Topics and Issues

Daniel's Law (8)

Data brokers (44)

New Jersey (2)

Privacy (42)

Public Records (25)

In 2021, CDIA saw a minor trend in law and legislation for “data brokers” to take action to limit the sharing of PII on federal judges and their families.  There is a new law on this in New Jersey, and there was legislation in the last session of Congress based on this law.  We will likely see legislation again in Congress and in other states.  Legislation could easily be expanded to cover not just federal judges and their families but other classes of public servants and employees, including election officials and poll workers, law enforcement, national guard members, etc.  In Congress, Sen. Rand Paul (R-KY), held up the senate bill because it was narrowly focused on federal judges and, he argued, should be expanded to cover others, including members of congress who, like Paul, was physically attacked at his home in 2017 by a neighbor. Ironically, the home addresses of U.S. senators and many other public officials do not come from “data brokers.”

Background

According to the news accounts, “U.S. District Court Judge Esther Salas told CBS’s ‘60 Minutes’ in an interview that will air [February 21, 2021] that authorities found a locker used by the killer, Roy Den Hollander, a lawyer who had a case before Salas and who committed suicide after killing her 20-year-old son, Daniel, in the summer.”  Judge Salas’ husband was critical injured in the attack.  Information obtained by law enforcement indicated “that the gunman also had targeted [U.S. Supreme Court] Justice Sonia Sotomayor.”  60 Minutes is reporting “that threats to federal judges — which include hate mail, phone harassment, protests at their homes and threats of violence — have risen 400 percent over the past five years.”

The 2021 story added that the “U.S. Marshals, who protect federal judges, are asking for 1,000 more officers at a cost of $250 million, the report said. Salas is supporting a bill that would scrub personal information about judges from the Internet and upgrade home security systems for judges.”  The Post story adds that charging documents from two people charged in the January 6 attack on the U.S. Capitol had targeted U.S. Supreme Court Justice, John Roberts.  For additional context about Daniel’s Law-type issues is a story from Washington Post, Judge says gunman who killed her son also targeted Justice Sotomayor (Feb. 2021).

Federal Legislation and New Jersey Law Impacting “Data Brokers”, Part 1

Federal Legislation

We reported to members in late-2020, legislation in the U.S. Senate that targeted “data brokers” who share information about federal judges and other “at-risk individuals.”  Introduced in the 116th Congress, in 2020, was S. 4711, the Daniel Anderl Judicial Security and Privacy Act of 2020.  This was a bipartisan bill from Sens. Bob Menendez (D-NJ), Cory Booker (D-NJ), and Lindsey Graham (R-SC).  Sen. Graham chaired Judiciary when the bill was introduced.  The bill was blocked by U.S. Sen. Rand Paul (R-KY), who wanted to expand the bill’s scope.  As reported in December 2020 by Politico, the bill “hit a stumbling block Wednesday, after a Republican senator insisted the measure be broadened to give similar protection to details about members of Congress…Sen. Rand Paul of Kentucky, who was the victim of a serious attack at his home by a neighbor in 2017, said lawmakers also deserve to have information about their homes and family members shrouded from public view.”

Congress passed the Daniel Anderl Judicial Security and Privacy Act of 2021 in December 2022. There were several prior versions of this legislation, including 4711 and 2340, both by Sen. Menendez, and H.R. 4436 and H.R. 8591, both by U.S. Rep. Mikie Sherrill (D-NJ).

The Judiciary

In the Chief Justice of the United States’ 2022 Year-End Report on the Federal Judiciary, as reported by the New York Times, “[a]t the end of a wrenching year at the Supreme Court, Chief Justice John G. Roberts Jr. devoted his annual report on the state of the federal judiciary to threats to judges’ physical safety. ‘The law requires every judge to swear an oath to perform his or her work without fear or favor, but we must support judges by ensuring their safety,’ he wrote. ‘A judicial system cannot and should not live in fear.’” In the report, Chief Justice John Roberts said, “I want to thank the members of Congress who are attending to judicial security needs — these programs and the funding of them are essential to run a system of courts.” The Times noted that Congress passed the Daniel Anderl Judicial Security and Privacy Act, which “was named after the son of Judge Esther Salas, of the Federal District Court in New Jersey. He was killed in 2020 when he answered the door to his mother’s home in what was meant to be an attack on her.” That law “was strongly endorsed by the Judicial Conference of the United States, the national policy-making body for the federal courts,” according to the website for that body.

