Privacy and security concerns raise increasing concern to those forced to release personal information during lawsuits in an era of increasing identity theft. People who bring law suits or who are drawn into lawsuits must identify themselves and relevant background. But how far do they have to go?
Federal Rule on Privacy and Security
Federal courts identify four categories of information protected against full disclosure. Federal Rule of Civil Procedure 5.2 protects against full disclosure of social security number, date of birth, the name of a minor and bank account or other financial account numbers.
So, where issues require disclosure, parties must redact all but the last four digits of a social security or taxpayer identification number. With regard to a date of birth, parties need only disclose the year and not month and day. The names of minors are not disclosed, only the minor’s initials. If bank account or other financial account numbers are pertinent in litigation, only the last four digits must be disclosed.
These are the federal rules but many states have similar requirements.
Who is Responsible for Protecting Privacy and Security in Court Documents?
It is up to the parties who file papers to make redactions, that is, make sure that the names of minors and full account numbers are removed from papers filed in court. The reason for making sure court filings are bereft of personal data is fairly obvious. Most, not all, court filings have always been public. People wanting information could always go to a courthouse, look at docket lists and review files.
However, with electronic filing and remote access from anywhere with a computer, the need for privacy reached epic proportion.
Personally Identifiable Information or PII
Personally identifiable information is the legal term given to personal information. PII, the acronym, refers to any information that could lead to a person’s identity or might help locate the individual. So the actual information covered goes far beyond the four categories listed above.
For example, Massachusetts courts issued an order safeguarding non-public personal information for data collected in the courts. This includes all documents filed in court. Their definition of protected PII includes everything in the federal rule, plus driver’s license, passport number, and mother’s maiden name. Only the last four digits are required for the numbers and only the first letter of the maiden name is required.
Bankruptcy rules require redaction of all four of the types of information covered in the federal rule. Bankruptcy Rule 9037 imposes strict requirements on all filers. One creditor violated the rule by disclosing the social security numbers and account numbers of people who filed bankruptcy in ‘proof of claim’ forms, declaring money purportedly owed by the debtors. The creditor was ordered to notify all individuals whose information was disclosed, to implement policies making sure no further personal information breaches would ever happen again, and the improper filings were placed under restricted access.
Privacy and Security in All Cases
Whether it is a personal injury case, a bankruptcy or any other civil case, those who file documents in court must adhere to rules which vary by jurisdiction. Privacy and security rules apply even to certain discovery documents which are not actually filed in court such as answers to interrogatories. Where the information is absolutely positively required, the courts generally apply mechanisms that protect the information from public disclosure, but allow the information in a private setting or under seal.