Government Data Leaks Implicate Future Government Data Collection Efforts

On the list of concerns recently expressed about police conduct, data privacy ranks relatively low. However, a recent privacy leak by the New York Police Department’s union has shown how data privacy concerns can arise in any situation.

On May 30, the NYPD union tweeted a picture of a computer screen showing recent NYPD arrests relating to the recent civil disturbances following the widely publicized deaths of George Floyd, Breonna Taylor, and others. New York mayor Bill de Blasio’s daughter, Chiara, appeared on the report. The unredacted screenshot showed her name, her birth date, and her driver’s license information—the last being considered personally identifiable information under New York law. Twitter removed the post as a violation of its rules and suspended the union’s account.

This may emphasize a trend  of privacy leaks with potential  political motivations. Recently, a New York law firm suffered a ransomware attack wherein the attackers promised to leak information from the firm’s servers pertaining to President Trump if their demands were not met. In 2017, the Chinese government allegedly hacked a law firm’s server and published personal information belonging to the firm’s client, a dissident; a court recently denied the law firm’s motion to dismiss the dissident’s suit against it. In 2014, a group allegedly affiliated with North Korean government infiltrated Sony Pictures Entertainment and published its confidential emails, along with personal email of executives, allegedly to stop the release of a movie critical of the North Korean government.

Even when there is no political agenda, government agencies have disclosed private information by accident. In February, the Department of Defense suffered a data breach that exposed individuals’ names and social security numbers. In 2015, the Officer of Personnel Management revealed that the social security numbers of 21.5 million people were stolen in a data breach. Various state governments have also suffered severe data breaches, with millions of people affected.

These leaks and breaches come at a cost to government activities. Currently, governments are asking their citizens to trust them with more of their personal information, including their location data, to combat COVID-19 and other ills. In part to shore up public trust, various states have imposed limits on law enforcement agencies’ use of personal information, and the federal government may follow suit. The police union’s privacy leak represents the sort of disclosure that could undermine the public trust necessary for governmental contact tracing to work.

In light of the foregoing, we can expect two things. First, we can expect the trend of politically motivated leaks to continue, as they have for years. Second, in light of governments’ and government-affiliated entities’ accidental and/or intentional disclosures of public information, we can expect lawmakers to focus on data security for government entities going forward.