New Jersey Law

This federal legislation is similar to a law that passed in New Jersey in 2020, effective November 20, 2020.  Both the federal bill,  S. 4711, the Daniel Anderl Judicial Security and Privacy Act of 2020, and its state counterpart, S. 2797/A. 1649, “Daniel’s Law,” have their origins in the tragic shooting death of a federal judge’s son in New Jersey in 2020.  The New Jersey law is P.L.2020, c.125 that amends Code Sections 47:1A-1.1, 47:1-17, concerning public records; 2C:20-31.1, concerning computer crimes; and 56:8-166.1, concerning UDTP.  Additional information on the law can be found at Law 360, Salas Speaks Out as Daniel’s Law Is Signed Into Law, Nov. 20, 2020, and a press release from Gov. Murphy. Following a number of problems with the law as first enacted, the law had to be amended the following year. P.L.2021, c.371 took effect immediately and it was applied retroactively to December 10, 2021. (see below). Daniel’s Law was amended again in 2023 when the legislature passed S. 3125 (P.L.2023, c.113).

Daniel’s Law portal maintained by the New Jersey Department of Community Affairs

The Crime that Spurred the Legislation

The federal bill and New Jersey law flow out of the 2020 murder of Daniel Anderl, the son of U.S. District Court Judge Esther Salas, who was shot and killed at the judge’s home in North Brunswick, New Jersey.  Judge Salas’ husband Mark Andrl, was critically wounded in the attack. The bill also followed a rise in threats to members of the federal judiciary, public health officials, and others.  According to media accounts, in July 2020, Roy Den Hollender, posing as a FedEx delivery driver, went to the home of Judge Salas and opened fire, critically wounding her husband, Mark Anderl, and killing their 20-year-old son, Daniel. Judge Salas later made a personal, public plea for greater privacy protections for federal judges.  Den Hollender was found dead of an apparent suicide.  It’s not entirely clear to me at this writing how the alleged assailant, Roy Den Hollender, obtained the judge’s address, but it could have been through a variety of online or other sources, hence the focus on “data brokers”.

Problems with the Implementation of the New Jersey Daniel’s Law

Blog from The Town Crier, Daniel’s Law and Recent Clean-Up Legislation, N.J. League of Municipalities legislative staff, Jan. 2022. the blog notes that “[d]espite its laudable goals[, the New Jersey] Daniel’s Law, as initially adopted, created a variety of uncertainties and unintended consequences making implementation extremely challenging for local governments and their records custodians.  With these concerns in mind the legislature moved to adopt clean-up legislation to make implementation more reasonable, and on January 12, 2022, Governor Murphy signed into effect legislation amending Daniel’s Law. P.L.2021, c.371 took effect immediately and applied retroactive to December 10, 2021.”

General Issues of Concern for CDIA Members

Bills like the Daniel Anderl Judicial Security and Privacy Act of 2020 in Congress and Daniel’s Law in New Jersey are politically popular and may increase if there is a feeling or reality of a continued targeting of political, law enforcement, or public health officials being harassed by other people in the U.S.  While the impact of the bills may be narrow, its implications could broaden.  Our concerns with this type of legislation related to a knowledge standard, or not; definitions of “data brokers,” “other businesses,” or “at-risk individuals.”  There may be compliance challenges for CDIA members and liability risks of the inadvertent, unknowing release of information for someone that happens to be an “at-risk individual.”  The definition of an “at-risk individual” could easily broaden in Congress, and in the states, to include not just judges, but poll workers, election officials, and other potential political targets.

Where the past is prologue, Daniel Anderl Judicial Security and Privacy Act of 2020 in Congress and Daniel’s Law in New Jersey remind me of the 1989 murder in California of child actress, Rebecca Schaeffer, whose death lead to the DPPA at the federal level and in all 50 states.  Schaeffer’s murderer obtained Schaeffer’s home address from the California DMV.  Many states have laws that limit access to public records for a wide variety of public or protected officials, like law enforcement, parole officers, EMTs, etc.  Some states limit private disclosure of these persons’ PII.  Some/many/most such laws have a knowledge standard on private disclosure of such protected individuals.  The 2014 FTC report on data brokers noted that “…people search products can be used to facilitate harassment, or even stalking, and may expose domestic violence victims, law enforcement officers, prosecutors, public officials, or other individuals to retaliation or other harm.”  Data Brokers. A Call for Transparency and Accountability, Fed. Trade Comm., 48, May 2014.

Examples of Existing State Laws

Examples of state laws that limit access to or disclosure of certain PII on protected individuals, presenting a range of scenarios in which these restrictions apply. This is by no means a complete survey.

