as a way of acknowledging that privacy rights extend to other parts of the world and take on a deeper meaning, especially when the collection of personal information is used as a means of repression and authoritarian control. Following the collapse of the Berlin Wall, debates about what should happen to the East German Stasi files took centre stage. The release of the personal information collected in these files had backing from international human rights supporters. A balanced needed to be made between reconciling victim’s rights to know and retain the right for individual’s privacy. After the wall was fell the Communist security apparatus continued operations, with loyal members attempting to destroy decades of illegal intelligence gathering on citizens. Destruction was halted on 15 January 1990 when a group of East German dissidents stormed Stasi headquarters.

Debates raged on what should be done with the Stasi files. The national archives of West Germany advocated to treat the Stasi files under their normal archival policy. This action, however, would have meant that the Stasi archives would have been closed for thirty years, except in cases of privileged governmental access. Files related to individuals would have been closed for a longer period of time, generally thirty years after the death of the individual.

The Control Commission for the Dissolution of the Ministry of Security supported the destruction of the Stasi archives, out of fear that the information gathered could be used exploitatively by the West German intelligence service and their allies. Further calls for destruction were made on the basis of dealing with the burden posed by the recent past. A decision was made to erase the electronic security files by the advisory Round Table in February 1990; however doubts persisted about destroying the records of the past. “A partially successful secret effort was made to duplicate the electronic files on diskettes prior to the official erasure.” Amidst a storm of media reports, the main decision to keep the Stasi records was to uncover the truth. The opening of the files helped Germany heal with the past.

On 20 December 1991 the Stasi Records Act was passed. Under the act Parliament became the custodian of the State Security Service records of the East German state. Parliament was then “charged with appointing a federal commissioner” to administer these records. Other German and security laws did not apply to these sets of records. A provision made in the legislation made access for victims to access their records. [40]

References

  1. Sissela Bok, Secrets: On the Ethics of Concealment and Revelation (Vintage Books, 1984): 10-11.
  2. Heather MacNeil, Without Consent: The Ethics of Disclosing Personal Information in Public Archives (Metuchen, N.J.: Society of American Archivists and Scarecrow Press, 1992): 1-47.
  3. Daniel German, “Access and Privacy Legislation and the National Archives, 1983-1993: A Decade of ATIP,” Archivaria 39 (1995): 196-197.
  4. “The Privacy Act.” Office of the Privacy Commissioner of Canada. Last modified March 21, 2013. https://www.priv.gc.ca/leg_c/leg_c_a_e.asp.
  5. Privacy Act, R.S.C., 1985, c. P-21. http://laws-lois.justice.gc.ca/eng/acts/P-21/page-3.html#docCont.
  6. Tim Cook, “Archives and Privacy in a Wire World: The Impact of the Personal Information Act (Bill C-6) on Archives,” Archivaria 53 (2002): 94-114.
  7. Cook, “Archives and Privacy,” 103-104.
  8. Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5. http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html.
  9. Personal Information Protection Act, Statutes of Alberta, 2003, Chapter P-6.5. http://www.qp.alberta.ca/1266.cfm?page=P06P5.cfm&leg_type=Acts&isbncln=9780779762507.
  10. Personal Information Protection Act, Statutes of British Columbia, 2003, Chapter 63. http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/00_03063_01.
  11. Personal Health Information Protection Act, Statutes of Ontario, 2004, Chapter 3. http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_04p03_e.htm.
  12. Personal Health Information Privacy and Access Act, Statutes of New Brunswick, 2009, Chapter P-7.05. http://laws.gnb.ca/en/showfulldoc/cs/P-7.05/20121030.
  13. Personal Health Information Act, Statutes of Newfoundland and Labrador, 2008, Chapter P-7.01. http://assembly.nl.ca/Legislation/sr/statutes/p07-01.htm.
  14. An Act Respecting the Protection of Personal Information in the Private Sector, R.S.Q., c.P-39.1. http://www2.publicationsduquebec.gouv.qc.ca/dynamicSearch/telecharge.php?type=2&file=/P_39_1/P39_1_A.html.
  15. “The Privacy Act,” U.S. Department of State, http://foia.state.gov/Learn/PrivacyAct.aspx.
  16. Avner Levin and Mary Jo Nicholson, "Privacy Laws in the United States, the EU, and Canada: The Allure of the Middle Ground," University of Ottawa law & technology journal 2, no. 2 (2005): 363.
  17. Levin and Nicholson, “Privacy Laws,” 363.
  18. Sonia Yaco, “Balancing Privacy and Access in School Desegregation Collections: A Case Study,” American Archivist 73, no. 2 (2010): 641-642.
  19. Levin and Nicholson, “Privacy Laws,” 364.
  20. Levin and Nicholson, “Privacy Laws,” 364.
  21. Levin and Nicholson, “Privacy Laws,” 364.
  22. Levin and Nicholson, “Privacy Laws,” 365.
  23. The Levin and Nicholson, “Privacy Laws,” 365.
  24. The Levin and Nicholson, “Privacy Laws,” 366.
  25. The Levin and Nicholson, “Privacy Laws,” 366.
  26. “What is HIPAA?,” Department of Health, http://health.state.tn.us/hipaa/.
  27. Sonia Yaco, “Balancing Privacy and Access in School Desegregation Collections: A Case Study,” American Archivist 73, no. 2 (2010): 642.
  28. The Levin and Nicholson, “Privacy Laws,” 367.
  29. The Levin and Nicholson, “Privacy Laws,” 370-371.
  30. Mary Jo Pugh, Providing Reference Services for Archives and Manuscripts (Chicago: Society of American Archivists, 2005): 156.
  31. Heather MacNeil, “In Search of the Public Good: Balancing the Right to Privacy and the Right to Know,” in Without Consent: The Ethics of Disclosing Personal Information in Public Archives (Metuchen, N.J.: The Society of American Archivists, 1992: 61-63.
  32. Tim Cook, “Archives and Privacy in a Wired World: The Impact of the Personal Information Act (Bill C-6) on Archives,” Archivaria 53 (2002): 95-96.
  33. Sara S. Hodson, “In Secret Kept, in Silence Sealed: Privacy in the Papers of Authors and Celebrities” American Archivist 67, no. 2 (2004): 194-211.
  34. Marybeth Gaudette, “Playing Fair with the Right to Privacy” Archival Issues 28, no. 1 (2003-2004): 21.
  35. Sara S. Hodson, “In Secret Kept, in Silence Sealed: Privacy in the Papers of Authors and Celebrities” American Archivist 67, no. 2 (2004): 196.
  36. Steven Bingo, “Of Provenance and Privacy: Using Contextual Integrity to Define Third-Party Privacy,” American Archivist 74, no. 2 (2011): 506-508.
  37. Daniel German, “Access and Privacy Legislation and the National Archives, 1983-1993: A Decade of ATIP,” Archivaria 39 (1995): 196-198
  38. Sonia Yaco, “Balancing Privacy and Access in School Desegregation Collections: A Case Study,” American Archivist 73, no. 2 (2010): 637-659.
  39. Alice Robbin, “State Archives and Issues of Personal Privacy: Policies and Practice,” American Archivist 49, no. 2 (1986): 163-175.
  40. Elena S. Danielson, “Privacy Rights and the Rights of Political Victims: Implications of the German Experience,” American Archivist 67, no. 2 (2004): 176-184.

[Category:Archival Studies]] and and