www.cnil.fr

Welcome
Diary
Registration
Paris Infos
Le journal
Press Review
Contacts
Mailing list
Links
Privacy

 


Contribution


Robert Gellman

Public Record Usage in the United States
Robert Gellman

Abstract

            Public records about individuals in the United States include a wide range of personal information.  State and local governments, rather than the federal government, are the source of most public records.  Many public records are available for unrestricted private use.  Public records are used for Internet searches, by information brokers for individual lookup services, for marketing uses, for political uses, and in other ways.  The combination of public records with other individually identifiable information collected from warranty cards, surveys, and other sources allows information companies to maintain detailed geographic, demographic, and psychographic information on nearly every household in the United States.  Public awareness of the uses of public record data is limited, and remedies for overzealous surveillance through public record data are rare.

Introduction

            The purpose of this paper is to describe some of the principal uses of public records in the United States.  For purposes of this paper, a public record (or public register) is:

            1) a register, list, roll, or compendium of personal data under the control or direction of a public body;

            2) maintained pursuant to statute, regulation, rule, or administrative practice; and

            3) open (in whole or in part) to public inspection, copying, distribution, or search under a specific law or policy.[1]

            Records maintained as public records in the United States may include: drivers' licenses, motor vehicle registrations,[2] land ownership records, property tax records, voter registrations, police records, court records, occupational licenses, and regulated activity records such as hunting, pet ownership, and gun ownership.[3]  Other registers with personal data include political contributions, financial disclosure (ethics) filings, securities filings, and birth and death records.  No central registry of public records exists.  The number of separate public record systems at the federal, state, and local levels is likely measured in the thousands or even in the ten thousands.

            Collectively, public records reveal “a vast array of detail about an individual's life, activities and personal characteristics.”[4]  When collected, compiled, and maintained over years and across jurisdictions, the records contain a more complete reflection of the events, habits, and occupations of individuals and families.  The effect of technology on the use of public record information is notable.  Professor Mary Culnan observed that technology has stripped much of the privacy that used to exist because of the difficulty of finding and obtaining records.[5]

            Governments at all levels, including local, state, and federal, maintain public records.  However, most federal records about individuals are not public because of the Privacy Act of 1974,[6] the Freedom of Information Act,[7] or other statutes.  Most public records about individuals are maintained by state or local governments and not by the federal government. 

            State and local practices vary tremendously.  In one state, a record may be available for public inspection and use without restriction.  The same record in another state may be available for Internet searching.  In another state, the may be available only for specified uses.  Another state may not disclose the record to anyone.  Yet another state may not maintain the record at all.

 

Examples of Uses of Public Record Information

            Public records are used by many institutions in many different ways.  Primary users are the agencies that collect and maintain the data.  For example, tax collectors use property tax records to make assessments and collect taxes.  Registrars use voter records to decide who may vote.  These primary uses are predictable and will not be explored here.

            In many cases, the records are also used for secondary governmental activities not directly related to the principal purpose of the collection.  For example, motor vehicle departments traditionally make information about cars and drivers available to police for law enforcement purposes.  Secondary uses also relate principally to motor vehicle regulatory and control matters, and include disclosures to insurance companies, for safety recalls, etc.

            Tertiary uses vary considerable.  For example, drivers’ licenses are recognized as basic identification documents.  Motor vehicle departments may disclose drivers' records to a third party to verify identifying data submitted by an individual.  Some other state government agencies sell records to anyone without restrictions on use.  This was true with some motor vehicle records before passage of the Federal Drivers Privacy Protection Act in 1994 and its amendment in 1999.[8]  Other public records continue to be sold or disclosed depending on state law, administrative practice, or other factors.  Voter registration record disclosure policies vary widely.  Some states make the records available without restrictions; others limit access and use.

            Public records are also important to other activities remote from the original purpose for which they were collected.  As the technological capability to collect, compile, and manipulate records increased, public records formed the core of privately maintained databases used for purposes that are mostly unregulated.  A description of major ways in which public records are used follows.

 

1. Internet Searches

 

            Agencies maintaining public records sometimes make them available for public searches on the Internet.  Internet searching represents an expansion of the ability to review physical records in the office of the sponsoring agency.  Often, Internet services have no prerequisites for use so anyone can review any record.  Data obtained may be used without restriction. 

