This post was written more than four years ago. The world changes fast, and the information, conclusions, or attributions may or may not still be accurate. Check the sources and links, and email me if you have any questions.

Last month The Journal News published an interactive map of where many gun permit holders in New York reside. According to state law, that information was public and the newspaper obtained it through a government data request. After posting the map, the newspaper was inundated with thousands of comments and messages from both outraged citizens believing the paper (and the underlying laws) violated individual privacy, and those who believe the data should be accessible.

In New York’s new NY Safe Act gun law that Gov. Andrew Cuomo signed on January 16 — which many consider to be the toughest in the nation — there’s also a provision that allows gun permit holders to request that their data be held private, and there’s a four-month moratorium on the release of any permit holder’s data to allow them the time to make that request.

Journal News publisher Janet Hasson told the New York Times, “While the new law does not require us to remove the data, we believe that doing so complies with its spirit.” Sen. Greg Ball told the AP that he is grateful that The Journal News “…will never be able to do something as dangerous and idiotic as this again.” On January 18, The Journal News replaced the interactive maps with zoomed-out static images that don’t reveal names and addresses of permit holders. Hasson wrote, “As a news organization, we are constantly defending the public’s right to know. Consequently we do not endorse the way the legislature has chosen to limit public access to gun permit data. The statute is very broad and allows anyone who meets certain criteria within qualifying categories to keep their permit information private.”

A poll on the website of the Los Angeles Times showed 84% of readers thought The Journal News erred by publishing the map in the first place.

But, where does the buck stop? The New York legislature had previously made the decision that all gun permit holder should be public, and government administrators complied with the law in releasing that data to the newspaper, who violated no laws in posting that data. Did the individual government agencies receiving requests have a responsibility to notify the legislature, who in turn had a responsibility to protect that data in an emergency session? Did the newspaper have a responsibility to not publish the data?

Did the state tell gun permit holders that their data would be public on the application?  This issue isn’t just about gun permits.  In order to become a registered voter, your voter registration data (such as your name, address, date of birth, and voting history) is public in most states. If you give money to political candidates or issue groups, your name, address and occupation is more than likely public. The personal information of lawyers, teachers, accountants, realtors, and insurance producers is all public information in many states. Police reports, crash reports, arrest data, motor vehicle registrations, and property tax and ownership information is all to a varying degree of public in every state.

The issue ends up being a determination of whether individual privacy concerns and the greater good outweigh the legislative intent of open government laws. In this case, a database of where every gun permit holder lives is close to being a database of homes with guns — information that can quickly lead to being a list of homes for thieves to target to illegally acquire firearms. So, in divulging names and addresses of permit holders in the interests of “report[ing] aggressively on gun ownership,” it may have actually served to put more guns in the hands of criminals.

This data has been public for years though. So does the public nature of the data constitute a violation of privacy, or only what is done with that data? Both, I would argue. But I also forsee this to be a repeating story of government data being used to violate the privacy of others.

I posted last month about Minneapolis Mayor R.T. Rybak and the Minneapolis Police Department creating a database that stores everywhere your car is spotted around the city with mobile license plate scanners. In storing troves of vehicle information in a police database before the legislature could act on the data classification and privacy issues, Mayor Rybak exposed the precise geographical coordinates of everywhere you park or drive. A vehicle repossessor started using the data and successfully repossessed at least one car, and MPD released the full database of 2.1 million license plate reads to a dozen people, including me. I’m happy to say that my efforts to get Mayor Rybak to protect the privacy of those individuals resulted in him directing staff to seek a temporary classification from the state, and that data is now non-public.

But it’s not just these issues that scream out for some legislative intervention. Imagine a criminal sending government data requests for the entire database of property tax payers, utility account holders, and police calls for service involving heart attacks, and using that data to narrow in on targets that might be older and weaker, may have just moved into a home and not had time to setup a security system, or using city-run water or trash service data to determine that a house is vacant.

I think everyone agrees that the residential addresses of police officers should be private information, but what about your hair stylist? Both are licensed and regulated by state boards.

The point is that legislative bodies have a lot of work to do in finding the right balance between individual privacy and transparent accountability. Sometimes high-level summary data will do, sometimes data can be de-identified so all the nitty gritty data is available to researchers without compromising privacy (something seen often in healthcare), and sometimes there needs to be an all-or-nothing approach. My hope is that legislative bodies don’t make reckless and sweeping changes to make all data private and inacccessible, as that would ultimately not serve the public good.

On the positive side of the issue, I further hope legislative bodies recognize the tremendous advantages of open data that we’ve seen in citizen participation, neighborhood organizing, services for the disabled, mobile apps to report public works problems, and mass transit apps that you probably use every time you travel.

If nobody can agree on whether The Journal News was right or wrong, they at least have started a conversation on data privacy that will continue for quite some time.