  • California law prohibits a person from knowingly posting certain contact information of elected or appointed officials (including judges, prosecutors, public safety officials, and others) or their family members with knowledge of the position and intent to cause harm that is likely to occur.  The law also prohibits a person from posting or publicly displaying on the internet the contact information of elected or appointed officials that have made a written demand not to disclose such information.  The law also prohibits state agencies form posting such contact information without written permission.  Gov’t Code § 6254.21.
  • Colorado law prohibits a person from knowingly making available on the internet personal information about a law enforcement official or their family member if the dissemination poses an imminent and serious threat to safety and the person knows or should reasonably know of the threat.  Rev. Stat. § 18-9-313.
  • Nevada law declares confidential (and thus not public information) the home address and photograph of a peace officer.  Rev. Stat. § 289.025.
  • In New York, the “address confidentiality program” was created and is housed in the office of the secretary of state. The program is “to protect victims of domestic violence by authorizing the use of designated addresses for such victims and their minor children.” Under the program”A program participant may request that state and local agencies use the substitute address. When creating, modifying or maintaining a public record, state and local agencies shall accept the substitute address upon demonstration by a program participant of his or her certification in the program, unless the secretary waives this requirement after determining that (i) he agency has a bona fide statutory or administrative requirement for the use of the participant’s actual address which would otherwise be confidential under this section;  and (ii) the agency has explained how its acceptance of the substitute address will prevent the agency from meeting its obligations under the law and why it cannot meet its statutory or administrative obligation by a change in its internal procedures.” Exec. L. § 108.4.
  • Texas prohibits governmental bodies from disclosing to the public certain contact information of a wide range of public officials that have notified the governmental body of their choice to keep their information confidential.  Gov’t Code § 552.1175.
  • Utah law permits certain at-risk government employees to file a written application notifying a government entity holding a record that the employee requests contact information be kept confidential.  Utah Code § 63G-2-303.
  • Contact information for law enforcement officers and their family members are commonly excluded from FOIA rights under state law.  See, e.g., Comp. Laws Ann. § 15.243(13)(1)(s); Ga. Code Ann. § O.C.G.A. §§ 50-18-72(a)(21); Conn. Gen. Stat. § 54-108g.

Federal Legislation and New Jersey Law Impacting “Data Brokers”, Part 2

Summary of 4711, the Daniel Anderl Judicial Security and Privacy Act of 2020:

  • Defines a “data broker” and prohibits data brokers from selling, licensing, trading, purchasing, or “otherwise provid[ing] or mak[ing] available for consideration judges’ personally identifiable information.”
  • Defines “at-risk individuals” to be present or retired federal judges
  • Applies to “other businesses” beyond data brokers.
  • “No person…shall publicly post or publicly display on the internet judges’ personally identifiable information if the at-risk individual has, either directly or through an agent, made a written request of that person, business, or association to not disclose the judges’ personally identifiable information of the at-risk individual or that of the at-risk individual’s immediate family.”
  • “After a person, business, or association has received a written request from an at-risk individual to protect the judges’ personally identifiable information, that person, business, or association shall have 72 hours to remove the judges’ personally identifiable information from the internet.”
  • There are also obligations on subsidiaries and the transfers data.
  • Empowers the federal AOC to “proactively manage the monitoring of data broker websites for judges’ personally identifiable information and report violations to the United States Marshals Service, and other appropriate Federal and local law enforcement authorities”.

In 2022, Congress considered the Daniel Anderl Judicial Security and Privacy Act of 2021 as part of an Amendment in the Nature of a Substitute to H.R. 7900, the National Defense Authorization Act (NDAA).

Summary of Daniel’s Law, L.2020, c.125:

  • Prohibits a person from knowingly, with intent to expose to harassment or risk of harm, or with reckless disregard of probability of such exposure, from posting or publishing to the internet, reposting, republishing, or otherwise making available, the home address or unpublished home telephone number of any active, formerly active, or retired judicial officer, prosecutor, or law enforcement officer, or each category of official’s spouse or child.  A violation could result in a criminal charge.
  • Prohibits a person or business from disclosing on the Internet, re-disclosing or otherwise making available, the home address or unpublished home telephone number of any active, formerly active, or retired judicial officer, prosecutor, or law enforcement officer under circumstances in which a reasonable person would believe that providing the information would expose another to harassment or risk of harm to life or property.  This prohibition is enforceable by a private right of action.
  • An active, formerly active, or retired judicial officer or prosecutor whose home address or unpublished number or whose immediate family member’s home address or unpublished number is disclosed on the Internet, or re-disclosed or otherwise made available, may submit a written request to the business or person who so disclosed, re-disclosed or otherwise made available, the information to refrain from that action and remove the information from the internet or where otherwise made available. Businesses shall have 72 hours to remove information after receipt of written request and shall not further disclose, re-disclose, or other make that information available to any other person, business, or association through any medium. An aggrieved judicial officer or prosecutor may seek injunctive or declaratory relief upon non-compliance with a written request.  In the case of an active, formerly active, or retired judicial officer or prosecutor’s immediate family member, the right will arise if the family member’s name or home address may be used alone or in conjunction with other information to identify the person as a family member of a judicial officer or prosecutor.

Additional Resources: