Death and Privacy Part I

by Bob Gellman March 29th, 2013 2:02 pm

Do Dead People Have Privacy Rights?

Part 1 of 2

 Traditional privacy policy, if there is such a thing, says that privacy is an attribute of living individuals.  Therefore, dead people have no privacy rights.  It’s a clear and simple line, easy to apply.  It probably makes researchers, genealogists, biographers, and some others happy.

Life and death are not that simple.  The federal health privacy rules known as HIPAA originally provided that health records must be protected for privacy forever.  I was fond of saying that your health records were protected until the sun runs out of hydrogen.  However, that rule – another simple to apply, bright line – created some issues.

Who is the heir of George Washington?  Now that’s definitely a question that genealogists can help to answer.  I suspect that the answer will be complicated in many cases, especially over decades and centuries.  There may be no heir.  There may be dozens of heirs of equal status.  How are we going to decide if George’s health records can be shared with a historian, health researcher, or newspaper reporter?  Do we take a vote among all the heirs?  Do the votes of those who are more directly descended receive a greater weight?  How do we even find the heirs?  Should we allow heirs to sell the information?

So the privacy forever rule seems hard to apply.  Let’s stick with health records, but try it the other way.  Let’s say that privacy ends at death.

The immediate family of the dead individual might not be happy.  A death is hard enough, but the prospect that the deceased health records would become public could create even more difficulties.  For many individuals, few people outside the immediate family would care much about the details.  However, for celebrities, there would be many demands for records.  What do you think tabloids would do if they could get their hands on ___________’s health records?  You can fill in the blank yourself, but some obvious candidates are Michael Jackson, Vince Foster, and Ronald Reagan.

While you’re thinking about that, you need to know that an x-ray of Marilyn Monroe recently sold at auction for $45,000.  See http://www.nydailynews.com/news/money/marilyn-monroe-chest-x-ray-1954-sells-45-000-las-vegas-auction-article-1.184979.  Do we want hospitals and labs selling celebrity test results and blood or tissue samples immediately upon death?  That’s more than a bit ghoulish for me.

Even for ordinary people, families might be traumatized if records showed that the deceased died of alcoholism, drug abuse, AIDS, syphilis, suicide, or other particularly unpleasant, reputation-destroying, or communicable disease.  Would a privacy-end-at-death rule mean that the DNA of the deceased could become public?  DNA information clearly tells something about direct descendants, and many might be unhappy that part of their genetic heritage would be public.

While I was working on this post, the story about the sequencing of Henrietta Lack’s DNA hit the press.  She was the woman whose cancer cells have been used worldwide for decades without her consent or the consent of her family.  Rebecca Skloot – who wrote the book The Immortal Life of Henrietta Lacks – wrote a NYT op-ed about the latest development.  http://www.nytimes.com/2013/03/24/opinion/sunday/the-immortal-life-of-henrietta-lacks-the-sequel.html.

In February of this year, HHS changed the HIPAA rule.  HHS replaced its privacy forever rule with a 50-year rule.  Any term of years is necessarily arbitrary, and 50 seem long enough so that nervous bureaucrats aren’t likely to be criticized by grieving families any time soon.

Is 50 years too long?  Probably, if you have an interest in genealogy.  And it could be longer as a matter of practice.  The preamble to the HIPAA rule notes that if a State has a law that provides for additional privacy protection, that law remains in force.  So the actual answer could vary state by state.  That could be particularly messy if, as is common today, an individual has health records in more than one state.  Further, HHS pointed out that the professional responsibilities of health care providers may require that patient records receive longer protections.  How long does a psychiatrist keep records confidential?  I don’t know if the profession has a policy.  It’s a messy legal issue whether and when a physician-patient or psychotherapist-patient evidentiary privilege survives the patient’s death.

