Judge lets privacy advocate keep Social Security numbers on Web site
Virginia can't prevent dissemination of personal data readily available from its own Web sites
Computerworld - Can a state government prohibit an individual from posting Social Security numbers online that were easily and legally obtained from government Web sites?
The answer, a federal judge in Virginia ruled last week, is a definite 'No,' at least for Betty "BJ" Ostergren, a privacy advocate who operates a Web site that posts Social Security numbers obtained from public records. Ostergren's postings are part of a campaign to show how easy it is to access very personal information on the Web.
In a memorandum issued last Friday (download PDF), Judge Robert Payne of the U.S. District Court for the Eastern District of Virginia ruled that it would be unconstitutional for the state of Virginia to force Ostergren to remove from her site Social Security numbers that she legally obtained from public records. A memorandum opinion does not create a legal precedent.
The Virginia chapter of the American Civil Liberties Union (ACLU) in June filed a lawsuit on behalf of Ostergren in Virginia's Hanover County. The lawsuit challenged the constitutionality of an amendment to Virginia's Personal Information Act, which forbids the dissemination of any records that contain Social Security numbers, no matter how the records were obtained. Violators are subject to fines of up to $2,500 plus $1,000 in court costs for each Social Security number posted.
Ostergen, who has been working for several years to force Virginia county governments to redact Social Security numbers and other personal data from records posted online, contended in the suit that the law was passed specifically to curtail her campaign.
Ostergren's Web site, The Virginia Watchdog.com, highlights privacy problems that can result from the posting of unredacted public documents such as land and tax-lien records posted on government Web sites. In recent years, she has chronicled dozens of cases in which local governments have inadvertently exposed Social Security numbers and other personal data on their Web sites, making them attractive targets for identity thieves.
As part of a campaign to draw attention to the issue, Ostergren routinely posts the Social Security numbers of high-profile individuals that she claims to have easily obtained from county and state government Web sites. The list includes former Florida Gov. Jeb Bush, former U.S. Secretary of State Colin Powell, former U.S. House Majority Leader Tom DeLay, former Missouri Sen. Jean Carnahan and several county clerks in Virginia.
Ostergren contended that the amendment to the state's Personal Information Act would have forced her to stop posting the personal information, while doing nothing to stop county governments from posting the same data.
She claimed that applying the amended statute to her Web site violated her First Amendment right to free speech.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts