Judge lets privacy advocate keep Social Security numbers on Web site

Computerworld - Can a state government prohibit an individual from posting Social Security numbers online that were easily and legally obtained from government Web sites?

The answer, a federal judge in Virginia ruled last week, is a definite 'No,' at least for Betty "BJ" Ostergren, a privacy advocate who operates a Web site that posts Social Security numbers obtained from public records. Ostergren's postings are part of a campaign to show how easy it is to access very personal information on the Web.

In a memorandum issued last Friday (download PDF), Judge Robert Payne of the U.S. District Court for the Eastern District of Virginia ruled that it would be unconstitutional for the state of Virginia to force Ostergren to remove from her site Social Security numbers that she legally obtained from public records. A memorandum opinion does not create a legal precedent.

The Virginia chapter of the American Civil Liberties Union (ACLU) in June filed a lawsuit on behalf of Ostergren in Virginia's Hanover County. The lawsuit challenged the constitutionality of an amendment to Virginia's Personal Information Act, which forbids the dissemination of any records that contain Social Security numbers, no matter how the records were obtained. Violators are subject to fines of up to $2,500 plus $1,000 in court costs for each Social Security number posted.

Ostergen, who has been working for several years to force Virginia county governments to redact Social Security numbers and other personal data from records posted online, contended in the suit that the law was passed specifically to curtail her campaign.

Ostergren's Web site, The Virginia Watchdog.com, highlights privacy problems that can result from the posting of unredacted public documents such as land and tax-lien records posted on government Web sites. In recent years, she has chronicled dozens of cases in which local governments have inadvertently exposed Social Security numbers and other personal data on their Web sites, making them attractive targets for identity thieves.

As part of a campaign to draw attention to the issue, Ostergren routinely posts the Social Security numbers of high-profile individuals that she claims to have easily obtained from county and state government Web sites. The list includes former Florida Gov. Jeb Bush, former U.S. Secretary of State Colin Powell, former U.S. House Majority Leader Tom DeLay, former Missouri Sen. Jean Carnahan and several county clerks in Virginia.

Ostergren contended that the amendment to the state's Personal Information Act would have forced her to stop posting the personal information, while doing nothing to stop county governments from posting the same data.

She claimed that applying the amended statute to her Web site violated her First Amendment right to free speech.