Privacy Concerns and Safeguards in the Governmental Dissemination of Bankruptcy Data on the Internet

Privacy Concerns and Safeguards in the Governmental Dissemination of Bankruptcy Data on the Internet

Journal Issue: 
Column Name: 
Journal Article: 

H.R. 833, commonly known as the Bankruptcy Reform Act of 1999, stands to impose numerous new requirements on bankruptcy courts, bankruptcy clerks and trustees in their administration of the U.S. bankruptcy system. The Reform Act requires the government to both collect and disseminate information regarding bankruptcies on a national level. Specifically, Title VII of the bill states that "the national policy should be that: (1) all public-record data held in electronic form by bankruptcy clerks should be released in electronic form in bulk to the public..."

This need for the collection and dissemination of information is in no way a new issue in bankruptcy reform. In October 1997, the National Bankruptcy Review Commission (NBRC) called for reform of what it saw as a current state of "a dearth of timely, accurate bankruptcy data." Indeed, the NBRC traced such demand for reform as far back as the 1973 Commission Report that led to the current Bankruptcy Code.1 Now, however, as a direct result of the advances in technology and communication, it seems that the goal of the national dissemination of uniform bankruptcy data can be accomplished. Unfortunately, a byproduct of achieving this goal is the continued encroachment on individual privacy in the era of freely attainable and widely disseminated information.

Benefits of Disclosure vs. Protection of Privacy

In the wake of the newly found ease of access to information, scholars and professionals alike have recognized the need for the government to take appropriate steps to protect individual privacy in what many have deemed the Information Era.2 In H.R. 833, Congress specifically refers to these concerns, stating that any bankruptcy data to be made available to the public in electronic bulk form must be "subject to appropriate privacy concerns and safeguards as the Judicial Conference of the United States may determine."3

In "Government's Emerging Role as a Source of Empirical Information in Bankruptcy Cases,"4 Joseph Guzinski discusses the tension between allowing public access to sensitive bankruptcy information vs. the protection of individual privacy. He points out that in exchange for the benefits of bankruptcy, individuals voluntarily divulge private details about their lives that, absent the need for bankruptcy, they would likely not discuss.5 Of specific concern is the divulgence of certain tax and financial information as well as the potential disclosure of private medical information that might be included on proofs of claims filed by unpaid health providers. Moreover, Guzinski notes that all this information, once disclosed in bankruptcy, becomes part of the public record and freely available to the public. Nonetheless, in an era of instant information, where in a matter of seconds a computer search can reveal intimate details regarding an individual's life, the access to this information is simply different than in the past.

Prior to the development of the Internet, there were numerous practical barriers that stood in the way of access to information. In the NBRC Final Report, it states, "Today, nearly all information in court files is open to the public. However, access requires citizens to appear at the courthouse, wait in long lines, request the papers, wait for them to be found in the files and then inspect them in the courthouse. Making photocopies often requires waiting in additional lines and using coin-operated copying machines. These factors create practical barriers to easy public access to sensitive personal information."6 If H.R. 833 is passed in its current form, this sensitive personal information would be available in seconds to anyone in the world with a computer and a modem.7 It is clear that the practical barriers existing up to now "cannot possibly be considered a reasonable long-range solution to the problem [of individual privacy concerns]." With the passage of the Reform Act, the Judicial Conference will be faced with the difficult task of formulating appropriate guidelines and safeguards to effectively protect new federal privacy concerns as mandated by the statute.8

Current State of Privacy Law and Legislative Proposals

Although there is relatively little case law on the issue of online privacy, a number of regulations and commissions have been proposed in Congress that may be beneficial in aiding the Judicial Conference in creating guidelines for the protection of privacy rights in the online dissemination of bankruptcy data. Those of significance appear to be: a) 16 CFR 313, "Privacy of Consumer Financial Information"; b) Fed. Reg., Vol. 64, No. 212, pp. 59918-60065, "Standards for Privacy of Individually Identifiable Health Information"; c) 16 C.F.R. Part 312, "Children's Online Privacy Protection Rule"; and d) H.R. 4049, The Privacy Commission Act.

While none of these proposed federal regulations are presently in effect, the issues addressed therein and the proposed methods of compliance are good examples of the different approaches that the Judicial Conference might consider in attempting to establish safeguards in the dissemination of bankruptcy data in order to limit, as much as possible, any unnecessary intrusions into an individual debtor's privacy.

Privacy of Consumer Financial Information. The Federal Trade Commission (FTC) has recently proposed a comprehensive set of regulations (proposed rule) that will circumscribe the way financial institutions collect, use and disclose non-public personal information from consumers. See Privacy of Consumer Financial Information; Proposed Rule, 65 FR 11175 (March 1, 2000). The Proposed Rule was enacted pursuant to the Gramm-Leach-Bliley Act, and if adopted will go into effect on Nov. 13.

