Bradley Jansen (editor)

avatar

Bradley Jansen is the director of the Center for Financial Privacy and Human Rights, part of the Liberty and Privacy Network, a Washington DC-based non-profit founded in 2005 to defend privacy, civil liberties and market economics. He is an adjunct scholar at the Competitive Enterprise Institute. Previously at the Free Congress Foundation, Jansen safeguarded privacy and other Constitutional liberties including testifying before Congress on the USA PATRIOT Act proposal, National ID, and other issues. While working for U.S. Rep. Ron Paul, he initiated and lead opposition to the "Know Your Customer" proposal. Jansen holds a B.A. in International Studies from Miami University (Ohio), learned Spanish at the Pontificia Universidad Javeriana (Colombia), and with advanced studies in economic history at Universidad Católica de Valparaíso (Chile) and law and economics at George Mason University School of Law.

He is a columnist with The Daily Caller, The Huffington Post and Nolan Chart.

avatar

Ancestry's Privacy Policy Change

by Bradley Jansen June 30th, 2015 2:21 pm

If you haven't heard, Ancestry.com has changed it's privacy policy.  Over at geneabloggers, Thomas MacEntee has a wonderful post red-lining the changes.  See this PDF linked here:

http://www.geneabloggers.com/wp-content/uploads/2015/06/COMPARE-ACOM-POS-20140801-20150626.pdf

More generally, it's a good idea to follow news on developments not only of changes to privacy policies, but other corporate news as well.  Companies get bought and sold, and these ownership changes may bring changes to the privacy policies or other data use issues.

Similarly, sometimes companies go out of business (I am NOT trying to start a rumor about Ancestry.com or any other genealogy company!), and what happens to the data might be different in a bankruptcy proceeding than the company's stated privacy or other policies may indicate.

Some years ago, I wrote an op-ed "Our Bankrupt Privacy Policies" on exactly how the Federal Trade Commission approved the prostitution of personal consumer data in a bankruptcy proceeding.  Toysmart.com had a privacy policy saying, “When you register with Toysmart.com, you can rest assured that your information will never be shared with a third party."  Despite this clear statement, the FTC approved the selling of that information to a third party buyer.

In short, don't post or share any information--especially Personally Identifiable Information (PII) of living people--that you wouldn't want shared when privacy policies change or company ownership changes--especially if it goes out of business and bankruptcy proceedings put your personal information on the selling block.


avatar

Privacy at RootsTech

by Bradley Jansen February 9th, 2015 1:43 pm

If anyone will be attending RootsTech later this week and/or the Federation of Genealogical Societies conference, I'd like to highly recommend an unconferencing session: RT1922 "Genealogists, Technologists, Privacy Advocates: We REALLY Need to Talk!"

The session by Fred Moss and Jim Dempsey will address some important issues:

  • How the Internet is changing our lives
  • Resolving “Big Data” issues
  • Interests of the genealogical community
  • Genealogists share Privacy Concerns "Family Historians and their families are as vulnerable to the predations of identity thieves as any other citizen. Those who believe that genealogists are reckless with Personally Identifiable Information might be pleasantly surprised at some of the measures taken by websites and individual researchers. Our belief is that dialogue among genealogists, technologists, and privacy advocates offers the best potential for developing even better protective measures." 
  • Recent initiatives to restrict access to records

The syllabus can be found here:

https://rootstech.org/bc/content/pdfs/Class-Syllabus/RootsTech/RT1922_WeReallyNeedToTalk_Dempsey_Moss.pdf?lang=eng

The talk will be Friday (Feb. 13) in 251A at 4:00 pm.


avatar

Happy Data Privacy Day!

by Bradley Jansen January 28th, 2015 12:00 pm

Every year on January 28th since 2007, we celebrate Data Privacy Day (Data Protection Day to our European friends) going back to the start of the  Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.  The most important and pressing data privacy issue in the United States today is the fight to update the Electronic Communications Privacy Act.

The law that governs the privacy protections of your electronic communications (ECPA) such as text messaging, cloud computing, etc., was passed in 1986.  Needless to say, the general consensus is that the law needs updating. The Digital Due Process (DDP) coalition brings together a broad spectrum of groups from the left, including the American Civil Liberties Union, and the right including Americans for Tax Reform, as well as privacy groups, technology companies including Google, Microsoft, HP, Yahoo, Facebook, etc.

Importantly to this blog, I have to point out that the Records Preservation and Access Committee (RPAC) representing a more than critical mass of the genealogical community is part of DDP and helping in the fight to update ECPA.  Many of the reasons are spelled out in this letter to US Sen. Orin Hatch.

Yes, the genealogy community is active in the struggle to protect privacy.  For another example, check out Judy Russell's excellent post earlier today on this blog.

So here are some good privacy guidelines for genealogists:

  • Consent matters, as Judy explains.  Which dovetails with the general privacy principle of not sharing Personally Identifiable Information (PII) of living people without their consent, and
  • Law enforcement should need a warrant for content (except under well-established exceptions)--the Fourth Amendment should apply to the physical world and the digital one.

The more genealogists work to and respect privacy, the fewer problems we'll have with others wanting to restrict records access.

 


avatar

Genetic Genealogical Privacy Standards

by Bradley Jansen January 18th, 2015 1:12 pm

The Genetic Genealogy Standards Committee recently came out with a document on Genetic Genealogy Standards that can be found here:

http://www.thegeneticgenealogist.com/wp-content/uploads/2015/01/Genetic-Genealogy-Standards.pdf

My take at first blush is that it's good that the genealogy community continues to update its standards with the times--and that it increasing recognizes the importance of privacy in those standards.

For example, there are several sections where the standards address areas of concern to this blog:

2. Testing With Consent. Genealogists only obtain DNA for testing after receiving consent, written or oral, from the tester. In the case of a deceased individual, consent can be obtained from a legal representative. In the case of a minor, consent can be given by a parent or legal guardian of the minor. However, genealogists do not obtain DNA from someone who refuses to undergo testing.1

3. Raw Data. Genealogists believe that testers have an inalienable right to their own DNA test results and raw data, even if someone other than the tester purchased the DNA test.

6. Privacy. Genealogists only test with companies that respect and protect the privacy of testers. However, genealogists understand that complete anonymity of DNA tests results can never be guaranteed.

7. Access by Third Parties. Genealogists understand that once DNA test results are made publicly available, they can be freely accessed, copied, and analyzed by a third party without permission. For example, DNA test results published on a DNA project website are publicly available.

8. Sharing Results. Genealogists respect all limitations on reviewing and sharing DNA test results imposed at the request of the tester. For example, genealogists do not share or otherwise reveal DNA test results (beyond the tools offered by the testing company) or other personal information (name, address, or email) without the written or oral consent of the tester.

9. Scholarship. When lecturing or writing about genetic genealogy, genealogists respect the privacy of others. Genealogists privatize or redact the names of living genetic matches from presentations unless the genetic matches have given prior permission or made their results publicly available. Genealogists share DNA test results of living individuals in a work of scholarship only if the tester has given permission or has previously made those results publicly available. Genealogists may confidentially share an individual’s DNA test results with an editor and/or peer-reviewer of a work of scholarship. Genealogists also disclose any professional relationship they have with a for-profit DNA testing company or service when lecturing or writing about genetic genealogy.

The committee explains their process, membership, review of comments, etc., all here
http://www.geneticgenealogystandards.com

It was pointed out that many of the members on the committee have ties to 23andMe and Ancestry.com which should have been disclosed properly.

The question then remains whether the community will be able to self-regulate.  We will have to come back to this subject soon.


avatar

23andMe and Genentech reach deal on genetic research

by Bradley Jansen January 12th, 2015 11:11 am

According to a Forbes article, 23andMe has reached a very lucrative deal with Genentech--the first of nearly a dozen agreements the company has reached with pharmaceutical and biotech companies.

Explains the "Surprise! With $60 Million Genentech Deal, 23andMe Has A Business Plan" story:

Such deals, which make use of the database created by customers who have bought 23andMe’s DNA test kits and donated their genetic and health data for research, could be a far more significant opportunity than 23andMe’s primary business of selling the DNA kits to consumers. Since it was founded in 2006, 23andMe has collected data from 800,000 customers and it sells its tests for $99 each. That means this single deal with one large drug company could generate almost as much revenue as doubling 23andMe’s customer base.

“I think that this illustrates how pharma companies are interested in the fact that we have a massive amount of information,” says Anne Wojcicki, 23andMe’s chief executive and co-founder. “We have a very engaged consumer population, and these people want to participate in research. And we can do things much faster and more efficiently than any other research means in the world.”

The prospects of advances in genetic research should not be unappreciated, but the story raises the privacy implications of the 23andMe customers:

People who have bought 23andMe kits and agreed to donate their data to research (that’s about 600,000 of the company’s 800,000 customers) automatically consent for 23andMe to sequence their genomes. 23andMe says that it is also able to share anonymous and pooled data about their self-reported health traits without asking. But Genentech wants even more: it wants to look at health and genetic data on an anonymous but individual basis. For that reason, the company will have to ask customers if they want to enter the study.