            A recent article in the Wall Street Journal illustrates some of the ways that users of public record Internet sites use the records.  The city of Pittsburgh is one of several jurisdictions that placed its real property assessment database on the Internet.  Some users review records in order to determine if the property tax valuations for their houses are consistent with other comparable valuations.  Other users have other purposes, including curiosity.  One user looked for the records of his high school classmates.  Others use the site to look for information on celebrities.[9]

            A website operated by Search Systems links to searchable public record databases maintained by jurisdictions in the United States and elsewhere around the world.[10]  Many of the thousands of databases identified on this website contain information that is not personal.  The databases identified are not linked together, and each database must be searched separately.

 

2. Lookup Services

 

            Private companies collect and compile public record and other personal information for resale.  These companies are sometimes referred to collectively as the individual reference industry,[11] and the services are sometimes called lookup services.  Many companies function as information brokers who resell the personal information collected and compiled by others.

            Lookup services usually operate by collecting and compiling information from multiple sources to create a central record.  In some cases, the companies create an ability to search through multiple databases maintained in disparate locations for records about a particular individual.  From the perspective of the user and of the data subject, there may be little difference between the central compilation of data into a single database and the simultaneous searching of separately maintained databases.

            Public records available from state and local government agencies are a major source of data for lookup services.  Electronic public records are the source of much of the information, although companies may collect some data from paper records.  The volume of records is enormous.  One U.S. company offers access to more than ten billion public records.[12]

            Some companies offer compiled personal information to individuals.  For example, one company advertises on the Internet to individuals who want to conduct background checks, including criminal record checks, on potential mates, nannies, in-home service providers, business partners, and prospective employees.[13]  Another company displays a sample report on its website that includes name, address, telephone number, property ownership, assessed value of property, other individuals living at the address, names of neighbors, and former residences.

            Law enforcement agencies are major customers for lookup services.  Federal customers include the Federal Bureau of Investigation, Internal Revenue Service, and others.  Federal contracts for these information services exceed ten million dollars annually.[14]

 

3. Marketing Uses

 

            Companies in the United States collect, compile, and use personal data for a broad range of marketing and related purposes.  Companies often maintain data about virtually every household in America.[15]  Some data comes directly from public records.  The companies purchase other lists and map the data to existing files on households.[16]

            The marketing industry maintains three broad categories of data.  Geographic data includes address, census tract for that address, latitude, longitude, and geocoding.  Demographic data includes name, telephone number, martial status, educational level, homeownership, mail buying propensity, credit card usage, income level, marital status, age, and children.  Psychographic data includes lifestyle indicators that show whether an individual is a gardener, reader, outdoor enthusiast, golfer, etc.[17] Demographic and psychographic data sometimes comes from consumer surveys, warranty cards, and product registrations.[18]

            Businesses have an “insatiable demand” for data according to one marketing consultant.[19]  They use consumer data in several ways.  A retailer that has a customer database may go to an information company to seek enhancement of a customer list.  The retailer wants to merge its data with other available data to obtain a more detailed picture of its customers. 

            A second major use is for targeted lists.  Once a company decides what type of consumers are most likely to be customers, it can create a new list using the new criteria.[20]  

            Companies also share and enhance customer data through cooperative databases.  A cooperative database results when marketers pool customer data to gain access to names of new prospects as well as additional data on their customers.[21]  A cooperative database consolidates files from marketers, publishers, catalogers, retailers, e-tailers, and others.  The database can be overlaid with demographic, psychographic, and census data.[22]  Abacus is one of the leading cooperative databases.  For each consumer, its database also shows the number of catalog transactions for the last twelve months, the recency of the last transaction, the total number of transactions, and the cumulative amount spent.[23]  The company’s database includes information from hundreds of catalog merchants, with information collected from more than 1800 members.  The transaction database contains 3.5 billion transactions from 90 million households.[24]

            The existence of cooperative databases is almost completely hidden from American consumers.  Professor Mary Culnan observes that consumer notices do not describe the nature of the data sharing that has become routine among many marketers.[25]  Some privacy notices state that information may be shared with other companies, but notices rarely, if ever, reveal the scope, nature, or permanence of the sharing.  Abacus’s website does not disclose the names of its members.  Its website privacy policy does not describe or provide data subjects with a right of access to the database.[26]

            Marketing databases do not just rely on identifiable data.  Non-identifiable data is a powerful tool for developing demographic information about consumers.  In many cases, the products and services that Americans consumers can be predicted simply by knowing summary level demographic information about their neighborhood.[27]

            The appetite of marketers and others for data about consumers, whether identifiable or not, appears endless.

