If you ask most people if they think they have a right to privacy, most will say "yes." Your business is your business -- and no one else's. The stakes are raised, however, when it governments or companies attempt to access someone's private information. We all have an instinctive reaction to this: Governments and companies shouldn't be able to learn, publish or profit from things like health care records or voice mail messages.
A gut reaction doesn't stand up in a court of law, of course. The legal definition of privacy is a lot more complicated when we're just talking about the living, but what privacy rights do dead people have? The easiest way to figure out what kind of privacy rights the deceased have is to learn about the privacy rights of living people, and then see if those rights continue after death.
Does the U.S. Constitution provide some explicit right to privacy? In fact, the right to privacy isn't specifically mentioned in the Constitution or in the Bill of Rights. However, in various decisions over the years, the Supreme Court has interpreted the Constitution as a document that provides a right to privacy . These decisions rely on three Constitutional amendments: the Fourth Amendment, which forbids unlawful search and seizure; the Ninth Amendment, which essentially says that Americans may have other rights that aren't expressly named on the Constitution; and the Fourteenth Amendment, which says that the government may not deprive people of life, liberty or property. (In this case, privacy is considered an essential aspect of liberty.)
This right to privacy is a concept that the Supreme Court determines on a case-by-case basis. Just to name a few examples, the Court has decided that the government has limited control over parents' educational choices for their children (Meyer v. Nebraska, 1923), and that it can't forbid the sale of contraceptives (Griswold v. Connecticut, 1965) or private sexual acts between consenting adults (Lawrence v. Texas, 2003). These were all based on the concept of a right to privacy.
For specifics on privacy rights, however, we need to look at legislation. The Federal Privacy Act of 1974 gives Americans broad privacy protections, and government agencies very limited means to disseminate information contained in government databases. In other words, the government can't share whatever it knows about you without your permission. The act has been amended over the years, but its core premise remains intact.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is another landmark law that protects privacy. It sharply limits how medical care providers and insurers can share a person's medical information. HIPAA is one reason why you have to sign a lot of paperwork whenever you see a new doctor.
We know what privacy rights living people have, but what happens after you die? Read on.
FOIA and the Privacy Rights of the Deceased
The Federal Privacy Act and the Health Insurance Portability and Accountability Act (HIPAA) do a fair job of protecting people's privacy, but there's one law that comes into direct conflict with them: the Freedom of Information Act (FOIA). This law is intended to create government transparency, making it harder for government officials to keep secrets from the citizens they serve. Sometimes, someone files a FOIA request, and the government has to decide if releasing the information violates someone's privacy.
There are several exemptions to FOIA that the government can invoke to avoid releasing information. One allows the government to deny a FOIA request if the request includes "personnel and medical files and similar files that would constitute a clearly unwarranted invasion of personal privacy." This allows the government to tread the line legally between FOIA, HIPAA and the Federal Privacy Act in most cases.
That covers the privacy rights of living people, but what happens after death? The Privacy Act is very clear -- it doesn't apply to dead people. Once you die, your information is no longer protected under that law. However, court precedents have shown that the privacy concerns of surviving family members also weigh on the decision to release information via FOIA. When these cases go to court, judges have ruled against FOIA requests in cases where the release of death-scene photos, autopsy photos or coroner's reports would cause anguish and harm to the deceased person's family. They may allow the information to be released if they feel the information itself is harmless or if many years have passed since the death in question.
HIPAA is just the opposite -- the protection of a person's privacy extends indefinitely, even after death. When someone dies, control over his or her estate passes either to a family member or another executor. The power to make decisions related to medical privacy -- including the ability to give permission for information-sharing under HIPAA -- is transferred as well.
There are a few famous cases that helped establish this area of law in the U.S. One of the most well-known is the case of Vincent Foster, a lawyer who worked for the Clinton administration before committing suicide in 1993. Photographs of the scene where Foster's body was found weren't made public. As a result, several conspiracy theorists suspected a cover-up that involved the Clintons, so they made FOIA requests for the photos. The case, National Records and Archives Administration v. Favish, made it all the way to the Supreme Court. The court ruled unanimously in favor of the government -- and Foster's privacy.
A similar case played out after the death of popular race car driver Dale Earnhardt. A Florida newspaper tried to get access to the autopsy photos, but Florida passed a law banning their release. The lower courts decided against the newspaper, and the Supreme Court refused to hear the case.
What about your electronic accounts? Do they remain private when you die?
Electronic Privacy and Crime
Is an invasion of privacy a crime? That depends on the specific law being violated. For example, HIPAA requires criminal penalties if a liable party knowingly shares medical information and more severe penalties if the information is sold or otherwise used for personal gain. In many cases, privacy violations result in civil penalties (fines and damages) rather than criminal ones like prison sentences.
Note that this is a separate issue from defamation. It's generally impossible to slander or libel someone after they have died, although some states do have antidefamation laws that apply after death.
When it comes to electronic accounts or records, however, things get a bit complicated. There aren't really laws that specifically cover who can have access to your e-mail account or your Facebook page after you die. Ownership of those accounts is controlled by the user rules and regulations of the site in question. A typical rule is that the site deletes inactive accounts, so for some period of time (say, 90 days) after death, the account exists and is still "owned" by the deceased person. If that person's family has the passwords, it can obviously gain control of those accounts, and this would probably be considered authorized access. It might be difficult for family members to gain control over an account from the site owners themselves if they don't have the proper passwords.
If someone "hacks" the account of a dead person to gain access to it -- as a number of News International employees have been accused of doing recently -- they haven't necessarily violated any privacy laws (although they may have, depending on the jurisdiction and the specific circumstances). What they will almost certainly have violated are laws against unauthorized intrusion into electronic accounts. In that case, a crime has probably taken place, but the victim's death mitigates the crime somewhat. However, some may think it a more ghoulish and violating act because of the anguish it can inflict on the deceased person's family. In the end, it doesn't matter if someone is dead or alive – accessing his or her account without permission is illegal.
For more information on privacy laws, see the links on the next page.
- 10 Things You Should Not Share on Social Networks
- 5 Ways to Spot a Hacked ATM
- How Wiretapping Works
- How Privacy Trusts Work
- How will biometrics affect our privacy?
- How can I erase my identity and start over?
- Can the government read your private emails?
- Is Facebook sharing your personal information?
- Could a single hacker crash a country's network?
- American Medical Association. "HIPAA Violations and Enforcement." (Accessed July 20, 2011) http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page
- Associated Press. "Vince Foster Photos To Stay Sealed." Feb. 11, 2009. (Accessed July 21, 2011) http://www.cbsnews.com/stories/2004/03/30/supremecourt/main609368.shtml
- National Archives. "The Privacy Act of 1974." (Accessed July 20, 2011) http://www.archives.gov/about/laws/privacy-act-1974.html
- Student Press Law Center. "Supreme Court declines to hear appeal in Earnhardt autopsy photo case." Dec. 1, 2003. (Accessed July 22, 2011) http://www.splc.org/news/newsflash.asp?id=720
- UMKC School of Law. "The Right of Privacy." (Accessed July 22, 2011) http://law2.umkc.edu/faculty/projects/ftrials/conlaw/rightofprivacy.html
- United States Department of Justice. "Freedom of Information Act Guide, May 2004: Exemption 6." (Accessed July 22, 2011) http://www.justice.gov/oip/exemption6.htm