Publications

Copies of some publications are available through links here and others may be available upon request.

Personal Favorites

From the many publications and columns identified below, some of my favorites include:

• Many Failures: A Brief History of Privacy Self-Regulation in the United States (2011). This report by Pam Dixon and me focuses mostly on industry-supported privacy self-regulation started during the period just before and just after 2000.  The report is available at the World Privacy Forum website here

Health Privacy: The Way We Live Now, The Privacy Papers, Free Congress Foundation (2002 Second Quarter), available at <http://www.privacyrights.org/ar/gellman-med.htm>.

A Better Way to Approach Privacy Policy in the United States: Establish a Non-Regulatory Privacy Protection Board, 54 Hastings Law Journal 1183 (2003). Available here.

Twin Evils: Government Copyright and Copyright-Like Controls Over Government Information, 45 Syracuse Law Review 999 (1995). Available here in a typescript version in PDF format.

Privacy, Consumers, and Costs: How The Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete (March 2002), available at <http://www.epic.org/reports/dmfprivacy.pdf> and at <http://www.cdt.org/publications/dmfprivacy.shtml>.

A General Survey of Video Surveillance Law in the United States in Reasonable Expectations of Privacy? Eleven Country Reports on Camera Surveillance and Workplace Privacy (2005) (T.M.C. Asser Press).

Designing Genetic Information Policy: The Need for an Independent Policy Review of the Ethical, Legal, and Social Implications of the Human Genome Project, House Report 102-478 (1992).

Fragmented, Incomplete, and Discontinuous: The Failure of Federal Privacy Regulatory Proposals and Institutions, VI Software Law Journal 199 (1993).  Available here in a 19 mb PDF file scanned from the printed text.

Public Records — Access, Privacy, and Public Policy: A Discussion Paper, 12 Government Information Quarterly 391 (1995).

Book

· ONLINE PRIVACY A Reference Handbook (2011), published by ABC-CLIO as part of its Contemporary World Issues series,, http://www.abc-clio.com/product.aspx?id=2147508752 (coauthored with Pam Dixon).  The publisher describes books in this series as providing a "good starting point for research by high school and college students, scholars, and general readers as well as by legislators, businesspeople, activists, and others."

Journal Articles

The Deidentification Dilemma: A Legislative and Contractual Proposal, 21 Fordham Intellectual Property, Media & Entertainment Law Journal 33 (2010).  Available here or here.

Why Deidentification Fails Research Subjects and Researchers, 10 American Journal of Bioethics, 28-30 (2010).  Available here. 

Privacy and Security: Assessing Database Derivative Activities, 21 Government Information Quarterly 498 (2004).

A Better Way to Approach Privacy Policy in the United States: Establish a Non-Regulatory Privacy Protection Board, 54 Hastings Law Journal 1183 (2003). Available here.

Perspectives on Privacy and Terrorism: All Is Not Lost – Yet, 19 Government Information Quarterly 255 (2002). Available behind a paywall here.

Taming the Privacy Monster: A Proposal for a Non-Regulatory Privacy Agency, 17 Government Information Quarterly 235 (2000). Available behind a pay wall here or you can read a somewhat more expanded version in the Hastings Law Journal, which is listed just above.

Privacy and Electronic Clearance Systems, 51 Transportation Quarterly 59 (1997).

Shortcomings of the Proposed Electronic Freedom of Information Improvement Act, 14 Government Information Quarterly 1 (1997). Available behind a paywall here.

Can Privacy Be Regulated Effectively on a National Level? Thoughts on the Possible Need for International Privacy Rules, 41 Villanova Law Review 129 (1996).

Who Should Publish The Law?, 23 Journal of Government Information 253 (1996). Available behind a pay wall here.

Disintermediation and the Internet, 13 Government Information Quarterly 1 (1996). Available behind a pay wall here.

Confidentiality and Telemedicine: The Need for a Federal Legislative Solution, 1 Telemedicine Journal 189 (1995).

Public Records — Access, Privacy, and Public Policy:  A Discussion Paper, 12 Government Information Quarterly 391 (1995).

Twin Evils: Government Copyright and Copyright-Like Controls Over Government Information, 45 Syracuse Law Review 999 (1995). Available here in a typescript version in PDF format.

The Three Pillars of United States Government Information Dissemination Policy, 72 Revue Française D'Administration Publique 593 (1994).

Fragmented, Incomplete, and Discontinuous: The Failure of Federal Privacy Regulatory Proposals and Institutions, VI Software Law Journal 199 (1993).  Available here in a 19 mb PDF file scanned from the printed text.