Let's hope 23andMe has worked out the way to respect consumer privacy and promote genetic research!


avatar

Privacy Concerns Fuel Vital Records Access Restrictions

by Bradley Jansen December 30th, 2014 12:16 pm

Hat tip to Dick Eastman who posted "Privacy Concerns Raised about Vermont Town Reports of Births, Marriages, and Deaths" on his blog.  As he explained, "some [Pittsford,Vermont] residents are concerned that publishing birth, marriage, civil union and death names in the annual town report harms their privacy."  These concerns (sometimes very real and justified, sometimes not) are fueling the movement to restrict access to vital records that is quietly sweeping the country.  More here:

http://www.rutlandherald.com/article/20141224/THISJUSTIN/712249902

The Federation of Genealogical Societies, among other groups, has been warning about the loss of access to vital records for a few years now.  Almost a year ago, there was this update, "We expect the introduction of state legislation based on the unapproved 2011 Model Act and Regulations." referencing this report from March 2013:

The registration of births, deaths, marriages, and divorces is done on the local level, that is, by 50 states, 5 territories, the City of New York, and Washington, DC. Information contained in those records is shared with U.S. government entities such as the Social Security Administration.

To ensure successful sharing, the U.S. government has made available text that states may elect to use for law as well as for regulations describing how those laws are implemented. States are not required to conform to the Model Act and Regulations. Each state, city, or territory is free to implement laws and regulations for its own needs. Nonetheless, the Model Act can have significant impact. For example, the movement of state vital records offices into state Departments of Public Health was first advised by the 1977 version of the Model Act.

Beginning in 2009, a committee formed by the U.S. Department of Health and Human Services convened to update the 1992 Model Act. The National Association for Public Health Statistics and Information Systems (NAPHSIS) approved the update by resolution 8 June 2011. NAPHSIS is an association of representatives from the 57 states, cities, and territories. Members of the organization had participated in the drafting of the new Model Act.

Previous iterations of the Model Act have gone through periods of public feedback and revision before approval by the federal agency involved. The 2011 revision has not yet been made available for public review by DHHS (see their note here) and so it is not yet considered final. In the meantime, several state public health departments developed legislation that conformed to the unreviewed version of the Model Act. This past Friday, 1 March 2013, at noon Eastern time, NAPHSIS independently released the 2011 revision of the Model Act on its website. It can be downloaded here.

What does the new version do? It incorporates changes in technology over the twenty years since the 1992 version. It also changes the records closure periods. Please compare these periods to the ones currently in law in the states in which you research. If they differ, it would be wise to work with local genealogy societies to monitor for the introduction of state legislation affecting records closure.

  • Birth records closed for 125 years.
  • Marriage and divorce records closed for 100 years.
  • Death records closed for 75 years.

 

Unless family history researchers are comfortable with these proposed delays in access to vital records, they'd we be well served working to understand the underlying privacy concerns and actively addressing them.


avatar

EU Medical Privacy Rule Could Hamper Genealogical Research

by Bradley Jansen December 29th, 2014 8:40 am

Alan McQuinn at the Information Technology & Innovation Foundation wrote an op-ed "E.U. data privacy rules threaten medical research" recently.  He rightly raises the fact that the reality of circumstances is often more complicated than presented.  In this case, new medical privacy rules that sound great at first blush might have negative consequences for medical research and ultimately people's health.  Genealogists won't be none to pleased either.

Explains the op-ed,

Last March, the European Union proposed the General Data Protection Regulation (GDPR). The new privacy rules would dramatically harm the ability of researchers to conduct medical research throughout all of its member states. If allowed to pass in its current form, many in the medical community believe the GDPR could cost the European Union not only medical knowledge and money, but human lives as well.

The GDPR was created to protect Europeans’ personal data. In pursuit of this goal, it forces organizations that process personal data to obtain informed consent each time they want to use that data for a purpose other than for what it was originally collected. As the Center for Data Innovation’s Travis Korte has argued, while these regulations have chilling effects on many big data initiatives, their greatest potential for harm is in medical research.

He continues:

There are many solutions that could be incorporated into the GDPR to help it address these problems. For use of data after death, the GDPR should offer a mechanism to “donate your data to science,” giving blanket consent for a patient’s data to be used after their death. This would allow researchers that are studying rare diseases with limited access to patients to achieve effective sample sizes. The GDPR should also be more explicit about when organizations must seek consent to reuse data, or allow organizations to ask once to obtain consent for the reuse of data for multiple purposes. This “one-time consent” framework would reduce costs and regulatory uncertainty for organizations, as well as help address the problem of consent after death.

and concludes, "policymakers should craft narrowly targeted rules to mitigate specific harms, protect individual privacy and ensure medical research can flourish."

With genetic genealogy offering new avenues for research and medical genealogy offering real world insights that could help people with their health, we should tread carefully on how to both protect privacy and research responsibly.

Best to read the whole op-ed here:
http://fedscoop.com/eu-data-privacy-rules-threaten-derail-medical-research/


avatar

Facebook Privacy

by Bradley Jansen December 27th, 2014 6:36 pm

Like many other genealogists (amateurs at least), I use Facebook a lot.  The crowdsourcing and local knowledge aspects greatly help my research.  Unfortunately, Facebook isn't usually known as a champion for privacy--though Facebook is active in Digital Due Process and other pro-privacy activities.

Facebook, like many sites, sometimes changes its policies, and it behooves us to keep up with the changes.  A Huffington Post article explains some recent and forthcoming changes and how to protect your privacy there:

"How To Stop Facebook From Getting More Of Your Info, In 2 Steps"

http://www.huffingtonpost.com/2014/06/12/facebook-ads_n_5488980.html?ncid=fcbklnkushpmg00000063

Importantly, the article directs one to this site:

http://www.aboutads.info/choices/

as a way to customize ads and opt-out through your browser.

Consumers have lots of tools, if they're interested.


avatar

Lack of Respect for Privacy Curbs Records Access, ask Ireland

by Bradley Jansen July 23rd, 2014 11:08 am

I have been busy with some other issues and have not followed this case as quickly as I would like, but I have been shouting from the rooftops that the genealogy community needs to up its game respecting privacy or risk loss of records access.  The sooner this message sinks in, the better for us all.

The Irish genealogy news site brought this issue to our attention.  Kudos go out to Claire Santry for saying what needs to be said:

Just three weeks on from the launch of the General Register Office's civil registration indexes on IrishGenealogy.ie, the entire collection has been taken offline. Seems no one thought to mention to the Data Protection bods that the collection included personal information of living individuals right up to last year [emphasis added]...

To say this is a gigantic cock up is an understatement...

Embarrassing? It's downright pathetic.

My reaction to this news is unprintable.

She refers to two other articles for more information:

http://www.irishtimes.com/news/ireland/irish-news/genealogy-site-left-personal-data-open-to-identity-thieves-says-commissioner-1.1872664

and their followup here:

http://www.irishtimes.com/news/ireland/irish-news/personal-details-removed-from-site-over-identity-theft-concerns-1.1872741


avatar

Facebook Group Privacy

by Bradley Jansen April 22nd, 2014 11:48 am

Probably like many other genealogists (fellow amateurs as well as professionals) who are on Facebook, I'm in several genealogical groups (mostly geographic based on counties in the United States or provinces abroad).

I've been impressed with the privacy-consciousness of many of the groups.  In particular, I'd like to single out for praise the "Southern Maryland Families" Facebook group which has this message pinned by moderator Wanda Simmons as the top comment:

PLEASE READ THIS NOTICE CAREFULLY: To every member - while we strongly encourage everyone to reply to all discussions and share family history/lineage information with others here in this group, we ask that everyone please be aware of the privacy act laws and sensitivity issues when posting family history information. You cannot publically (and that includes here within our group) display a full month/day/year birthdate for anyone born after 1940 or if they are living. We do not want to invade anyone's privacy or break any laws. As with everything else we do in life, here we have a few rules and regulations to abide by and to watch out for when posting. Please, still feel free to continue to share family history in abundance, just as long as everyone is aware of and follows these very few but very necessary rules we will be fine. Thank you in advance for your cooperation and understanding with this matter. If you have any questions in reference to this post, please contact me. Have A Nice Day!

The moderators and, well, traditions and customs of many of the other groups have shown a laudable respect for protecting the privacy of living people.  This consciousness is much more important in the digital age.

So again, thanks and kudos to Wanda (who gives "all the praise and credit to our group members for holding to this thought/golden rule each day as they are posting and sharing their information"), and let's do what we can to make sure this understanding of the importance of privacy becomes more uniformly enforced within our community on Facebook and the rest of the digital world!


Next Page »