 

4. Political Uses

 

            The databases developed for direct marketing purposes have applications in politics.  Candidates and political organizations use voter registration information with other data to target voters.  An October, 2000, news story in the Washington Post included these examples:

" To locate likely allies beyond its 4 million members, the National Rifle Association buys government and private lists of pickup truck owners, people with hunting licenses, concealed weapons permit holders, gun show exhibitors and outdoor magazine subscribers.

" Using its own carefully culled lists, the National Abortion and Reproductive Rights Action League is reaching out in 15 key states to 2 million Republican and independent women who the group believes will be sympathetic to its cause.  It has fashioned profiles of typical pro-choice women, using as a model demographic data that its own members provided, and then seeking out non-members who visit the same Web sites, listen to the same radio stations or read the same newspapers.

" Map Applications, which also works with Iowa Republicans among other GOP and conservative groups, can link more than 40 layers of personal data to a voter's name and address, and then make sense of it all.  The information includes voters' ages along with their children's ages, the value of their homes, whether they have bank cards, and their ethnicity.  Much of the data resold by Map Applications originated with credit bureau giant Trans Union.[28]

            A politician who uses personal data in ways that offend voters runs the risk that voters who find out about the use will vote for someone else.  The political system provides some degree of accountability.  In the commercial world, however, consumers do not have the same ability to express negative views of marketers.  Many of the institutions that maintain consumer data are invisible to consumers.  The lack of transparency often insulates marketers from any significant oversight or response by their customers.

 

Wider Implications of Public Record Use and Disclosure

 

1. Constitutional Considerations

 

            The U.S. Constitution offers little direction about the availability of public records.  Rules governing disclosure of executive branch records are statutory.  The Constitution requires the public availability of only some judicial records and some law enforcement records.[29]  State constitutions may be more important on access issues.  However, access to government records is mostly determined under open records laws or statutes regulating specific records.

            Any federal constitutional right of privacy for personal information in the possession of government agencies is largely undefined.  No existing principles establish any firm guidance on withholding public records in the interest of privacy.  Some state constitutions have stronger privacy provisions, but the application of those provisions to public records is not clear.  Again, protection of privacy is mostly a matter of statutory rather than constitutional law.[30]

            The most significant constitutional provision may be the First Amendment, which limits the ability of government to regulate speech.  The First Amendment to the Constitution provides strong protection against government interference with speech.  First Amendment jurisprudence is extensive, complex, and often hotly debated.  A principal issue for public records is whether it is possible for government to disclose records to some recipients and still regulate the use of information in the hands of downstream users.

 

2. Public Policy Effects

 

            The maintenance of private archives of information from public records can create conflicts with public policy objectives.  An example involves criminal history records and the expungement of old criminal convictions. 

            The public availability of criminal history records varies across the United States.  At the federal level, compiled criminal history records showing arrests and dispositions for an individual are not publicly available on privacy grounds.[31]  That is not the case in all states.  However, the strong policy against secret arrests results in public access to records that identify people who have been arrested.  Thus, it should be possible in theory to identify every individual arrested through records contemporaneous to the time of arrest.  However, the records are typically scattered in police stations and courthouses throughout the United States.

            In the past, newspapers often obtained these records, and the information remained buried in newspaper archives where retrieval was unlikely.  Thus, for most of American history, old records about arrests and convictions were generally unavailable for most individuals.  The Supreme Court relied on this practical obscurity in deciding that compiled criminal history records were withholdable under the Freedom of Information Act on grounds of privacy.[32] 

            Criminal convictions can be expunged from public records under defined circumstances.  Expungement refers to a court order that wipes out the criminal record.  An offender who had a single conviction years earlier and who led an exemplary life since might qualify for expungement.  The policy is that a person who made a mistake should not necessarily have a criminal record forever.  In some countries, the term for expungement is spent convictions. 

            Technology is eroding the policy behind the expungement of criminal history records.  The maintenance of private databases with information on arrests and convictions may make a formal expungement meaningless.  A public record might be changed under a court order so that the conviction would no long appear in the public record.  However, a court order has no effect on privately maintained records, and the conviction may never disappear.  It can be impossible for an individual to find the record keepers and to erase the records.  In any event, an individual is not likely to have a right of access or correction for a privately maintained criminal history record.  The objectives of expungement have been fatally undermined by databases operating without any privacy rules.[33] 

 

3. Effective Notice

 

            When personal data from public records comes into the possession of data profilers, it may be difficult for data subjects to learn of the data processing activities.  In the United States, no general law requires non-governmental record keepers to notify the subjects of their records, to provide access to the records, or to accept and consider requests for correction. 

            Some data collectors offer access and correction rights as a matter of policy or practice.  For example, companies who are members of the Individual Reference Service Group (IRSG) agreed as a matter of policy to accept requests from data subjects for the correction of inaccurate information.  However, the policy does not extend to information obtained by IRSG members from public records.  IRSG companies will continue to disclose information from public records that has been shown by a data subject to be incorrect.[34]

            However, data subjects generally have no way to know who maintains their personal data.  A customer of a catalog company or website knows (or has constructive knowledge) that the merchant has a record of any transaction.  Customers do not know, and are rarely told, what other information about them has been collected by the merchant from other sources.

 

4. Non-Identifiable Data

 

            A middle ground between the needs of data users and the privacy interests of data subjects is the use of non-identifiable data.  The use of data that is truly non-identifiable may appear not to conflict with privacy principles, but concerns remain.  The availability of public record data and its compilation into individual profiles threatens the ability to treat any individual level data as non-identifiable.  Compilations of data from other sources pose similar threats.

            Non-identifiability is a difficult concept.  Whether data is non-identifiable may depend on the knowledge of the recipient, the type of data available, and the effort required to tie the data to a known individual.  Latanya Sweeney, a researcher on statistics and public policy, has demonstrated that it is possible to match non-unique identifiers with public records to identify most individuals.  For example, the Cambridge, Massachusetts voter registration list has 55,000 voters.  Twelve percent of voters have unique birthdates.  So if a person of voting age lives in Cambridge, the voter might be identified just from the birthdate on the voter list.  With birthdate and gender, 20% of voters are unique.  With birthdate and five-digit zip code, 69% are unique.  With birthdate and nine-digit zip code, 97% are unique.[35]  More broadly, 87% of Americans can be identified just by birthdate, five digit zip code, and gender.[36]  Sweeney has also shown that hospital discharge data, available in a form with all overt identifiers removed, can be linked to individual patients.[37]  In one example, she identified the hospital record of the Governor of Massachusetts from records that had supposedly been de-identified and released publicly.[38]

 

5. Profiling, Redlining, and Weblining

 

            The use of non-identifiable information can still result in decision-making about identifiable individuals that can be remarkably similar to decisions resulting from use of identifiable data.  Some marketing analyses rely on segmentation based on neighborhood.  The theory is that people with similar background, needs, and interests tend to live in the same areas.  Neighborhoods that exhibit similar demographic and behavioral characteristics can be readily identified.  The data can be used to locate marketing opportunities.[39]  Input may come from non-identifiable data such as census data and de-identified purchase data as well as from consumer surveys and other data collection instruments.

            At some level, neighborhood analysis is nothing new or surprising.  In any city, observers can distinguish between high and low income areas.  The collection and analysis of data may produce only a detailed version of what was already known.  Whether the greater degree of sophisticated analysis represents a difference in kind rather than in degree is an open question.

Decisions about individuals or households can be based on a neighborhood profile.  If the profiles are accurate enough, then the decisions may be close to those that might be made using identifiable data.  In other words, whether marketers make decisions based on identifiable or nonidentifiable data, the results may be similar.  There may be no escape from targeted marketing even if the use of identifiable data were restricted.   

            In recent testimony before the U.S. Congress, Paul Schwartz, Professor of Law at Brooklyn Law School pointed out the dangers inherent in improper use of profiles by limiting economic opportunities for individuals and groups.  Profiles can be used to deny or restrict opportunities to neighborhoods or to individuals.  In the offline world, this practice is known as redlining.  The online version is weblining.[40]  Traditional redlining is geographically based and can be easier to detect.  If the practice can be translated to the Internet, it may be harder to identify because the characteristics relied upon may be invisible to the outside world.  

 

Closing Observations

 

            Strategies that have been used from time to time in the United States for protecting the privacy of information maintained in public records include:

            " Not allowing public access to the records.  Personal records maintained by government agencies are not always publicly accessible.  Examples of records routinely unavailable to the public include income tax returns, health records, and criminal history records of juvenile offenders.  Legislatures could decide to make additional records unavailable.

            " Limiting private uses of the records.  Laws can make records available for only some purposes.  An example is the federal Drivers Privacy Protection Act.  One effect was to eliminate marketing uses of personal data without the affirmative consent of the data subject.

            " Allowing searches for individual records but not disclosure of an entire database.  Some existing state Internet sites provide access only to those who have a name, address, license number, or other data element to use in a search.  Records may be available on a file-by-file basis to those who have a reason to search for them, but searching cannot reproduce an entire database.

