Greyson alerted me to an article from the Vancouver Sun detailing new access policies for British Columbian archives that contain private personal data. Researchers who want to access records with sensitive personal data are being subjected to security checks of their computers, offices, and even homes. Apparently such checks, which seem on the surface outrageous (not to mention expensive) are already being carried out on Canadian and US researchers.
Draconian rules on archives use cast a chill on researchers
Stephen Hume, Vancouver SunPublished: Wednesday, November 28, 2007
Part of the problem seems to be in the definition of personal information. As Hume writes, it is defined as:
“an individual’s name, address or telephone number; race, national or ethnic origin, colour or religious or political beliefs or associations; age, sex, sexual orientation, marital or family status; an identifying number, symbol or other particular assigned; fingerprints, blood type or inheritable characteristics; health care history including a physical or mental disability; educational, financial, criminal or employment history; anyone else’s opinions about the individual; the individual’s opinions, except if they are about someone else. In other words, it’s a big net with a fine mesh.”
But as badly conceived as these definitions and the resultant new policies seem, they echo concern for an important point: archives do contain some truly sensitive personal data, and the permissions for reuse of that data can be difficult to determine. If personal data is collected in government records for one purpose, and then stored and used by researchers for another, has an individual’s privacy been invaded? How can archives be sensitive to both the rights of the subjects of their collections, and the needs of future researchers?*
The problem with the approach described in Hume’s article seems to be that it places the responsibility for privacy protection solely on the researcher, and assumes that security checks are the right tool to enforce that responsibility. This errs in two ways. First, invading the privacy of researchers in order to protect the privacy of records subjects seems awfully counterproductive. Second, it it is the archive that has collected, processed, and made this information available, and the archive should therefore bear much of the responsibility for privacy protection. Archivists need to be much more proactive in setting privacy policies and incorporating an ethic of privacy directly into appraisal decisions (“appraisal” is the process by which archivists decide to keep or discard a record or group of records). If less sensitive data is retained in personal records, there is less risk to the persons documented in the records. Archivists should carefully consider keeping records with data so sensitive that they could not entrust it to an outside researcher.
*For a nice discussion of archival ethics of privacy, those with access to the archival journals Archivaria or Archival Science can see Cook, T (2002) Archives and privacy in a wired world: The impact of the Personal Information Act (Bill C-6) on archives, Archivaria, 53(Spring), 94-114 and Iacovino, L, & Todd, M (2007) The long-term preservation of identifiable personal data: a comparative archival perspective on privacy regulatory models in the European Union, Australia, Canada and the United States, Archival Science, 7, 107-127.