Opinion Urges End to Genetic Privacy

by Bradley Jansen April 24th, 2013 3:10 pm

I am not advocating for this view, just to be clear (valuing both persoal privacy and respect for contracts), but I thought it ought to be mentioned.

In an opinion piece in Popular Science, Erin Biba argues in "Don't Be Afraid of Your DNA" that: Privacy is a pipe dream. Let’s start saving lives.

 Here’s the thing: Lack of genetic privacy isn’t just something to accept. We should embrace it. Scientists currently have just a tiny stock of human genomes, which they’re mostly unable to share between institutions because of restrictive regulations.Imagine the possibilities if we open-sourced all our DNA.  The Human Genome Project is public, but it’s just one sequence. And most biotech companies, such as 23andMe, consider their databases proprietary. The two main groups that share full genomes of individuals (the 1000 Genomes Project and the Personal Genome Project) together have only about 1,500. This closed system is holding research back.

 Again, not my view, but one I thought we should be aware of moving forward.

The article can be found here



New Effort on SSDI Reform

by Bradley Jansen April 24th, 2013 2:00 am

After a few years of some hearings, a few bills, and ultimately an inclusion in President Obama's budget proposal, the privacy and fraud concerns with the Social Security Administration's Death Master File (DMF) and its commercially available Social Security Death Index (SSDI) have moved the issue to the forefront--it's likely now that this Congress will address the problem.

There are many different competing concerns and issues, but over the course of the debate, the sides have come (relatively) close together.  Most agree that there should be a short (two or three year) delay for SSDI access except for legitimate purposes.  Everyone agrees that fraud detection and prevention are legitimate purposes.

Nearly all genealogists would lose immediate access with no real problems.  Others however need immediate access.  Medical researchers (who are often working with genealogists on hereditary diseases) use the SSDI to find cures for genetic diseases, etc.--in short, they use the SSDI to help save lives.

In addition, a few forensic and legal genealogists need immediate access to the SSDI for select purposes.  Some genealogists use the SSDI to help identify military remains, others use it to find families for John Does in county morgues and other foresic reasons.  Additionally, there are some genealogists who need immediate access of the SSDI for legal reasons such as heir researchers finding family descendants, et al., to settle estates, etc.

The real answer, of course, is for Congress to fix the problems that government created.

Until then, here is my one-pager for a quick introduction to the issue:


Also, I highly recommend this Statement from the Council for the Advancement of Forensic Genealogy which they submitted for the Johnson Hearing Feb 2nd.




Sacrificing Privacy to Stop Incest

by Bradley Jansen April 17th, 2013 12:13 pm

Put that in the category of post titles I never expected to write.

Apparently everyone in Iceland is related--some more closely than others, obviously.  To avoid the embarassment of seeing a sexual hookup at a future family reunion--to say nothing of the genetic implications of inbreeding, there is a new app linked to a genealogical database in Iceland to help potential lovers avoid future problems.

New App Prevents Icelanders from Sleeping With their Relatives



We all derive from the same family tree. An online registry, Íslendingabók  ('The Book of Icelanders') holds information about the families of about 720,000 individuals who were born in Iceland at some point in time. Today, the population in Iceland is just about 320,000. The database can be found on islendingabok.is and everyone registered in the database has free access to it.

I'm not even really sure what else to say, so I'll just leave it at that.


Hearing on Tax ID theft - April 16 2013

by Bob Gellman April 15th, 2013 4:59 pm

Some may have an interest in this hearing.

Apr. 16, 10:00 a.m., Tax Fraud and Tax ID Theft: Moving Forward with Solutions - The Senate Finance Committee will hold a hearing with witness testimony from Steven T. Miller, Acting Commissioner, IRS; Nina E. Olson, National Taxpayer Advocate, IRS; Jeffrey A. Porter, Chair of the Tax Executive Committee, American Institute of Certified Public Accountants, and Founder, Porter & Associates; and Marianna LaCanfora, Deputy Commissioner, Retirement and Disability Policy, Social Security Administration.. Dirksen Senate Office Bldg., Room 215.



Obama Plans to Restrict DMF/SSDI Access

by Bradley Jansen April 10th, 2013 9:55 am

According to press reports, the Obama Administration plans to address the real problems associated with the tax abuse issue related to access of the Social Security Administration's Death Master File and its commercially-available Social Security Death Index.

The article can be found here: http://openchannel.nbcnews.com/_news/2013/04/09/17675084-white-house-to-propose-restrictions-on-master-death-file-to-fight-tax-fraud?lite

We don't know details yet, but many ideas from different groups have been put forth.

