FamilySearch Explains Practices to Protect Privacy of Living People

by Bradley Jansen September 15th, 2013 2:14 pm

Kudos go out to  over at FamilySearch.org for her blog post


explaining both the importance of genealogists protecting the privacy of records of living people as well as how to do it.  She begins:

FamilySearch Family Tree has been available to everyone since March 2013. Since then, new features and enhancements have been added. During this time, we have discovered some concerns relating to the records living individuals and to features such as deleting a person or merging records.

Records of the Living and the Deceased

In general, there are two rules regarding the Family Tree records: (1) Everyone can see and edit deceased records, and (2) only the original contributor can see a living record due to privacy rules. Yes, there are exceptions to both of these rules, but this article will focus on when a living person is accidentally marked as deceased.

One of the biggest motivating factors against genealogy and for the limiting of access to vital records has been the irresponsible posting of personal information about living people by genealogists.  While most of us, certainly, try to get it right, more education has to be done--and constantly re-iterated because of the constant addition of new researchers who haven't consider these questions.

In addition, the genealogical community still needs to do more to raise our standards and improve our privacy protecting tools (such as the development and use of crude at best by software privacy filters).


Adoption and Genealogical Privacy

by Bradley Jansen September 10th, 2013 8:08 pm

Although there has been some previous discussion of genealogy and right to access to records for adopted children, a new story presents an awkward twist.  In the United Kingdom, two twins who were separated at birth and then adopted out somehow found each other--and got married.  Upon discovering the truth of their background (we don't know how), the marriage has been annulled:

 The pair apparently had no idea they were related, though felt an “inevitable attraction” that brought them together.

The article then goes on to explain:

According to adoption officials in the UK, one of the biggest problems is the way in which human beings are naturally and instinctively drawn towards those they are similar to and share traits with. The west has a generally severe attitude toward incest which is considered abhorrent by most, but once the family tie is removed from the equation the attraction felt between related individuals can be completely overwhelming.

So, there we are.  Like the Icelandic post, I think I'll just leave this at that.  The full article can be found here:



Ancestry.com Used for Tax Fraud

by Bradley Jansen September 6th, 2013 11:23 am

The genealogical community has been alarmed at the growing movement to restrict access to vital records.  One of the most debated examples is the possibility of the end of access to the Social Security Administrations Death Master File (and its commercially available Social Security Death Index, SSDI).  See related posts here.

Too many have taken a heads in the sand approach that genealogical records and couldn't be used for anything but peaches and cream.  Ignoring our responsibilities for sound data management policies and practices is a recipe for disaster.

Hat tip to Dick Eastman for bringing attention to the tax fraud case of a family using Ancestry.com records for tax fraud, "The family used the family research website Ancestry.com to find names and Social Security Numbers of recently deceased people and used the information to file fraudulent claims."  He links to the original story here.

In light of the potential for abuse of information in its databases, Ancestry.com changed its practices for SSDI searches:

Why can’t I see the Social Security Number? If the Social Security Number is not visible on the record index it is because Ancestry.com does not provide this number in the Social Security Death Index for any person that has passed away within the past 10 years.

So while Ancestry.com might not be a source for SSDI criminal abuse, other genealogical sites also access to the SSDI database without such a long delay.  Of course, the real problem lies with the Social Security Administration, as Eastman explains:

Apparently the Internal Revenue Service wasn't smart enough to do the same thing: the IRS sent refund checks without checking the Social Security's Death Master File despite the fact that the death records have been available to the IRS as well as to banks, credit card companies, and to many others for years.

I am always amazed that the Internal Revenue Service issues refund checks without even performing a simple look-up to see if the payee is alive. That look-up could be performed within a few milliseconds on the IRS computers.

Genealogists who want continued access to vital records need to engage government officials as well work with the privacy community and technology experts.  Eating sand doesn't taste like peaches and cream.


URGENT Threat to records access in EU (European Union) -- Your Help is Needed!

by Bradley Jansen September 4th, 2013 3:31 pm

Reposted by request of Jan Meisels Allen


URGENT Threat to records access in EU (European Union) -- Your Help is Needed!


The following information comes from Jan Meisels Allen, The International Association of Jewish Genealogical Societies (IAJGS) Vice President and Chairperson, IAJGS Public Records Access Monitoring Committee via Jan Alpert (NGS Past President) ...

... [there are] deep concerns with the proposed EU Data Protection regulation which is scheduled for a vote in September-date unknown. The vote has postponed four times so far. If passed as currently written it will have a chilling effect on access to records that are critical to genealogists. The IAJGS Board of Directors determined this was an issue of such significance that IAJGS would write to the Ministers of Justice in each of the 28 EU countries asking them to relay our concerns to their EU Council representative. While there are many issues of concern with the proposed regulation, the IAJGS decided we should focus on two issues that while relevant and examples used are specific to Jewish Genealogy- truly affect everyone...