Authorizing EDGAR: Information Policy in Theory and Practice, 5 Government Information Quarterly 199 (1988).

Prescribing Privacy: The Uncertain Role of the Physician in the Protection of Patient Privacy, 62 North Carolina Law Review 255 (1984).

Congressional Oversight of Security Classification Policy, 1 Government Information Quarterly 165 (1984) (ghostwritten for Rep. Glenn English).

Columns and Blog Posts

• Overturning the Third-Party Doctrine by Statute: Hard and Harder (April 29, 2013), available here. (Concurring Opinions).

Death and Privacy, Parts I and II, (March 29 & April 1, 2013), available here and here. (Genealogical Privacy).

Nader, Onassis, and Jones: Privacy in Public and Limits on the Private Sector (February 9, 2012), available here. (Commons Lab, Woodrow Wilson International Center for Scholars).

Legislating Privacy After US v Jones: Can Congress Limit Government Use of New Surveillance Technologies? (Jan. 15. 2012), available here. (Commons Lab, Woodrow Wilson International Center for Scholars).

• Location Privacy: Is Privacy in Public a Contradiction in Terms? (Feb. 21, 2011), available here. (Geodata Policy).

On Privacy (monthly), DM (Direct Marketing) News, more than 150 columns published from 1995 through 2007.  DM News is not a publication of the Direct Marketing Association.

@Info.Policy (monthly/bimonthly), Government Computer News, more than 140 columns published from 1996 through 2007.

Some of my rapidly aging columns may still be available at the website of DM News <http://dmnews.com> and Government Computer News <http://www.gcn.com>. Use the local search facility for “gellman”.

Other Articles, Publications & Statements

The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future (2014) (with Pam Dixon of the World Privacy Forum.This report highlights the unexpected problems that arise from new types of predictive consumer scoring, which this report terms consumer scoring. Available here.

Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens (2013) (with Pam Dixon of the World Privacy Forum).  This report shows how OMB implemented the federal government's Do Not Pay Initiative by setting privacy standards for commercial databases that it will use.  It is a novel use of government marketplace power to improve privacy for consumers.  Available here.

Privacy and Missing Persons after Natural Disasters (2013) (with Professor Joel Reidenberg and others at Fordham Law's Center on Law and Information Policy), available here. This is a major report on how to address privacy problems when connecting missing persons to their families and friends following earthquakes and the like.

The FOIA Amendments of 2017: Searching and Talking, Access Reports (1/30/13), available here.  This article proposes an amendment to the federal FOIA that would allow requesters to ask agencies to use specific search strategies and to search specific agency information resources when making a FOIA request. The article includes the text of a proposed amendment.  Why 2017?  Because the FOIA has been amended about every ten years, and the next amendment "should" happen in or around 2017.

• Book Review, Privacy Impact Assessment, David Wright and Paul De Hert (editors), 17 First Monday (3 September 2012), available here.

Many Failures: A Brief History of Privacy Self-Regulation in the United States (2011). This report by Pam Dixon and me focuses mostly on industry-supported privacy self-regulation started during the period just before and just after 2000.  The report is available at the World Privacy Forum website here

Civil Liberties and Privacy Implication of Policies to Prevent Cyberattacks. I wrote this paper in 2010 for the Computer Science and Telecommunications Board of the National Research Council, National Academy of Sciences. Posted here with permission from Proceedings of the Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options © 2010 by the National Academy of Sciences, Courtesy of the National Academies Press, Washington, D.C. The CSTB report on Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and use of Cyberattack Capabilities can be found here.

The Consumer Financial Protection Bureau Needs a Privacy Office, BNA Privacy & Security Law Report, 9 PVLR 32 (08/09/2010) (with Mark MacCarthy), available here.

Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy, World Privacy Forum (2009).  The guide is available at the WPF website here

Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing, World Privacy Forum (2009).  The report is available at the WPF website here

The 2007 Amendments to the U.S. FOIA, Informationsfreiheit und Informationsrecht (Jahrbuch 2008) (Lexxion, Berlin).

Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers, World Privacy Forum (2008) (with Pam Dixon). The report is available at the WPF website here. This report describes the FTC's rules defining obligations of creditors (including, perhaps surprisingly, many health care providers) to protect clients against identity theft.  The report suggests red flags that are suitable for health care providers.