The article spells out part of the problem:

The crime of stealing someone's identity to get a tax refund has exploded,  and some of that growth involves fraud based on the identify of taxpayers or dependents who have died. The IRS says it stopped five million suspicious returns last year, up from three million in 2011.  That amounts to phony claims for $20 billion in refunds blocked last year, up from $14 billion the year before.

and gives an insight into the approach the Administration is likely to take:

In its budget proposal to be sent to Congress Wednesday, the administration will propose delaying public release of death data for at least three years, while still making it available to users able to demonstrate a legitimate need for it.

I think most genealogists are fine with the three year wait for general family research.  Three years is also a good number for those living people who are misidentified as deceased to clear up the "greatly exaggerated" death reports.

However, it should be noted that there are some exceptional circumstances when genealogists do need more immediate access to the death information.  Our letter to Sen. Hatch cited Judy Russell explaining, “there are genealogists who do need that kind of [immediate] access — genealogists who work to identify military remains, who work with coroners’ offices and medical examiners, who are forensic genealogists, heir researchers, and those researching individual genetically-inherited diseases.”


HIPAA privacy rule eases access for medical genealogy

by Judy Russell April 8th, 2013 2:05 pm

[Cross-posted from The Legal Genealogist]

One for our side

There's been a major breakthrough in records access for those of us with family medical issues that we research in part through our genealogy.

Quietly, without much fanfare, the federal Department of Health and Human Services (HHS) has finally come around to understanding that closing medical records forever, even after the death of the person treated, isn't the way to go.

It adopted a new set of rules earlier this year, effective just two weeks ago, that opens medical records 50 years after the patient's death.

The change -- first proposed nearly three years ago1 -- came in an omnibus Final Rule adoption governing a vast array of issues under the federal Health Insurance Portability and Accountability Act (HIPAA) designed primarily to update personal privacy rules in light of technological changes in medical recordkeeping.2 The rule was adopted in January and became effective on March 26th.

As far back as 2003, archivists had complained to HHS about the old rule, under which personal health information was to be protected forever and only disclosed even after the patient's death only if the legal representative of the estate authorized it.

In 2005, Stephen E. Novak of Columbia University had quoted from those earlier complaints in an HHS conference, explaining that “certain historical, biographical and genealogical works where the identity of the individual is the whole point could not be written, such as the Pulitzer Prize-winning A Midwife’s Tale, based on the late 18th and early 19th century diary of Maine midwife Martha Ballard.”3

Nancy McCall of the Johns Hopkins Medical Institutions told that same conference that “a number of state archives have acquired the records of defunct hospitals in their states and do not know whether they are covered entities. This is especially important for mental hospitals and TB hospitals that have closed.”4

All of those participating pleaded for clarity -- and for access.

The new rule is, finally, the HHS response.

In its rulemaking, HHS recognized the problems inherent in “the lack of access to ancient or old records of historical value held by covered entities, even when there are likely few surviving individuals concerned with the privacy of such information. Archives and libraries may hold medical records, as well as correspondence files, physician diaries and casebooks, and photograph collections containing fragments of identifiable health information, that are centuries old. Currently, to the extent such information is maintained by a covered entity, it is subject to the Privacy Rule.”5

It noted that the “majority of public comment on this proposal was in favor of limiting the period of protection for decedent health information to 50 years past the date of death. Some of these commenters specifically cited the potential benefits to research. A few commenters stated that the 50-year period was too long and should be shortened to, for example, 25 years.”6

Based on its review and the public comments, HHS concluded:

We believe 50 years is an appropriate period of protection for decedent health information, taking into account the remaining privacy interests of living individuals after the span of approximately two generations have passed, and the difficulty of obtaining authorizations from a personal representative of a decedent as the same amount of time passes. For the same reason, we decline to shorten the period of protection as suggested by some commenters or to adopt a 100-year period of protection for decedent information.7

So, as of the 26th of March, HIPAA's definition of “protected health information” expressly excludes information regarding “a person who has been deceased for more than 50 years,”8 and covered entities need only comply with HIPAA “with respect to the protected health information of a deceased individual for a period of 50 years following the death of the individual.”9

Now the fact that the federal government isn't standing in the way doesn't mean that all of us with family health issues can rush out and expect to be given immediate access to those old health records that may tell us so much about things we face today. The feds have never been the only player in the privacy game -- state laws may also restrict access to health information.

But it's a major breakthrough to have the federal government finally move out of the way of access to records of critical importance.


