Some very interesting thoughts on the disposition of private data on old computers. First, I want to say that the advice received on this thread was certainly informative. However, some of the advice leads us to believe that we, as collectors, are implied to be held legally responsible for all content we receive... and I cannot fully subscribe to that line of thinking. It's one thing if we stole the computer. It's another if it was abandoned by the original or subsequent owners, through trade or sale, and they failed in their due diligence to delete what they feel is content of a sensitive nature. And yes, their data is THEIR responsibility. That being said. None of us collectors can expect to be privy to the chain of ownership of the device. As I implied in my original post, I was at least two degrees away from its original owner. So there may not be an option to go through the chain of ownership to find out from the content creator what they want done with files I found. But is it always illegal to possess what others have abandoned, even recklessly? I don't think so. HIPAA was brought up as one aspect. Technically, HIPAA only applies to "covered entities" such as those who use a person's medical information to provide medical services to the individual. It does not lock down all personal medical information in electronic form in all possible circumstances. You, the individual, have a right to handle and distribute your medical information as you see fit. If you see fit to apply poor practices in its distribution.. that's all on YOU! For example, you can put PDF files pertaining to your doctor's visits that you downloaded from your insurance company's website onto a USB drive and hand it to a friend, intentionally or accidentally, and it is not a HIPAA violation. That's because YOU, the individual, has the right to distribute your medical information as you desire... even if doing so is done accidentally and/or is a security risk. So if you did not wipe your old laptop of your medical information before you sold it to a Facebook buyer, that buyer's possession of the information is not a HIPAA violation. If the buyer reads the information they received, it is also not a HIPAA violation. A covenant of sale cannot be made to impart any responsibility or obligation on the buyer for the disposition of the property being transferred to the buyer outside of anything in a WRITTEN and SIGNED contract of sale. In other words, If the seller left their bank account information on the computer they sold, cash on the barrelhead, the buyer's possession of any information on the computer in that context is not illegal. The buyer's only legal obligation was to pay the agreed asking price. However, if the buyer uses that bank information in an illegal way (theft, extortion, etc.) THEN the information possessed becomes an illegal instrument in the commission of a crime, and an entirely different set of laws come into play. Legality of data on legally acquired computers is not a black and white issue. The legality stems from the use of the content. Other examples included installed software. That would fall under licensing agreements. Is it illegal to possess a copy of WordStar on an old CP/M machine, or is it only illegal to use a copy of WordStar on an old CP/M machine? That's all governed by whatever license agreement is in effect for the software. I'm pretty sure 99.9% of us very loosely imply that it's OK to use WordStar due to its general abandonware nature. But I will say this... if you say you don't use unlicensed software, you're a damn liar and you know it! As for the other content I mentioned. For example, the Last Will and Testament files. Officially, LW&Ts are public records if and only if the testator dies and the LW&T is filed in probate court. But a file of any random name then becomes a Shrodinger's Cat of a LW&T. You don't know for sure what it is until you open the file. As a buyer of a computer with unknown content, I doubt if you're still bound to any legalities, even if you actually view the content of the file. Tony addressed a couple of notions on this situation. One, that if a file on a legally acquired disk is unrecognizable for its purpose, you could simply delete it. Two, if you have an intention to offer a previous owner of the computer a copy of their data back, you need to open it to know what's in there to perform that action. Again, I cite these examples to show that any legal obligation of a current owner of content contained in a legally acquired computer system is not a black and white issue. Personally, LW&T files mean little to me. I'd much rather have the space they take up instead of the file. As for other items, like resumes that may be found, resumes are marketing documents intended to market the individual to those who could potentially lead the individual to employment. So, who can be defined as one who could POTENTIALLY lead an individual to employment? Again, not a black and white issue. "Bobby" can give copies of his resume to his friend "Billy" and tell him to give them to people he thinks might be hiring. Is the content of that resume private? Is it illegal to possess a copy of someone else's resume? I seriously doubt it based solely on intent. It was the intention of the individual to get their name, contact information, and a brief history of their job history out into the world in hopes it could lead to employment. If the resume source file contained the term "confidential", that would change things a bit. But as far as the legality of a resume file as a private document, one would be hard pressed to assert such a fact. But in this case, the person who is named in the resume I found on my Kaypro had died in the late 2000s. I determined that from public information that noted his death, along with employment history matching the content of the resume. So from my point of view, the resume file certainly implies a lot for the computer's provenance, but it's hardly a secret for its content. Overall, an underlying point shared by those who responded is this... we do have a degree of obligation in regards to the disposition of the content of computers we acquire. However, we will always disagree at some level to the extent of that obligation. As for the legal status of the content, it's not a blanket issue equally covering everything contained on the disk. Each "file" most likely is governed by a different set of laws pertaining to its content and/or use. Ethics is more likely the doctrine to be applied to content disposition. Legality is only a part of the decision making process while applying ethics to the problem. Jeff Salzman On Thu, Jan 14, 2021 at 6:10 PM Herb Johnson via vcf-midatlantic < vcf-midatlantic@lists.vcfed.org> wrote:
Well, while I have a lot I could post on these matters, I won't. I'm not a lawyer and these are legal matters. The rest is discussion not advice.