Personal Health Records: Why Many PHRs Threaten Privacy, World Privacy Forum (2008). The report is available at the WPF website here. Personal health records present many privacy issues that are significantly different from the issues that apply to health records maintained by health care providers or from other records subject to the HIPAA health privacy rule.

Consent for Disclosure of Health Records: Lessons From the Past (2007). A 1998 Maine health privacy law that required written consent for many health disclosures was so unpopular and impractical that the legislature suspended the law shortly after it took effect. Many of the law’s requirements for written consent were later replaced with expanded authority for nonconsensual disclosures. This document was prepared for the World Privacy Forum Discussion and is available at the WPF website here.

Personalized Marketing of Health Products the 21st Century Way, 2007 Virtual Mentor 9:206-209 (American Medical Association) (with Joseph Turow & Judith Turow), <http://virtualmentor.ama-assn.org/2007/03/pfor1-0703.html>.

Why Marketers Want Inside Your Medicine Cabinet, San Francisco Chronicle (March 5, 2007) (with Joseph Turow & Judith Turow), <http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/03/05/EDGC7N737J1.DTL&hw=turow&sn=001&sc=1000>.

Privacy for Research Data, Panel on Confidentiality Issues Arising from the Integration of Remotely Sensed and Self-Identifying Data, National Research Council, Putting People on the Map: Protecting Confidentiality with Linked Social-Spatial Data (2007) (Appendix A), <http://books.nap.edu/catalog.php?record_id=11865>.

Fair Information Practices, Health Insurance Portability and Accountability Act, Health Privacy, Entries in Encyclopedia of Privacy (2007).

Crimes and Sanctions: Current Controversies over HIPAA’s Criminal Penalties, 77 Journal of AHIMA (American Health Information Management Association) 96 (2006), available here.

The American Way of Privacy (L’approche Américaine: la Régulation par le Congrès, le Marché et le Juge), in Servitude or Freedom?, National Commission for Information Technologies and Liberties, French Senate, and University Paris II, Paris, France (2005), available here.

Privacy Act, Entry in Encyclopedia of Law Enforcement (2005).

Privacy of the Homeless: A Novel US Two-Tiered Approach in 11 Privacy Law and Policy Reporter 115 (October 2004) (Australia).

The Health Privacy Rule After Eight Months, Law and Bioethics Report (Institute for Bioethics, Health Policy and Law, Univ. of Louisville School of Medicine, Winter 2003-2004).

Health Privacy in the United States: The HIPAA Era, Health Privacy in Canada (August 2003).

The Privacy Act of 1974: Seven Simple Things Agencies Can Do Right Now to Help the Public, Access Reports (8/13/03).

HIPAA Hysteria…And Beyond, Access Reports (6/4/03).

Privacy: Finding a Balanced Approach to Consumer Options, in Considering Consumer Privacy: A Resource for Policymakers and Practitioners (Center for Democracy and Technology, March 2003), available here.

Health Privacy and Employers: Understanding the New HIPAA Privacy Rule, VII IHRIM.link 12 (2003).

Health Privacy: The Way We Live Now, The Privacy Papers, Free Congress Foundation (2002 Second Quarter), available at <http://www.privacyrights.org/ar/gellman-med.htm>.

Privacy, Consumers, and Costs: How The Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete (March 2002), available here and at <http://www.epic.org/reports/dmfprivacy.pdf>.

Public Record Usage in the United States, Proceedings of the 23rd International Conference of Data Protection Commissioners (Paris, France 2001) <http://www.paris-conference-2001.org/eng/contribution/gellman_contrib.html>.

Health Privacy in the United States: New Rules for 2003, Proceedings of the 23rd International Conference of Data Protection Commissioners (Paris, France 2001)
<http://www.paris-conference-2001.org/eng/contribution/gellman_contrib.pdf>.

A Privacy Challenge, iMP: The Magazine on Information Impacts (May 2001).

How’s Your Health? Just Ask the F.B.I., Washington Spectator (2/15/01).

Privacy on the Net: When and How to Write a Privacy Policy for Your Website, 6 The Internet Connection (2000).

Picking up the Remnants of Patient Confidentiality, In Confidence March/April 2000).

The Myth of Patient Confidentiality, iMP: The Magazine on Information Impacts (Nov. 1999).

Appellate Court Upholds Archivist's Position on Preservation of Electronic Records, 5 The Internet Connection (1999).

Book Review, None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive by Peter Swire & Robert Litan, 32 George Washington Journal of International Law and Economics 179 (1999).

