The straightforward answer is that it is easier to get records in some ways and others more difficult.
The two forces pulling legislation are privacy and transparency. Each has its advocates, groups, and other interested parties, along with plenty of arguments on both sides. On one end, we would like to enjoy the privacies every individual should have while demanding transparency of our government and its multitude of agencies, officials, and various documents. The last part, various documents, is where the two camps often cross paths. You can invade a person's privacy while obtaining public records, as documents can contain information we as individuals would not like others to see.
The vulnerability of private information
Sensitive personal information can be found in various public records held by different government agencies. You do not need to search for long before coming to this realization. It has become common wisdom to search your name to see what is out there about all of us, legally and readily available, which means without notice to the person being searched. The policies protecting records such as driving history and credit checks do not apply to many other agencies' information. Privacy advocates have a good point when it comes to arguing erroneous information about a person, posing questions such as "where is the credibility and accountability?" "how easily and quickly can the erroneous data be removed?". There are good points on both sides, but identity theft is the biggest recent boost to privacy advocates' arsenal.
The argument from transparency advocates
On the opposite end is government transparency. The priority is sought by both privacy as well as transparency advocates. Since we can not pass legislation for each document, we have statutes that try to cover as many scenarios as possible. Just as privacy advocate groups have identity theft to use as a strong popular argument. There is overreach from both sides to secure their position with legislatures. Transparency advocates seek accountability and see their proposed policies as a major tool to fight against department abuses. Amongst all the debate, one must realize that they view information that may not have come directly from a government source. That is an even greater factor due to the information we divulge on the internet. For example, the information you make public on social media sites can be shared and viewed elsewhere. Imagine your future employer or colleague's impression of you when viewing your personal Facebook page.
Who should be held responsible?
We already have legislation outlawing abuses on either side, whether privacy concerns or transparency. Agencies must protect private, nonpublic information about individuals and be held accountable when they aren't. The custodian of the record is the first defense against identity thieves and other abuses. Factors such as mismanagement and lack of oversight make it realistic and a severe issue. How much should agencies be reasonably held accountable for? Information can be stolen from any source having data, not solely from government agencies, so only a fair amount of expectation is reasonable. Responsibility is easy to find since the law is clear on guidelines; however, the balance between privacy and transparency is the ultimate resolution.