1. Notice of proposed rulemaking, 75 Fed. Reg. 40868, 40874 (14 Jul 2010).
2. See “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules,” 78 Fed. Reg. 5565 (25 Jan 2013), PDF version, U.S. Government Printing Office (http://www.gpo.gov/fdsys/ : accessed 7 Apr 2013).
3. Minutes, 11-12 January 2005, Subcommittee on Privacy and Confidentiality, National Committee on Vital and Health Statistics, HHS.gov (http://ncvhs.hhs.gov/ : accessed 7 Apr 2013).
4. Ibid.
5. “Modifications to the HIPAA ... Rules,” 78 Fed. Reg. 5613-5614.
6. Ibid., 78 Fed. Reg. 5614.
7. Ibid.
8. 45 CFR §160.103.
9. 45 CFR §164.502(f).


Licensing Our Privacy?

by Bradley Jansen April 6th, 2013 6:30 pm

Internet industry analyst Larry Downes has thrown down the gauntlet to the privacy community to defend their approach to information over his way.

The policy analysis can be found here:


There one can read his summary blog post and find links to download the analysis in PDF and other formats.

He lays out out the background thusly:

Americans are torn between two historical and cultural traditions about privacy. The Puritan vision of true information transparency on the one hand lives uncomfortably with the frontier’s promise of anonymity and personal reinvention on the other. When the Puritan vision encroaches too quickly on the frontier vision, it produces an emotional response—the “creepy factor”—that tends to recoil from innovative new uses of information. But “creepiness” often abates as familiarity grows.

Downes argues that treating personal information as intellectual property does not work and he argues for a "licensing" approach that "assumes joint ownership and licenses specific uses based on mutual exchange of value."

The policy analysis does not specifically address genealogy, but the main themes of how we treat personal information, other data and privacy are all issues well known to genealogists.


Need for Dialogue: Oregon Vital Records Bill

by Bradley Jansen April 4th, 2013 1:49 pm

Thanks to Dick Eastman for bringing the issue to my attention a bill introduced in the Oregon House that would drastically limit the availability of vital records.

His post is here:


Eastman explains, "Oregon House Bill 2093 contains wording that, if passed, will restrict family members and genealogists from accessing records that have been previously available to them."  Section 33 of the bill would change popular access from death records from 50 years to 75 years, marriage records from 75 years to 100 years, and birth records from 100 years to 125 years.

Eastman elaborates:

However, the new rules will not apply to "the subject of the record; spouse, child, parent, sibling or legal guardian of the subject of the record; an authorized representative of the subject of the record, spouse, child, parent, sibling or legal guardian of the subject of the record; and, in the case of death, marriage or divorce records, to other next of kin." Those individuals may obtain copies at any time.

 The vital records question is one of great interest to the privacy and genealogical communities.  This is a perfect time and this is the perfect place to start that dialogue.

The full text of the proposal may be found at



The Strong Link Between Tech and Genealogy

by Bradley Jansen April 2nd, 2013 11:51 am

All of these numbers are take from Dick Eastman's blog post:


At the recent RootsTech conference at Salt Lake City, "more than 6,700 people from 49 U.S. States (why was no one there from Delaware?) and 17 countries were in the Salt Palace Convention Center for the opening day of the RootsTech Conference on March 21."  That was just the pre-registration numbers not counting walk-ins.

Eastman elaborates:

That number does not include the nearly 2,000 teen-agers who attended a special "genealogy for youth" session on Saturday. Boy Scout merit badges for genealogy were awarded to many at this session. If you add in the teen-agers, the total attendance at RootsTech 2013 had to be nearly 9,000 individuals.

As if that isn't enough, another 10,000 people viewed classes and events via live streaming online video, and another 4,000 participated by remote satellite broadcast at Family History centers in 17 locations in seven countries, including the United States, according to FamilySearch.

That totals about 23,000 people, give or take a few, who attended or at least watched some part of RootsTech2003. Who says the popularity of genealogy is slipping?

"Now, hang onto your hat. You ain't seen nuthin' yet."

Buoyed by this year's success, FamilySearch announced on the opening day a plan to export RootsTech to 16 locations around the U.S. and in several countries later this year. The intent is to hold local "technology within genealogy" sessions at each of the 16 locations, all of them to be conducted in the local language. Probably none of them will attract the crowds seen last week in Salt Lake City, but each session is expected to attract hundreds of local attendees, possibly even a few thousand.

As if that wasn't enough, FamilySearch also announced plans for next year: not only will a big conference be held again in Salt Lake City (mark your calendar for February 6 through 8, 2014), but that conference will also be exported next year to 600 locations worldwide. Yes, that's 600 locations, meaning there will be an average of more than 10 RootsTech conferences EACH WEEK.