Public Registers and Privacy: Conflicts with Other Values and Interests, Proceedings of the 21st International Conference on Privacy and Personal Data Protection (Hong Kong, 1999).

How to Tell if Your Organization Has a Privacy Problem and What to Do About It, 5 The Internet Connection (1999).

Public Records, Public Policy, and Privacy, 26 Human Rights (American Bar Assn.) 7 (1999).

Report to the European Commission (DG XV) on Application of a Methodology Designed to Assess the Adequacy of the Level of Protection of Individuals with Regard to Processing Personal Data (Sep. 1998) (co-authored with Charles Raab, Colin Bennett, & Nigel Waters) <http://ec.europa.eu/justice_home/fsj/privacy/studies/method-adequacy_en.htm>.

The "Starr Report" and the Role of the US Freedom of Information Act, 22 Datenschutz und Datensicherheit 722 (1998).

The 20th Annual Meeting of the Data Protection Commissioners, Access Reports (9/30/98).

Electronic Freedom of Information Act, 22 Datenschutz und Datensicherheit 446 (1998).

Privacy Protections, Entry in Encyclopedia of the Consumer Movement (1997).

The Privacy of Health Information and the Challenge for Data Protection, Eighth International Conference of the Observatory "Giordano Dell'Amore" on the Relations Between Law and Economics, Stresa, Italy (May 1997), available here.

You Know Who You Are, But Now So Does Everyone Else, Washington Spectator (10/1/97).

How to Amend the Privacy Act, Parts I & II, Access Reports (8/6/97 & 8/20/97).

A Revealing Rule: The House Unnecessarily Mandates Extensive Witness Information, Legal Times (3/24/97).

An Information Superhighway "On Ramp" for Alternative Dispute Resolution, New York State Bar Journal 38 (May/June 1996) (with George Friedman).

The Battle for Public Access to Government Information Isn't Over, Washington Spectator (5/15/96).

Information Policy and the American Paperwork Reduction Act, Access Reports Canada and Abroad (3/21/96).

Use of the Web by Members of the U.S. House of Representatives, CyberNews (1996).

Top Ten FOIA Amendments, Access Reports (1/17/96).

Government Information Practices and Freedom of Information, Report of the National Privacy and Public Policy Symposium (Connecticut; 1995).

Public Reporter System Risks Privacy, National Law Journal (10/2/95).

Ethics Committee's Secrecy Oath Ruling Opens Can of Worms, Roll Call (7/24/95).

• Testimony, Hearing, Electronic Freedom of Information Act, House Subcommittee on Government Management, Information and Technology, Washington, DC, June 1995, http://www.access.gpo.gov/congress/house/pdf/104hrg/25201.pdf.

Hill Ushers in Next Generation of Paperwork Reduction, Federal Computer Week (5/8/95).

Fair Health Information Practices, 4 Behavioral Healthcare Tomorrow 65 (1995).

Washington Perspectives on Genetics and Privacy, Genetic Engineering Symposium, 3 Dickinson Journal of Environmental Law & Policy 71 (1994).

Book Chapters

The American Approach to Privacy Supervision: Less Than the Sum of its Parts in Challenges of Privacy and Data Protection Law (2008) (Bruylant).

A General Survey of Video Surveillance Law in the United States in Reasonable Expectations of Privacy? Eleven Country Reports on Camera Surveillance and Workplace Privacy (2005) (T.M.C. Asser Press).

The Foundations of United States Government Information Dissemination Policy, in Public Sector Information in the Digital Age: Between Markets, Public Management and Citizen’s Rights (2004) (Edward Elgar Publishing).

Privacy Benefits and Costs From a U.S. Perspective, in Da Costo a Risorsa: La Tutela Dei Dati Personali Nelle Attivita Produttive (2004) (Garante Per La Protezione Dei Dati Personali).

Managing Conflicts Between State and Federal Regulations: Preemption, in Risk Assessment and Management Guide for the Medical Practice (2004) (AMA Press).

Privacy and Access Issues, in E-Government Transformation: Best Practices (2004) (Macromedia Government).

Privacy and Harmonization, in Governance of Global Networks in the Light of Differing Local Values (2000) (Nomos Verlagsgesellschaft).

Will Technology Help or Hurt in the Struggle for Health Privacy?, in Privacy and Confidentiality in Mental Health Care (1999) (Brookes Publishing).

Personal, Legislative, and Technical Privacy Choices: The Case of Health Privacy Reform in the United States, in Visions of Privacy: Policy Choices for the Digital Age (1999) (University of Toronto Press).

