Privacy and Missing Persons after Natural Disasters

Editors: Lea Shanley, Aaron Lovell, and Zack Bastian. On behalf of the Commons Lab within Science and Technology Innovation Program, Woodrow Wilson Center, with the support of the Alfred P. Sloan Foundation.

When a natural disaster occurs, government agencies, humanitarian organizations, private companies, volunteers, and others collect information about missing persons to aid the search effort. Often this processing of information about missing persons exacerbates the complexities and uncertainties of privacy rules. This report offers a roadmap to the legal and policy issues surrounding privacy and missing persons following natural disasters. The report first identifies the privacy challenges in the disaster context and provides some recent examples that demonstrate how disaster relief information sharing raises unique privacy concerns and issues. It then outlines current missing persons information sharing activities in the context of disaster relief work and discusses how those information systems strike different balances between privacy and ease of use.

The report then proceeds to identify some key legal privacy issues and examines in detail how these legal requirements apply to missing persons organizations and what interpretative challenges privacy rules present. For the analysis, this report focuses on privacy law in the European Union and the United States because these jurisdictions serve as important examples of privacy regulation around the globe. The report offers a general analysis rather than a detailed assessment of any particular activity that would depend on the application of the law of a specific jurisdiction.

The report concludes with a set of options and strategies that organizations and policy makers involved in missing persons activities and in privacy could pursue to help address some of the privacy concerns:

• For the Missing Persons Community of Interest, an independent group of humanitarian organizations, companies and volunteers, options include assisting in the selection of privacy-friendly designs for missing persons databases, better coordination of privacy policies for its collaborators, and working with data protection authorities to address privacy issues.

• For missing persons organizations, options include assuring compliance with privacy rules, coordination of privacy policies, and sharing of relevant privacy resources. These organizations may have already addressed some of these challenges in their current activities.

• For EU data protection authorities, options include fulfilling the agenda set out in the 2011 resolution by the international data protection commissioners on data protection and major natural disasters, issuing clearer and more flexible data protection rules in response.
• For the European Union’s Article 29 Working Party, options are issuing interpretive
  guidance for disaster activities and reporting on progress in implementation of the 2011
  resolution.
• For the European Commission, options are expressly addressing missing persons activities in the data protection regulation currently being drafted and providing more specific direction for the existing application of current rules to missing persons activities.
• For the US government, options include clarification of federal agency authority to share personal information for missing persons activities following disasters through executive or legislation actions.
• For other national or sub-national governments, options are adjusting or amending laws to allow for appropriate use of personal information for missing persons purposes following natural disasters.