Total expected attendance in 2014 will be about 120,000 live attendees at these worldwide locations. When was the last time you heard genealogy conference organizers discuss attendance figures of 120,000 attendees?

I think that is a huge goal. However, I also suspect FamilySearch is capable of meeting it.




Death and Privacy Part II

by Bob Gellman April 1st, 2013 4:39 pm

Do Dead People Have Privacy Rights?

Part 2 of 2

In Part I of this post, I discussed privacy rights after death in the context of health records.  Let’s look at how some other laws treat the issue.

Under the Privacy Act of 1974, a law that applies to federal agencies only, deceased individuals (and their next of kin) have no privacy rights.  See DOJ Overview of The Privacy Act of 1974 at 12 (2010), http://www.justice.gov/opcl/1974privacyact.pdf.  The Freedom of Information Act offers no privacy protections beyond death either.  Aggressive reporters file a FOIA at the FBI following any celebrity’s death, just to see what’s available, and quite a few interesting stories resulted, especially from the J. Edgar Hoover era.

The “traditional” FOIA bright line answer isn’t so clear any more.  In 2004, in a case that followed the suicide of White House Deputy Counsel Vince Foster, the Supreme Court found that Foster’s family had a right to privacy that justifies withholding of photographs of crime scene photos.  https://supreme.justia.com/cases/federal/us/541/02-954.  There was a similar result in a FOIA case where the withholding of the tape recording of the final minutes of the Challenger space shuttle astronauts was also justified on the grounds of the privacy of surviving family members.

If you think about it, privacy rights of family members do not exist before death.  An individual can stand up in public and reveal something loathsome or hereditary about himself that reflects poorly upon or otherwise upsets his relatives.  Family members don’t have a right (as far as I know) to stop the disclosure in the interest of their privacy.  Does the family’s privacy interest arise from nothing at the instant of death?  Apparently.

For my nickel, the key to these cases is that they were decided by public figures like Supreme Court Justices and other judges.  The Justices looked at Foster’s death and thought that their deaths could be of public interest under the right circumstances.  They would want to spare their families, so they did the same in these cases.  It’s an understandable human reaction, even if it is harder to much sense of the principles.  There are other messy but less flashy FOIA cases about privacy of the dead.

Remember when Dale Earnhardt died in a crash during the last lap of the 2001 Daytona 500?  Under Florida law, autopsy photos were disclosable as public records under state law.  There was a rush for the photos, accompanied a dread that gruesome photos would be plastered all over the Internet.  In less than two months, the Florida Legislature changed the law so that the release of autopsy photos required approval of the next of kin.  A policy that stood for a long time was overturned just like that.  Not surprisingly, grieving families seem to receive a lot of sympathy in these matters.

The European Union has a lot of privacy law, and the protections of the law apply to living individuals.  However, the issue is no simpler in Europe than it is here.  A group of data protection officials observed recently that it may not be clear if an individual is living, that information on dead individuals may also relate to living individuals, that rules other than data protection rules may extend specific privacy rights after death, and that laws in some countries may extend privacy protection to cover dead individuals.  http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf.

We are not done with examining privacy issues and death.  According to the Identity Theft Resource Center, identity thieves obtain information about deceased individuals to commit identity crimes.  Thieves watch the obituaries, obtain death certificates, or get information from websites that offer the Social Security Death Index file.  http://www.idtheftcenter.org/artman2/publish/c_guide/Fact_Sheet_117_IDENTITY_THEFT_AND_THE_DECEASED_-_PREVENTION_AND_VICTIM_TIPS.shtml.

Now we are getting an issue that is of current interest to genealogists, I intend to wind up here.  I don’t want to get into the particulars of that debate now.  What I wanted to demonstrate is that the right of privacy after death is a complex and difficult subject.  Bright lines are hard to find.  Simple and clear policies produce complicated legal and policy problems.

Personally, I don’t think there’s a right or wrong answer here.  Or a one-size-fits-all answer either.  We already have different policies for different laws and circumstances.  They may not all make sense, but that’s the real world.  That's what we have for privacy before death too.

Many interests can be affected by privacy-after-death data issues, and each interest should have a say in any debate.  The struggle between openness and privacy is a familiar one generally, and the players and stakes are a bit different after death.  It’s unfortunate that cases and policy are often decided during the emotional time following a death.  Grieving widows tend to receive press attention and political deference.

I think that it is possible to seek reasonable balances and responses to current issues.  No matter where you come out on privacy and death, I hope that you can agree with that point.