Overall, the Proposed Rule will force financial institutions to a) notify consumers about the financial institution's privacy policies and the manner in which the company will use the information it receives from consumers, b) give a consumer the right to prevent the financial institution from disclosing that consumer's non-public personal information to others, and c) create methods for protecting the privacy of information a financial institution receives from consumers. The Proposed Rule will also create an absolute bar to a financial institution's disclosing, "other than to a consumer reporting agency, the account number or similar form of access number or access code for a credit card account, deposit account or transaction account of a consumer to any non-affiliated third party for use in telemarketing [or] direct mail marketing through electronic mail to the consumer."9

Standards for Privacy of Individually Identifiable Health Information. On Oct. 29, 1999, President Clinton and Health and Human Services Secretary Shalala proposed the following new regulations as part of the government's ongoing battle to tackle the issue of privacy with respect to health care information in the electronic information world. The gist of these proposed regulations is as follows:

The new regulations would (1) limit the non-consensual use and release of private health information; (2) inform consumers about their right to access their records and to know who else has accessed them; (3) restrict the disclosure of protected health information to the minimum necessary; (4) establish new disclosure requirements for researchers and others seeking access to health records; and (5) establish new criminal and civil sanctions for the improper use of disclosure of such information.10

Children's Online Privacy Protection Rule. Finally, there is the Children's Online Privacy Protection Rule (16 C.F.R. Part 312), which will have gone into effect on April 21. This new rule is designed to curb the online collection and dissemination of information provided by children. The Kid's Rule seeks to accomplish this goal by requiring the operator of a website to: a) post a special privacy notice on the site, b) provide actual notice to a child's parent before collecting information from a child and c) obtain verifiable consent from that parent before the operator "collects, uses or discloses a child's personal information."11

The Privacy Commission Act. One of the key policy concerns underlying the Privacy Commission Act, which was submitted to the House on March 21, is:

The commission shall conduct a study of issues relating to protection of individual privacy and allowing appropriate uses of information, including the following: (1) the monitoring, collection, and distribution of personal information by federal, state and local governments, including personal information collected for a decennial census, and such personal information as a driver's license; (2) current efforts to address the monitoring, collection and distribution of personal information by federal and state governments, individuals or entities including (A) existing statutes and regulations relating to the protection of individual privacy, such as §552a of Title 5, U.S. Code (commonly referred to as the Freedom of Information Act); (B) legislation pending before Congress; (C) privacy protection efforts undertaken by the federal government, state governments, foreign governments and international governing bodies; and (E) self-regulatory efforts, initiated by the private sector to respond to privacy issues.12

If the bill is passed and the commission established, it will no doubt be a tremendous aid in the future study and development of privacy protection policies. This commission should be a valuable resource to both the Judicial Conference in fulfilling its obligation under the Reform Act, and to the government as a whole as the dissemination of information by the government becomes increasingly pervasive. In view of the constant change in technological advances in hardware and software, the law must strain to keep pace.


In order for the government to create a workable and effective set of guidelines for the protection of privacy in the context of online information collection and dissemination, it should focus on three critical elements to establish appropriate safeguards:

  1. Identify the "information" that it seeks to protect. Simply put, the government should identify the particular information (e.g., tax or medical) that needs protection. While this might be simplistic, it is a necessary step in creating a policy that effectively but efficiently addresses privacy concerns, yet allows for the accomplishment of the Reform Act's goal of disseminating accurate bankruptcy data to the public.
  2. Disclose the practice to be followed. The government needs to inform individuals filing for bankruptcy of its practices regarding the collection and dissemination of information.
  3. Consent to the dissemination. The government should implement a policy or procedure whereby bankruptcy clerks receive an individual debtor's consent for the online collection and dissemination of information that is filed in electronic form in the course of a personal bankruptcy proceeding. This could be accomplished in a number of forms, from an express waiver and signature requirement, to notice of implied consent, to such government action by filing for bankruptcy protection. Whichever method is adopted, it will be a necessary part of an appropriate set of guidelines.13


1 Bankruptcy: The Next Twenty Years, NBRC Final Report, Oct. 20, 1997, at 919. Return to article

2 See Sovern, Jeff, "Opting In, Opting Out or No Options at All: The Fight for Control of Personal Information," 74 Wash. L. Rev. 1033. Return to article

3 H.R. 833, Title VII. Return to article

4 Guzinski, Joseph A., "Government's Emerging Role as a Source of Empirical Information in Bankruptcy Cases," 17 October Am. Bankr. Inst. J. 8 at 42-43. Return to article

5 Id. at 42. Return to article

6 NBRC Report, Oct. 20, 1997, pg. 932. Return to article

7 See Sovern, Jeff, "Opting In, Opting Out or No Options at All: The Fight for Control of Personal Information," 74 Wash. L. Rev. 1033, for an expansive look on the compilation of information over the Internet and the increasing infringement of individual privacy in the United States. Return to article

8 To be sure, the Federal Judiciary Conference is well aware of the task and has indeed asked for assistance in establishing guidelines and safeguards to protect privacy concerns while allowing for the widespread dissemination of bankruptcy data. See, e.g., Statement of the Federal Judiciary: State of Judge WM. Terrell Hodges, Chairman, Executive Committee, Judicial Conference of the United States, 6/11/98, §11, Bankruptcy Reform Bills and Information Issues:

One concern we have with the House bill is that it expresses "the sense of the Congress" that all public-record data held by bankruptcy clerks in electronic form should be released in electronic form to the public on demand. A number of individuals and consumer groups have raised privacy concerns over this provision...As these two bills make their way through Congress, I urge the members of this subcommittee and others in Congress to consider their impact on the judiciary. Id. Return to article

9 16 C.F.R. §313.3. Return to article

10 Zanger, Larry and Frieden, Andre, "New Security and Privacy Regulations for Personal Health Information," McBride, Baker & Coles, ITEC Law Alert, Vol. 9, No. 4 (December 1999). Return to article

11 Sanders, George, "Children's Online Privacy Protection Rule Will Force Many Web Sites to Change Their Information Collection Practices," McBride, Baker & Coles, ITEC Law Alert, Vol. 10, No. 1 (March 2000). Return to article

12 H.R. 4049, §4(a) (Duties of Commission). Return to article

13 The author wishes to thank Micah Marcus and George M. Sanders of McBride, Baker & Coles for their assistance with this article. Return to article

Bankruptcy Code: 
Journal Date: 
Monday, May 1, 2000