Here are three slides from a presentation Jan recently made at the Federation of Genealogical Societies (FGS) conference.
Do you have roots from one of the 28 EU countries?  If so you may not be able to see your ancestry records- birth, marriage, death, property, etc, on any internet site in the future if this regulation goes through as proposed.  Regardless of where you are or the Internet site is located - if it contains personal  records of people from any of the EU countries access will be determined by this regulation.  YOU need to get involved and let your thoughts be known to the Minister of Justice in the EU country you are researching your ancestral roots!
Check out the Records Preservation and Action Committee (RPAC) web site post European Union Proposed Data Protection Regulation for:
o       the letter sent by (IAJGS) regarding the EU Proposed Data Protection Regulations
o       links to reports published in the press about the proposed regulations
o       a protest petition “The European Parliament: Adjourn the adoption of the regulation about personal data” by the Greece, German, Polish, Norway and Italian associations of archivists whose petition now has over 50,000 signatures
In part, the petition implores ...
... Europe must not forbid data preservation, but on the contrary ensure their protection and controlled access. It must ensure citizens that sufficient technical, financial and human resources, including the presence of skilled professionals will be granted to manage data properly.
To avoid a decision with irreparable consequences, we ask the European commission to adjourn the adoption of this regulation and debate it in depth.
The consequences of the proposed EU Data Protection regulation would be far reaching and severely impact future genealogy and health research. I, as is true for many, am hesitant to write because I don't know what to say. Like many, I have ancestors from England.  In fact, I was born in England while my father served in the US Military.  The aforementioned posted IAJGS letter to the UK gives all of us a template to tailor as we see fit. Our access to records in the future is in jeopardy.  Do voice your concerns!
As with all RPAC pages established to monitor a records access situation, do check back frequently for updates.


The European Union Court Advocate General's Opinion on Right to Be Forgotten

by Bradley Jansen September 4th, 2013 12:52 pm

Reposted with permission from Jan Meisels Allen:

On June 25, 2013 the European Union Court rendered an opinion by one of the Advocate General’s [read below about the court structure] in the case brought by Google vs. the Spanish Protection Agency.  In the opinion, Advocate General Jääskinen, stated that he considered that search engine service providers, such as Google, are not responsible regarding the Data Protection Directive for personal data appearing on webpages they process. The opinion has three findings one of which addresses the issue of personal data and the “right to be forgotten” by the individual, if the individual wants the data posted to be removed. “the Directive does not establish a General ‘right to be forgotten’. Such a right cannot therefore be invoked against search engine service providers on the basis of the Directive even when it is interpreted in accordance with the Charter of Fundamental Rights of the European Union”.

The Advocate General’s Opinion is not binding on the Court of Justice It is the role of the Advocates General to propose to the Court, in complete independence, a legal solution to the cases for which they are responsible. The Judges of the Court are now beginning their deliberations in this case. Judgment will be given at a later date.
Therefore, we do not know at this time if this opinion will encourage the EU Council to cease the provision of “right to be forgotten” in their Proposed Data Protection Regulation.  In addition, the section of the proposed regulation that pertains to historical research and documents would not necessarily be affected by the “right to be forgotten” .
European Court of Justice Structure
The European Court of Justice, based in Luxembourg interprets EU law to make certain it is applied in the same way in all EU countries. It also settles disputes between EU governments and EU institutions.  There is one judge per EU country. The Court is helped by eight ‘advocates-general’ whose job is to present opinions on the cases brought before the Court. Advocates-general are only required to give their opinion on the case if the Court believes that the particular case raises a new point of law. The Court does not necessarily follow the advocate-general's opinion.  To learn more about the EU Court go to: http://europa.eu/about-eu/institutions-bodies/court-justice/
As more information is known it will be presented on this announcement list.
Thank you to Eden Joachim, President of the LitVak SIG for providing us with information on the Court’s Advocate General opinion.
Jan Meisels Allen
IAJGS Vice President
Chairperson, IAJGS Public Records Access Monitoring Committee


The Start of New York's I-STOP Program

by Kenneth H. Ryesky September 2nd, 2013 11:01 pm

Last year, New York's Governor Andrew Cuomo signed into law the Internet System for Tracking Over-Prescribing (I-STOP) Act, which establishes a database of prescriptions for certain addictive medications and requires physicians and pharmacists to use that database to screen for duplicate prescriptions from multiple doctors.  The objective is obviously to control the abuse of prescriptions to obtain the addictive pharmaceuticals.

The impetus for this legislation was a 2011 quadruple execution-style murder, by an addict, at the Haven Pharmacy on Long Island.  The killer was sentenced to what will surely amount to life without parole, and his wife received 25 years for her complicity.

One of the victims was 17-year-old Jennifer Mejia, whose only crime was working at her gainful employment at the pharmacy when the killer came in and opened fire.  I did not know Jennifer or her family, but the news of her murder hit me especially hard because when I was 17 years old, I, too, was employed part-time after school at a local small town pharmacy.

This was back in the early 1970's, before Section 1203(d) of the Tax Reform Act of 1976 amended I.R.C. § 6109 to require the use of Social Security Numbers in the taxation process, a giant step towards their ubiquity in today's society.  It is safe to say that, with few exceptions if any, the only SSNs in the pharmacy's records were those of the employees.  None of the records were computerized; each customer had an index card with his or her prescription history.  Other high school students (one of whom happened to be a classmate of mine) came in a few evenings per week to maintain the record cards by typing them on the typewriter.  [The most advanced information technology used by the drugstore was not for the purpose of maintaining customer records, but rather, was the teletype terminal used in store's ever-contracting sideline business as the town's Western Union telegram franchisee; I thus had occasion to deliver more than a few Western Union telegrams during the course of my employment there.].   The information security measures in place at the pharmacy in those days were the norm for businesses at the time, but would be considered insignificant by today's commercial standards.  Even so, the Old Man did make abundantly clear that information regarding customers' personal medical situations, including and especially the drugs they were prescribed, was nobody else's business, and that he would view breaches of such confidentiality with greater disdain and alarm than things such as coming in late or goofing off on the job.  My successor in the position received a mild reprimand for the fender bender he had with the store's delivery station wagon; I am sure that the Old Man would not have given him a second chance had he blabbed about a customer's specific prescriptions to a third party.   The technology and society have changed tremendously since the early 1970's.  We are now able to keep pharmacy customer records in real time, and coordinate the pharmacy's records with the physician's records, not to mention the healthcare insurance records.   New York's I-STOP database has just gone live, and, Newsday reports, "In its first three days of use, New York State's new online system for tracking prescription pill abuse discovered at least 200 instances of apparent doctor shopping, when patients visit a number of doctors in search of prescriptions for pain pills."   As with any other database containing personal information, there are advantages and disadvantages, plusses and minuses, and potential for good and for harm.  In no particular order, the following ponderables and imponderables come to mind; do feel free to add to the list when you comment:

The patient's name; the patient's residential address; the patient's date of birth; the patient's gender; the date on which the prescription was issued; the date on which the controlled substance was dispensed; the metric quantity of the controlled substance dispensed; the number of days supply of the controlled substance dispensed; the name of the prescriber; the prescriber's identification number, as assigned by the DEA; the name or identifier of the drug that was dispensed; and the payment method, together with "such other information as is required by the [New York State Department of Health] in regulation."

The date of birth is of obvious interest to genealogists.  As matters currently stand, the I-STOP data is not to be disclosed to the public.  But with the sheer numbers of physicians and pharmacists who must access it, there are obvious security issues.

  • B.  Those security issues noted above are all the more salient in light of the Affordable Care Act's effective incentives for businesses to cut costs by hiring less full-timers and more part-timers, thereby avoiding the responsibility to offer healthcare coverage.  Governmental employers are also getting in on the act as well, as are colleges and universities.  This mean not only more individuals involved, but a workforce whose job tenure, and identity with and loyalty to their employers will, in many cases, be quite attenuated.
  • C.  The statute itself is devoid of SSNs.  But the database might also include "such other information as is required by the [New York State Department of Health]."  It is not difficult at all to imagine the DOH adding SSNs as a parameter.
  • D.  Nor is it difficult to imagine identity thieves obtaining prescriptions in the name of identity theft victims.
  • E.  The big chain pharmacies are already maintaining databases which include the purchases of non-prescription items, and are already using such information to personally target their marketing to their customers.  I regularly receive promotional coupons from Rite Aid for the types of items I frequently purchase there.  I started receiving a spate of coupons for candy, which I personally do not consume or purchase.  Sure enough, my wife, who sometimes uses my Rite Aid customer rewards card, had been purchasing candy at Rite Aid.  Query:  What is there to prevent the I-STOP database from being used or misused to market products or services to consumers?
  • F.  The real time verification which was actually achieved by the I-STOP program, and proven successful by the detection of questionable cases, surely offers lessons to the IRS in how it might approach detecting identity theft in the filing of tax returns.

Bottom Line:  Those concerned with promoting information security should be watching New York's I-STOP program.   Identity thieves certainly will be watching it and testing it.