The grand Commonwealth of Massachusetts has, of late, taken a serious interest in the protection (from identity theft) of its residents’ private information. This is, to be sure, a good thing, in the abstract, and far better than other objects that the state could be/has been engaged in. I have been fortunate enough (knocking on wood as I write this) to not have become a victim of identity theft to this point in my young life. And, I am well-pleased each time I learn of a new way devised by the aggressively clean-living Puritan ancestors loving and legislating and judging within the confines of my home to protect from prying eyes me and my credit card numbers and those of my fellows. Of course, in reality, what is good for the gooses is not always good for the ganderers; and, in the case of the newly-unveiled Supreme Judicial Court Interim Guidelines for the Protection of Personal Identifying Data, what is good for the citizen, generally, may not be so good for the lawyer, advocatingly.
As is the case with the Massachusetts statutory and regulatory data privacy regime (as embodied via the Massachusetts General Laws chapters 93H (and CMRs) and 93I, which topics have been much addressed, perhaps ad nauseum, by LOMAP, generally, and, specifically: here and here and here (in chronological order) here at the blog), so is the case with the Interim Guidelines: protection for residents means additional administrative burden for businesses and for law firms/attorneys. With the imposition of the Interim Guidelines, the courts have decided, in essence, that, well, it is especially important to protect residents’ private information as it would otherwise appear in court filings, since that personal information is made a part of the public record, by way of court submission and recordation, and under the auspices of public access laws. Thoughtful of the court system to redact sensitive information from your submitted documents, isn’t it? Well, not so fast there, chief. You’ll be the one doing the redacting, or, at least, it’s suggested that you, please, be the one who does the redacting.
Here’s why and how:
On July 17, 2009, the Massachusetts Supreme Judicial Court announced that it had approved Interim Guidelines for the Protection of Personal Identifying Data (PID) in Publicly Accessible Court Documents. The Guidelines became effective September 1, 2009. In addition to the requisite press release, the SJC also released the full Interim Guidelines, if you like to read. If you don’t, the SJC has also released what is a really very-well-done (which is just how I like my stake), quickie, summary fact sheet, that outlines the purpose and effect of the Guidelines. You can read them for yourself as linked out; but, for the purposes of filling out this blog posting, and just in case you like to read even less than I thought, here’s the upshot:
The Guidelines apply to all cases in all Massachusetts courts with respect to documents that are (or become, once filed, I suppose), publicly accessible.
. . .
Henceforth, the Filer (i.e.–you, and not some superhero who likes to keep his nails trim) should delete (white out, black out, omit) to the last four digits personal identifying data (PID) that includes the familiar 93H data sets, plus taxpayer identification and passport numbers or to the first initial of a mother’s maiden name. Any deletions made are then to be tagged with the following information: filer’s name, the date, the phrase “PID Guidelines”.
. . .
Exceptions (labeled “Exemptions”, in the Guidelines) are five, as follows: (1) when full inclusion is required by law or rule; (2) for certain PID in criminal or youthful offender cases; (3) when filer reasonably believes complete information must be included, in order to resolve a particular issue or for the identification of a person; (4) for transcripts of court proceedings; (5) for documents that are produced directly by non-parties in response to court orders, or subpoenas.
. . .
Clerks are directed to encourage compliance with the Interim Guidelines, but will not be reviewing documents for compliance, nor will they be rejecting documents for non-compliance.
. . .
Some interesting points from the full Guidelines, which you should obviously review, as well: (1) the Guidelines apply to both paper and electronic filings; (2) “filer” is broadly defined, and includes, by way of example, police officers applying for search warrants and amici curiae; (3) filers must maintain and make available unredacted copies of redacted documents (exhibits, but e.g.–not drafted motions, or other documents drafted specifically for filing with the courts, which documents should be drafted to avoid inclusion of complete personal identifying data sets); (4) the Guidelines introduce specific additional mandates for Appellate Court filings, since those documents become more widely available than trial court documents.
So, that’s not so terrible, right? And, if you think about it, it makes sense for a variety of reasons. Court documents are widely, and more widely so everyday, available, and are available online, to boot, which means that there is a large treasure trove of otherwise unprotected personal information available to the diligent identity sneak thief. My reading of the General Law Chapter 93H is that the court system is not required to comply with the law, as a department of the state government (if you disagree, just bear with me for a moment, it may become immaterial, our disagreement, that is) . . . but, that would represent a massive gap in the law, given the becoming public nature of court documents, and given the aforementioned loopholiness of the entire system design. If the courts were asked to comply with the statute, they could not make many existing court documents public, as they are required to do. If they were asked to redact documents on the order of the Guidelines produced, it would cripple the entire court system, which is already overburdened and underfunded. So, really, the only way to protect personal information/PID of residents (what have you) is to eventually make redaction (really reduction) of PID an affirmative duty of submitting filers/parties, mostly attorneys. (Let’s not fight anymore.) And, in any event, it’s likely best practice anyway: I was doing this myself in the drafting of documents, at least, in the long ago days of my practice. Besides, a savvy application of systems creations, the adaption of workflows and the adoption of appropriate technologies will make the bit of redacting just another minor matter that attaches to court filings, in the end. Applying electronic redactions is far easier than using the typewriter. (Get rid of it already!)
But, if you still and really, really hate these Guidelines,
or even if you’d just like to see them tweaked, you ca
n complain and cajole, as well as send, your comments and suggestions to PIDGuidelines@sjc.state.ma.us. Remember, these guidelines are just that at the moment, having not yet become effective requirements. They, or something like them, though, will become requirements, however; but, as of now, you still have the ability to affect the final form of rules by voicing for your changes.
. . .
That’ll be all for me, as I am off for a long weekend of my own making. But, when I return, you can be sure that I’ll be right back at the blog, carrying on the good work that’s always gone down here in #2.
But, for now, Let the wild rumpus start!