            " Limiting disclosure of records in digital format.  When records must be individually accessed and rekeyed, it is less likely that the records will be used.  However, limits on disclosure of digital records are inconsistent with policies in many Freedom of Information laws.[41]  Also, records that once could only be hand copied may be scanned automatically.

            " Giving data subjects more choice about disclosures and uses.  Both affirmative and negative consent may allow each individual to balance his or her own privacy interest against the benefits and consequences of disclosure.

            Remedies for the use or disclosure of public record information do not appear to be available to record subjects in the absence of a specific statute imposing limits on downstream recipients.  Classic privacy tort law does not support a cause of action for intrusion upon seclusion[42] or for giving publicity to personal facts[43] that are matters of public record.  However, physical surveillance of an individual in a public place has been held to be so "overzealous" as to render the conduct to be actionable as an invasion of privacy.[44] 

            Surveillance by collecting available public record data and the maintenance of that data in an electronic profile that may cover an entire lifetime is a development of the last few decades.  The power and range of this surveillance are only increasing.  An illustration makes the point.  For the family of Mr. and Mrs. John Doe, public records may show current and previous addresses, mortgage balances, home improvements, occupations, pet ownership, and other characteristics.  Court records may show divorces, criminal charges, and inheritances.  The names of current and former neighbors may be available.  The records may reveal frequency of voting and party registrations for family members over the years.

            Family member John Doe, Jr., who lived at the same address with Mr. and Mrs. Doe for most of the last two decades, is presumably the son of Mr. and Mrs. Doe, and other records such as birth certificates may confirm the relationship.  The same records may also show his mother’s maiden name, an important piece of information often used for verification of identity.  If John Doe, Jr., now lives in a house with Mary Roe, an unmarried female, and jointly owns a car with her, we can infer other information about the couple. 

            The combination of a public record profile with personal information derived from financial transactions, from Internet activities that may not be transaction-based, and – perhaps – from wireless surveillance is an ongoing and expanding activity that has few constraints in U.S. law.  The first generation of individuals who have been the subject of information surveillance from birth (and in some instances, from before birth) has not yet reached the age of majority.

            The response of the American public and the American courts to intensive public record surveillance remains to be seen.  Most of what happens today is not transparent to the public.  Personal surveillance using public records may continue largely unconstrained, may be subject to statutory restraint, or perhaps may be subject to judicial expansion of the largely undefined notion of overzealous surveillance.  Future uses and restrictions on public records in the United States are a subject of continuing debate. 


[1] See generally Robert Gellman, Public Registers and Privacy: Conflicts with Other Values and Interests; Blair Stewart, Five Strategies for Addressing Public Register Privacy Problems, Proceedings of the 21st International Conference on Privacy and Personal Data Protection (Hong Kong, 1999) <http://www.pco.org.hk/english/infocentre/conference.html>.

[2] State governments maintain drivers’ licenses and automobile registrations.  These records are, however, the only types of state-maintained public record subject to federal law on use and disclosure.  18 U.S.C. §2721-25.  The U.S. Supreme Court held that the law did not violate federalism principles.  Reno v. Condon, 528 U.S. 141 (2000).

[3] See Robert Gellman, "Public Records – Access, Privacy, and Public Policy:  A Discussion Paper," 12 Government Information Quarterly 391-426 (1995) [hereafter cited as Gellman on Public Records].

[4]  Paula Bruening, Staff Counsel, Center for Democracy and Technology, at Federal Trade Commission, Public Workshop on the Information Marketplace: Merging and Exchanging Consumer Data (March 13, 2001) <http://www.ftc.gov/bcp/workshops/infomktplace/transcript.htm> [hereafter cited as FTC Consumer Data Workshop].

[5] Emerging Financial Privacy Issues, Hearing before the Subcommittee on Financial Institutions & Consumer Credit of the House Committee on Banking and Financial Services (1999) (testimony of Dr. Mary J. Culnan, Professor, School of Business, Georgetown University) <http://www.house.gov/financialservices/72099cul.htm>.

[6] 5 U.S.C. §552a. 

[7] 5 U.S.C. §552.

[8] 18 U.S.C. §2721 et seq.

[9] Patricia Davis, Peering Over the Hedge Becomes a Breeze As Web Users Discover Real-Estate Database, Wall Street Journal, April 23, 2001 at page 1.

[10] <http://www.pac-info.com/>.

[11] The Individual Reference Service Group is a trade association that represents larger companies. <http://irsg.org>. 

[12] ChoicePoint Inc., IRS Awards National Public Record Contract to ChoicePoint, Press Release, October 4, 2000, <http://www.choicepoint.net/8525687900685B68/0/79AA5462B5EBAF7B8525696F00438326?Open>.

[13] <http://www.WhoisHe.Com/>.

[14] Glenn Simpson, FBI's Reliance on the Private Sector Has Raised Some Privacy Concerns, Wall Street Journal, April 13, 2001.

[15]  Lynn Wunderman, President and CEO of I-Behavior at FTC Consumer Data Workshop.

[16]  Professor Mary Culnan, Bentley College at FTC Consumer Data Workshop.

[17]  Johnny Anderson, President and CEO, Hot Data at FTC Consumer Data Workshop.

[18]  Id.

[19]  Ted Wham, President, Database Marketing for the Internet, at FTC Consumer Data Workshop.

[20]  Johnny Anderson, President and CEO, Hot Data at FTC Consumer Data Workshop.

[21]  Lynn Wunderman, President and CEO of I-Behavior at FTC Consumer Data Workshop.

[22] Id.

[23] <http://www.abacus-direct.com/> (Data Dictionary link).

[24] <http://www.abacus-direct.com/news-events/pressrelease/111400_trendreport.asp?lm=catalog>.

[25]  Professor Mary Culnan, Bentley College at FTC Consumer Data Workshop.

[26] <http://www.abacus-direct.com/privacy.asp>.

[27]  Elisabeth Brown, Senior Vice President, Product Strategy, Claritas at FTC Consumer Data Workshop.

[28] John Mintz & Robert O'Harrow Jr., Software Digs Deep Into Lives of Voters, Washington Post, October 10, 2000 at A01.

[29] Gellman on Public Records.

[30] Id.

[31] Department of Justice v. Reporters Committee for Freedom of the Press, 489 U.S. 749 (1989).

[32] Id. 

[33] See, e.g., Dan Horn, Offenders Find Records Hard to Erase, Cincinnati Enquirer (Dec. 18, 2000) <http://enquirer.com/editions/2000/12/18/loc_offenders_find.html>; Smith v. Daily Mail Publishing Co, 443 U.S. 97 (1979) (Rehnquist, J. dissenting) (“Such publicity also renders nugatory States' expungement laws, for a potential employer or any other person can retrieve the information the States seek to "bury" simply by visiting the morgue of the local newspaper.”).  Newspaper morgues may have been the only independent source of criminal history information when the decision was written in 1979, but there are more sources today.  See, e.g., United Reporting Publishing Corp. v. California Highway Patrol, 146 F. 3d 1133 (CA9 1998), reversed on other grounds, 528 U. S. 32 (1999).

                Public concern about criminal history confidentiality is notably absent for persons convicted of sexual offenses.  New Jersey was the first of many states to pass laws that required public disclosure of information about the identity, location, physical characteristics, and criminal history of persons released from prison after a conviction.  For information on similar programs in other states, see <http://www.klaaskids.org/pg-legmeg.htm>.

[34] See Individual Reference Services Group, Principles <http://irsg.org/html/industry_principles_principles.htm>.

[35] National Research Council, Summary of a Workshop on Information Technology Research for Federal Statistics at box 2.3 (1990) <http://www.nap.edu/html/itr_federal_stats/ch2.html>.

[36] <http://www.heinz.cmu.edu/researchers/archive/00nov.html>.

[37]See generally Latanya Sweeney, Towards All the Data on All the People (2000) <http://www.heinz.cmu.edu/wpapers/active/wp00251.html>.

[38] National Committee on Vital and Health Statistics, Subcommittee on Privacy and Confidentiality, Roundtable Discussion: Identifiability of Data (Jan. 28, 1998) <http://ncvhs.hhs.gov/980128tr.htm>.

[39] See, e.g.,  <http://www.express.claritas.com/db/pzm.htm> (methodology link).

[40] Hearing on Internet Privacy, Testimony before the Senate Committee on Commerce, Science, and Transportation, 107th Congress (July 11, 2001) <http://www.senate.gov/~commerce/hearings/071101Schwartz.PDF>.

[41]See Electronic Freedom of Information Act Amendments of 1996, Public Law No. 104-231, 110 Stat. 2422.

[42] Restatement (Second) of Torts §652B comment c. (1977).

[43] Id. at §652D comment b. (1977).

[44] Nader v. General Motors Corp., 255 N.E. 2d 755, 771 (N.Y. 1976).