Interesting. The study says the authors obtained personally identifiable information on 79,678 California residents including names, date of birth, driver’s license number, sex, city, and zip code (and possibly more information as well–the description is not exhaustive):
79 678 individuals were followed up from their first handgun purchase in 2001 through 2013 … The study cohort was identified using the California Department of Justice (CA DOJ) Dealer’s Record of Sale (DROS) database, which retains information on all legal handgun transfers in the state.
The study participants were followed up from their 10th postpurchase day in 2001 until December 31, 2013, or a prior date when they could no longer be affirmatively identified as living California residents using public records. These records initially included the California Death Statistical Master File, California voter registration records, and DROS records. If a period of 3 years or more for an individual remained unaccounted for (53.0% of the study sample), we queried LexisNexis Public Records (see eAppendix 1 in the Supplement).
Linking variables for the cohort of firearm purchasers were obtained from the Dealers Record of
Sale (DROS) database. These included first name, middle name, last name, date of birth,
California driver’s license number, sex, city, and zip code. RAP sheets were linked to cohort
members using first name, middle name, last name, date of birth, and California driver’s license
number. Sex, city, zip code, and county were used to verify matches.
To link to California voter registration data in 2002
and 2014, we used first name, middle name, last name, date of birth, city, zip code, and sex.
Voter ID numbers were then used to follow people forward from 2002 and backward from 2014
to identify purchaser locations during interim time point
Who gave researcher Rose M. C. Kagawa–who works at the Violence Prevention Research Program at the University of California, Davis–access to this vast array of personally identifiable information? Can I go to the CA DOJ site and download all that information from Dealer’s Record of Sale (DROS) database myself?
Just for fun let’s look at California’s Information Practices Act of 1977 (aka California Civil Code §§ 1798-1798.78). We’ll start at 1798.24: “An agency shall not disclose any personal information in a manner that would link the information disclosed to the individual to whom it pertains.”
California being California, there are exceptions to the rule. Most do not apply. One might. It says that an agency (such as CA DOJ) may disclose personally identifiable information to researchers if a few dozen painstaking steps have been followed including detailed safekeeping and deletion requirements.
Of course California state agencies are free to enact stricter rules. California DOJ has a privacy policy that says: “We only use or disclose personal information for the specified purposes, or purposes consistent with those purposes, unless we get the consent of the subject of the information, or unless required by law or regulation.” This privacy policy is referenced in DROS forms.
That sure sounds like a promise, enforceable at law, not to hand out personally identifiable information to random researchers. What’s going on here?
Is it too cynical to say that we live in a post-constitutional post-privacy world, where state and federal bureaucrats can do what they want… as long as they don’t get caught? And even in the unlikely event that they do get caught, they can still retire on their full pensions.
Section 1798.45 allows an individual to bring a civil action against a California state agency. Injunctive relief is available. So are attorney’s fees (1798.48). “The provisions of this chapter shall be liberally construed.”
There’s interesting wording in 1798.53 suggesting that UC Davis researchers who disclose “information, not otherwise public, which they know or should reasonably know was obtained from personal information maintained by a state agency… shall be subject to a civil action, for invasion of privacy, by the individual to whom the information pertains.”
One more, in Section 1798.55: “The intentional violation of any provision of this chapter or of any rules or regulations adopted thereunder, by an officer or employee of any agency shall constitute a cause for discipline, including termination of employment.”
Other CA departments have done similar things. Remember when Wm. Simon Jr. ran for statewide office and his income tax files were released during the campaign?
Interesting. The study says the authors obtained personally identifiable information on 79,678 California residents including names, date of birth, driver’s license number, sex, city, and zip code (and possibly more information as well–the description is not exhaustive):
From the supplement:
Who gave researcher Rose M. C. Kagawa–who works at the Violence Prevention Research Program at the University of California, Davis–access to this vast array of personally identifiable information? Can I go to the CA DOJ site and download all that information from Dealer’s Record of Sale (DROS) database myself?
Just for fun let’s look at California’s Information Practices Act of 1977 (aka California Civil Code §§ 1798-1798.78). We’ll start at 1798.24: “An agency shall not disclose any personal information in a manner that would link the information disclosed to the individual to whom it pertains.”
California being California, there are exceptions to the rule. Most do not apply. One might. It says that an agency (such as CA DOJ) may disclose personally identifiable information to researchers if a few dozen painstaking steps have been followed including detailed safekeeping and deletion requirements.
Of course California state agencies are free to enact stricter rules. California DOJ has a privacy policy that says: “We only use or disclose personal information for the specified purposes, or purposes consistent with those purposes, unless we get the consent of the subject of the information, or unless required by law or regulation.” This privacy policy is referenced in DROS forms.
That sure sounds like a promise, enforceable at law, not to hand out personally identifiable information to random researchers. What’s going on here?
Is it too cynical to say that we live in a post-constitutional post-privacy world, where state and federal bureaucrats can do what they want… as long as they don’t get caught? And even in the unlikely event that they do get caught, they can still retire on their full pensions.
Section 1798.45 allows an individual to bring a civil action against a California state agency. Injunctive relief is available. So are attorney’s fees (1798.48). “The provisions of this chapter shall be liberally construed.”
There’s interesting wording in 1798.53 suggesting that UC Davis researchers who disclose “information, not otherwise public, which they know or should reasonably know was obtained from personal information maintained by a state agency… shall be subject to a civil action, for invasion of privacy, by the individual to whom the information pertains.”
One more, in Section 1798.55: “The intentional violation of any provision of this chapter or of any rules or regulations adopted thereunder, by an officer or employee of any agency shall constitute a cause for discipline, including termination of employment.”
Very sad to see this… but not unexpected.
Other CA departments have done similar things. Remember when Wm. Simon Jr. ran for statewide office and his income tax files were released during the campaign?