We’ve just gotten started with dead people and privacy so maybe it’s time to end and come back another day with more.  I will end with a few new thoughts.  Even if privacy lasts forever, that doesn’t mean that everything is private forever.  It seems harder to argue that the fact of a death should be private.  No man is an island, right?  There are legal and other reasons for telling the world that someone is dead.  What else can we say about the deceased?  It’s easier to say that the name and date of death should be public.  There’s more to debate about whether next-of-kin, cause of death, and similar information should be public as well.

I’m not taking a stand, other than to emphasize that there’s a lot of room between nothing disclosed and everything disclosed immediately.   More in another post.



Family History and Digital Preservation

by Bradley Jansen March 27th, 2013 4:52 pm

I wanted to bring to people's attention that the Library of Congress offers great resources.  Specifically for this post, they look at the popularity of genealogy and family history and offer some guidance on digital preservation, starting here:


The popularity of genealogy websites and TV shows is rapidly growing, mainly because the Internet has made it so convenient to access family history information. Almost everything can be done through the computer now. Before the digital age, genealogical research was not only laborious and time consuming, it also resulted in boxes of documents: photos, charts, letters, copies of records and more. Online genealogy has replaced all that paper with digital files. But the trade-off for the ease of finding and gathering the stuff is the challenge of preserving it

The current spike in genealogical activity is significant. David Rencher, chief genealogical officer of theChurch of Jesus Christ of the Latter-day Saints, acknowledged the increase but said that the appeal of family history research itself is not new. Rencher said, “Genealogy represents the interconnectivity of human relationships. It also helps us understand the heritage we came from and that many of our ancestors went through similar trials and tribulations that we go through. It can add an element of meaning to our lives.”

 The family history section was added to a new document and publication, “Perspectives on Personal Digital Archiving” which can be found via a link here:






Genealogy Privacy Policies

by Bradley Jansen March 26th, 2013 12:00 pm

One of the first projects I hope to undertake with the coming addition of the rest of the group bloggers here is an examination of the genealogical communities privacy policies.

We need a listing all of the current genealogical privacy policies, codes of conduct, etc.  from the different parts of the genealogical community.  These should come from the various societies, companies, hosts, etc.

Once we have them collected, let's see if we can then sort of collate them (I'm sure there is a lot of overlap).  We should be able to come up with something like a privacy policy master list.  The next step would be to  invite the privacy and tech people to help critique them (data practices and technology are changing fast enough that I'm sure they could use some updating).

Once we have a new, improved privacy policy model, we can challenge groups to adopt it or incorporate the insights into their own.

Please post the name of the group and the links in the comments.  Thanks!

Some so far:

The National Genealogical Society has published suggested Standards (and Guidelines) addressing several areas on their Web site for some time.  Of particular relevance are the following:





We Made Geneabloggers

by Bradley Jansen March 26th, 2013 11:39 am

I got a wonderful email this morning:

Your blog is now listed among the almost 3,000 genealogy and family history blogs atGeneabloggers.com – thanks for your submission! We will highlight your blog in our weekly New Genealogy Blogs post this Saturday at 9:00 am Central!

The reception we got at RootsTech, from many of the prominent people in the genealogical community I've asked to contribute here (more on that coming soon), the unsolicited addition on Cyndi's list and now the unsolicited addition to Geneabloggers.com all show who seriously the genealogical community takes privacy--and the need to do more.

We'll be sporting our Geneabloggers badge on our website soon.  Thanks for support!


Genealogy as Big Data

by Bradley Jansen March 24th, 2013 6:52 pm

At our kick-off session at RootsTech where we unveiled this project, Jim Dempsey of the Center for Democracy and Technology explained that the genealogy question is a variant of the "big data" topic.  Right on cue, the New York Times follows up with an article on the privacy issues we are all trying to address with big data.  While the article doesn't talk about genealogy specifically, it is pretty easy to read between the lines and see how right Jim is.

Ancestry.com boasts in an ad that I can get 11+ billion records right on my iPad.

