Should CalPERS post pensioners’ financial data online?


Next to our medical records, our most closely guarded secrets probably involve our household finances.

So it’s understandable that many of the half-million retirees currently receiving a public pension from California were freaked out recently when CalPERS, the state pension agency, announced it was poised to post their names, their monthly retirement stipends, and other personal information online in a very accessible way.

There’s no question that all this information is public. Two recent state court rulings, including one involving a press inquiry, make that crystal clear. After all, the courts have ruled, the retirement payments come for the most part from public funds, and taxpayers have an indisputable right to know how their money is spent.

As to how it should be made public, or to put it another way, how public it should be — there’s the rub.


And though this might look like an easy question (just dump it online, what’s the big deal?), it’s not. If the CalPERS database affair tells us anything, it’s that the time has long since passed for a public discussion of how to balance the increasing availability of information about ourselves, much of it indisputably “public information,” with our equally indisputable right to privacy.

The position of the retiree advocacy groups fighting the CalPERS database is that it steps over the line in making public information just a tad too public.

“We’re not against transparency,” says Donna Snodgrass, legislative director for the Retired Public Employees Assn. of California. “But retirees’ biggest concern is that this would give someone enough information to prey on elders.”

In any case, the principle that recipients of public funds, like government employees, should expect to cede some privacy isn’t consistently applied; no one has free access to the names of relief or Social Security enrollees, or to the medical records of Medicare enrollees.

It might seem strange for a journalist to raise questions about the availability of public information. The Times often has used public records to expose wrongdoing, such as the scandalous behavior of municipal officials in Bell. We’ve fought hard for the disclosure of payroll records at the L.A. Department of Water and Power. As a columnist, public information is my bread and butter.

But the danger in ventures like the CalPERS database is that it could make information less public, which would happen if it creates a backlash in favor of more confidentiality, even where it’s not warranted. That’s not an abstract threat; CalPERS has temporarily put its database plans on hold to give the retirees association and other groups time to lobby the Legislature to make more pension data confidential. That would be a blow to the public interest.

Until recently, a kind of natural principle achieved the balance between publicity and privacy all by itself. It’s known as “privacy by obscurity.” It amounts to protecting privacy by leaving public information hard to find or hard to compile.


“I call obscurity ‘pretty good privacy,’” Woodrow Hartzog, a privacy expert affiliated with Stanford’s Center for Internet and Society, told me. “There are a lot of things that fall into the category of what we think is OK to be public because we feel nobody will find it.”

Almost everyone has felt the sting of lost obscurity at some point. A decade or two ago, few people thought twice about having listed home phones. Sure, the numbers were published in the phone book, but that served as its own shroud of privacy. Anyone who wanted to reach out and touch us had to know where we lived and then hunt down the local white pages — not impossible, obviously, and not necessarily all that hard, but it was something.

Today, a caller need not even know your home town, for every listed number is searchable on the Web. Masses of listed numbers are available for anyone to purchase. The harvest is that torrent of telemarketer calls you get at dinnertime, and sometimes random calls that may be even more unwelcome.

The principle of “practical obscurity” was recognized by the Supreme Court in a 1989 case involving CBS News. CBS had filed a request for the FBI rap sheet of a suspected Pennsylvania mob figure — that is, the FBI’s own compilation of the target’s local arrests and convictions. The FBI had refused, on the grounds that while the individual arrests were all matters of public record, its own one-stop summary was not. The court sided with the FBI, telling CBS, essentially, tough — you want the public data, go hunt it down at the source.

The 1989 ruling is generally considered a loss for the press, but one aspect of it looks strikingly foresighted in light of today’s concerns over government snooping: the majority opinion by Justice John Paul Stevens was partially based on concerns about the misuse of centralized databases, or as he put it presciently, “the implications of computerized data banks for personal privacy.”

Since then, digital technology has whittled away the protection of obscurity. The new principle is: If it can be posted online, it should be. If you’re looking for a poster child for this trend, go no further than Facebook.


The social media firm has repeatedly blindsided users with functions that mix and match their personal information in ways that result in their revealing more about themselves, and their posting history, than they expected — most recently through its “graph search,” which looks like a great tool for marketers trying to reach out to subgroups of Facebook users, but maybe not so great for users who might not want to be touched.

Facebook aside, we tend to deal with breaches of privacy on an ad hoc basis. Consider what happened last year when an upstate New York newspaper published the names and addresses of handgun owners in its home counties. The ensuing uproar prompted state legislators to consider making such information confidential, plainly defeating the purpose of publishing it in the first place. The Legislature eventually allowed owners to request confidentiality on a case by case basis, which is bad enough but not as secretive as it might have been.

In the modern world, privacy is awarded haphazardly. The rich and famous can buy it with influence or cold cash. In 1999, entertainment figures, who live in the public world, got California lawmakers and a certain Hollywood-friendly governor to enact an anti-paparazzi law that increased penalties for such existing offenses as trespassing and reckless driving — if they were committed to obtain a photograph. The law has already been used against news organizations trying to obtain undercover evidence of wrongdoing.

The CalPERS database may lead to similarly bad results. Pensioners’ names, their monthly benefits and details of their former state employment are currently readily available. All one has to do is file a request with CalPERS.

The procedure has birthed scads of investigations by news agencies and others about abuses of public pensions, including double-dipping and “spiking” that yielded six-figure pensions. Moreover, the information requests are logged by CalPERS and disclosed monthly, which at least gives retirees a heads-up that their personal information might be accessed. (Requesters can ask that their identities be kept confidential, but few do.)

The current system arguably strikes a fair balance between the privacy of the average schoolteacher and rank-and-file employee and the public’s interest in knowing how its money is spent. And retirees’ concerns that posting the same information on a freely searchable database online makes a qualitative difference to their privacy shouldn’t be lightly dismissed.


But there are options for balancing these concerns short of completely shielding retirees’ names and benefits, which is the rule in some states. Should disclosure of names and other data be assured only for former elected officials, high-level supervisors, or six-figure pensioners? They’re the typical targets of these inquiries, not the CalPERS retiree collecting the average stipend of $28,000 a year.

The problem raised by the CalPERS database is that society hasn’t figured out where to draw the line. That needs to happen now.

“Privacy by obscurity is a safety valve,” observes Ginger McCall, a government privacy expert at the Washington-based Electronic Privacy Information Center. “As we move information online, we need to have a national conversation about how we protect privacy.” Maybe CalPERS has done us all a favor by jump-starting the dialogue.

Michael Hiltzik’s column appears Sundays and Wednesdays. Reach him at, read past columns at, check out and follow @hiltzikm on Twitter.