HIPAA's Impact on Data Security, in The 1999 Guide to Health Data Security (1998) (Faulkner & Gray).

Politics, Policy, and Technology: Perspectives on Proposals for Federal Health Confidentiality Legislation in the United States, in Privacy: New Risks and Opportunities (1997) (Centre de Recherche Informatique et Droit, Namur, Belgium).

Resolving Privacy Disputes Through Arbitration, in Privacy and Self Regulation in the Information Age (1997) (U.S. Department of Commerce).

Does Privacy Law Work?, in Technology and Privacy: The New Landscape (1997) (MIT Press).

Conflict and Overlap in Privacy Regulation: National, International and Private, in Borders in Cyberspace: Information Policy and the Global Information Infrastructure (1997) (MIT Press).

Privacy, in Federal Information Policies in the 1990s (1996) (Ablex Publishing).

The Need to Know Versus the Right to Privacy, in The Computerization of Behavioral Healthcare (co-authored with Kathleen Frawley) (1996) (Jossey-Bass Publishers).

Selected Congressional Investigative Reports

Designing Genetic Information Policy: The Need for an Independent Policy Review of the Ethical, Legal, and Social Implications of the Human Genome Project, House Report 102-478 (1992).

Taking a Byte Out of History: The Archival Preservation of Federal Computer Records, House Report 101-978 (1990).  Available here.

A Citizen's Guide on Using the Freedom of Information Act and the Privacy Act of 1974 To Request Government Records (1987); second edition (1989); third edition (1991); fourth edition (1993).

Electronic Collection and Dissemination of Information by Federal Agencies: A Policy Overview, House Report 99-560 (1986). Available here

INTELPOST: A Postal Service Failure in International Electronic Mail, House Report 98-675. (1984).

Who Cares About Privacy? Oversight of the Privacy Act of 1974 by the Office of Management and Budget and by the Congress, House Report 98-455 (1983).

Security Classification Policy and Executive Order 12356, House Report 97-731. (1982).

Lack of Guidelines for Federal Contract and Grant Data, House Report 95-1663 (1978).

Freedom of Information Act Requests for Business Data and Reverse-FOIA Lawsuits, House Report 95-1382 (1978).

Selected Congressional Legislative Reports

• Health Security Act (Fair Health Information Practices Act) (1994), House Report 103-601 Part 5.

• Vegetable Ink Printing Act of 1994, House Report 103-625 Part 1(1994).

• National Historical Publications and Records Commission Authorization, House Report House Report 103-215 (1993).

• Paperwork Reduction and Federal Information Resources Management Act of 1990, House Report 101-927 (1990).

• Computer Matching and Privacy Protection Amendments of 1990, House Report 100-802. (1990).

• Establishing a National Policy on Permanent Papers, House Report 101-680 Part 1 (1990).

• Computer Matching and Privacy Protection Act of 1988, House Report 100-802 (1988).

• Central Intelligence Agency Information Act, House Report 98-726 Part 1 (1984).

• Debt Collection Act of 1981, House Report 97-42 (1981).

• Federal Privacy of Medical Information Act (1980), House Report 96-832 Part 1.

Software

Back in the DOS days, I published a variety of freeware games and shareware programs.  All are obsolete because DOS has passed from use.  One program (Stock Portfolio Record Manager) still has some users, including me.

The games are freeware and still playable, albeit a bit out of fashion.  The Draw Poker game remains challenging.  The program plays head-to-head draw poker, and you have to play carefully to beat it.  The Six Letter Word game also offers a challenge, and it has an enormous dictionary of six letter words.

• Stock Portfolio Record Manager (SPRM) maintains records for stock & bond investors. It tracks purchases, sales, splits, dividends, fractional shares, dividend reinvestments, capital gains, and hypothetical transactions. It also prints powerful reports to file, and to dot matrix (!!) and laser printers. The last release was in 1999 to fix a Y2K problem. A conversion program for old files is available to registered users. Shareware. DOS Program. SPRM50.ZIP

• Classic Draw Poker is a two-handed draw poker game that offers a real challenge, even for experienced poker players. Now with a tournament feature. Runs on just about any PC. No special requirement for graphics, memory, or sound. No glitz, just fun. Freeware. DOS program. POKER572.ZIP.

• The Six Letter Word Game is a simple but challenging test of your powers of reasoning and vocabulary. Guess a secret word selected from a dictionary of over 6300 six letter words. Play alone, in groups, or competitively. Freeware. DOS program. SIXLTR42.ZIP.

Back to home