FamilySearch, historically known as the Genealogical Society of Utah, has been collecting and preserving records for over a hundred years with missionary zeal, literally.   Says wikipedia

FamilySearch.org also contains the catalog of the Family History Library in Salt Lake City, Utah. The library holds genealogical records for over 110 countries, territories, and possessions, including over 2.4 million rolls of microfilmed genealogical records; 742,000microfiche; 310,000 books, serials, and other formats; and 4,500 periodicals.

Of course there are also lots of other sites with data, hosting family trees, offering crowdsourcing capabilities to work together and, well, all of the other issues I think Jim had in mind talking about genealogy as big data.  I see his point.

Of course, thinking of genealogy as another example of the big data discussion doesn't absolve  it any responsibilities to step up its game and stay on top of the fast-changing questions.

Explains the New York Times article:

Along with fueling privacy concerns, of course, the mainframes helped prompt the growth and innovation that we have come to associate with the computer age. Today, many experts predict that the next wave will be driven by technologies that fly under the banner of Big Data — data including Web pages, browsing habits, sensor signals, smartphone location trails and genomic information, combined with clever software to make sense of it all.

The whole article is worth a read--and substitute "genealogy" in the context of ideas and examples, and I think we have a good starting point to look at genealogy, privacy, tech and data.

The article can be found here:




We're Getting Some Attention! Thanks, Jordan and Cyndi

by Bradley Jansen March 24th, 2013 2:50 pm

Jordan Jones, the new president of the National Genealogical Society--and a guy that gets the importance of the privacy aspects--spoke at their luncheon yesterday during the RootsTech conference.

The slides are available at




Jordan specifically promoted our site here (in full disclosure, he has been invited to blog here when we get enough of our ducks in a row to make this the group blog of people from different disciplines which is the plan).  Further proof mutual admiration societies can be fun.

Aside from the shout out to this site, do check out his presentation to see the genealogical community's dedication to addressing the privacy issues as well as an good examination of the problems we need to try to solve.

Similarly David Rencher of FamilySearch gave a great rundown of the issues to address--most importantly privacy issues--earlier at RootsTech: "Legal and Legislative Issues Facing Genealogists"



Legal_and_Legislative_Issues_Fa (DOCX)
Legal_and_Legislative_Issues_Fa (PDF)

One of, if not the, most popular genealogical sites on the web is Cyndi's list (no actual information there just an unimaginably large number of links for what seems like every research topic.  Her site is the go-to site if you don't know what you're looking for exactly or where to go to find what you want.

Check out her new section here:


Genealogical Privacy Project New!

The aim of this project is to offer privacy advocates, genealogists, technology experts and others to talk with each other rather than past each other.

We're off to a good start with a lot of exciting things coming down the pike--stay tuned!



Genealogical Privacy Project Kicked Off At RootsTech

by Bradley Jansen March 23rd, 2013 4:41 am

RootsTech is, I believe, the largest genealogical conference in North America at least:  6,700 people pre-registered (I don't know how many walk-ins they had this year, but in previous years it was a lot)--and that doesn't count the 2,000 teenagers that are coming for a Saturday only session geared towards them.

It's also the genealogical conference focused on technology.  So it was the perfect place to unveil the genealogical privacy project to bring together the genealogical, tech and privacy communities.  Thanks go to Fred Moss of the Federation of Genealogical Societies for planning, scheduling and promoting the event:

"Genealogists, Technologists, Privacy Advocates: We Really Need To Talk"


Fred Moss, Jim Dempsey of the Center for Democracy and Technology and I spoke at an informal panel moderated by Dick Eastman (über genealogy blogger).  Each of us spoke briefly, introduced a few issues and then took questions from the floor.  Let's just say we sparked a spirited discussion and got great reviews and feedback before convention staff finally kicked us out of the room.  This website was officially, publicly unveiled at the "unconferencing" session--and Cyndi Howell of Cyndi's List fame promptly promoted it to 20 something thousand of her closest friends on Facebook!

Representatives of state societies asked some great questions and are looking for better guidance to give out to their members.  We offered some during the session (more to follow soon in another post) with the expectation that the discussions on this soon to be group blog might offer some great advice.

While difference of opinions were clearly exhibited, everyone seemed to recognize the need to at least air them and start these discussions.  The consensus was that we do need to reach out to other groups in the tech and privacy communities and start working together more.

I can neither confirm nor deny that Fred Moss took this sentiment to heart and promptly went out to meet up with more groups and tattooed "Genealogical Privacy Rules!" to demonstrate his commitment...


Building bridges

Building bridges


Stupid Privacy Filters

by Bradley Jansen March 22nd, 2013 3:47 pm

Why are privacy filters so dumb?  Worse, why do we just accept it?

One of the biggest reasons genealogy has a bad name with the privacy community is that they are the ones who get the complains of our bad behavior.  The best solution would be for genealogists to do a better job cleaning up our act.

The concern is a real and valid one.  When the privacy filters on our software fail (and be honest, we all know people living people slip through)--or worse when some don't bother using them at all!--we expose people to all sorts of identify fraud problems.  Posting their names, birth dates (despite the other reasons for keeping that private), birth place, mother's maiden name, etc.  It's an open invitation to every identity thief on the internet.

Privacy filters are supposed to filter out the personally identifiable information (PII) of living people in our databases before we share or post our trees.  If you have a death date for everyone who is deceased, that works fine.  But honestly, we don't.  And we might not have birth dates for everyone so excluding everyone with a born after date doesn't work either.

When the database knows that someone is alive, the privacy filter ought to flag all of their descendants as living unless they have a death date.  Is this really too much to ask?  Perhaps our privacy community friends can up the heat on this question--and perhaps our tech friends can help with the solution.

We genealogists should be demanding stronger privacy protections that work from our software vendors and online hosts.  Software companies take a way too lax view of even applying privacy filters in their databases for us to use.  My own Reunion software didn't enable the privacy filter on the printing of charts until the latest version that came out less than a year ago.  This isn't good enough.


Benefits of working together: ECPA and SSDI

by Bradley Jansen March 22nd, 2013 2:40 pm

The first endeavors of this project are already bearing fruit.  Personal introductions have been made between many leaders of the privacy, tech and genealogical communities.  Some misperceptions have been challenged--and new ways of understanding disagreements are coming to light.

Many groups have come together on a letter to US Sen. Orin Hatch on the changing of genealogy from papers in local depositories to online and cloud computing collaboration.  This evolution raises lots of issues that we should be addressing together.

Here is the letter many privacy, tech and genealogical organizations jointly signed to Sen. Hatch:





Welcome to the Genealogical Privacy Project

by Bradley Jansen March 22nd, 2013 1:58 pm

The aim of this project is to help resolve problems by creating a venue for the genealogical, privacy and tech communities to come together.

Some of the problems vexing us include identity theft, DNA and medical testing and sharing, access to vita records, use of the Social Security Death Index (SSDI) internet security, and new technologies and methodologies.

I think we'd all be better served by talking *with* each other rather than past each other.

I've been an amateur genealogist for three decades now (starting when I was very young, obviously!).  I've also been a privacy activist for much of my professional life.  As long as I kept these worlds separate, everything is fine.  The biases are opposite: genealogists want information open and free; privacy advocates don't.

Obviously in the real world, things aren't that simple.  Hopefully here we can work together to figure out the *how* to share and disclose information appropriately.

I don't think the privacy and tech communities give the genealogical community as much credit for what they do to protect privacy.  And I don't think the genealogical community is doing nearly enough of what it should be doing.  Part of the problem is expertise that the privacy community could help with--and part of the solutions will be technological where those from the tech perspective can help.

Here's to a new beginning!