Certain content one might obtain from others accidentally on an abandoned computer, is outright illegal to own and distribute. Delete it - period. Other content is proprietary and still in distribution, thus an actionable issue by the active producers of that content.
And of course, most of us with a clue know what is "private information". Nobody here is "researching" people's private information. This is a vintage computing discussion. Private information must be deleted, copies only to owners who want it and are given opportunities to ask. Most people seem to be indifferent; some are not.
The rest, is about technical content of old programs out of use, and possibly original programming done (as in sources, binaries). These things are, in my opinion, the business of those of us in vintage computing.
What to do about finding that stuff, has been in discussion for decades. There's common practices about that content. While owners could take actions, many owners are disinterested in doing so, or "unavailable", or in some cases have released their published works. Owners have rights, and the right to say "delete". At least they used to, when content resided in their own hands. Another subject.
Informing former owners about discovered content beyond impersonal programs and documents, has some merits both to us and to the prior owners. Tony shares his experience, that he's informed some owners about protecting their data.
All that said, I'm informed by the posts on this subject, from persons who identify their sources of authority on their decisions (Tony mentioned HIPAA compliance for instance). And by various experiences discussed.
Authority and or experience matters to me, when I see advice, certainly when I give it. I don't say I have much authority, other than years of practices; I have no authority on legal matters, little on business. I'm a technologist by training and historian by circumstance.
Myself: I preserve the history of development of certain programs and hardware on my Web site. Much of that is published information, descriptions and repairs of hardware, documentation, sources or disassemblies. Some of it is biographical information from public sources and personal correspondence (republished by me with permission). Generally I have permissions, as owners of content have the rights to say "no", and privacy rights.
Over the decades: I've been contacted by content-owners or their heirs or their associates and customers. Most thank me for recognizing those known to them, a few for recognizing themselves! Some provide more information. Some people want their privacy, or at least used to when privacy existed. And some, are no longer interested in certain past works.
So it seems to me:
If the VCF Inc. chooses to, they might gather some informed and authoritative opinions and recommendations and practices, and make that information available, as a service. They may also choose to do so, to inform their officers and volunteers as to "best practices" within the VCF collection.
One service might be, to identify kinds of content - such as I and others have identified - and suggest the kinds of practices one might take. That service alone, may help persons in deciding what to do, where to seek advice.
But I'm not credentialed in most of these matters. I have certain practices I follow. Mostly I tell people "this is at your own risk. Seek professional, legal or more experienced advice. I'm not responsible for your consequences. Make your own choices." Otherwise I lead by example and effort and results, I hope.
regards, Herb Johnson
-- Herbert R. Johnson, New Jersey in the USA http://www.retrotechnology.com OR .net preserve, recover, restore 1970's computing email: hjohnson AT retrotechnology DOT com or try later herbjohnson AT comcast DOT net