Is Privacy Still Privacy?
Donald Kerr, the U.S. deputy director of national intelligence, is being reported as calling into question the tradition definition of information privacy. In this age of terrorism, Kerr said that individual privacy can no longer can mean anonymity, but should instead mean that government and businesses will properly safeguard people's private communications and financial information.
This redefinition, if one can call it that, has been a long time in the making. Both businesses and governments often seen no difference between privacy their holding close their customer's or citizen's personal information. Of course, the corporate circle has a tendency to expand, to include affiliates, third party affiliates, third parties who are also customers, third parties who really, really need the information, to third parties who promise to keep the information private. Until, of course, someone else needs it.
In the case of HIPAA, sharing medical information with other doctors, within a hospital, with laboratories and even family members and friends makes sense. Sharing financial information, or buying habits with advertisers, less so.
In the business world, it is easy to convince one's self that sharing information is always in the customer's interest, (as is easy access one's credit report). The government, too, no doubt, views itself as having only benign motives. This is the dilemma of privacy. Possession, and even use of, information can often be nearly harmless.
But it is surely a stretch to redefine privacy as every organization merely safeguarding personal information from every other organization, or at least make them promise to safeguard it - until they need to share it.
This redefinition, if one can call it that, has been a long time in the making. Both businesses and governments often seen no difference between privacy their holding close their customer's or citizen's personal information. Of course, the corporate circle has a tendency to expand, to include affiliates, third party affiliates, third parties who are also customers, third parties who really, really need the information, to third parties who promise to keep the information private. Until, of course, someone else needs it.
In the case of HIPAA, sharing medical information with other doctors, within a hospital, with laboratories and even family members and friends makes sense. Sharing financial information, or buying habits with advertisers, less so.
In the business world, it is easy to convince one's self that sharing information is always in the customer's interest, (as is easy access one's credit report). The government, too, no doubt, views itself as having only benign motives. This is the dilemma of privacy. Possession, and even use of, information can often be nearly harmless.
But it is surely a stretch to redefine privacy as every organization merely safeguarding personal information from every other organization, or at least make them promise to safeguard it - until they need to share it.
1 Comments:
This is a dangerous game of re-definition. Indeed, it is not the benign use of private data that the ideas of privacy law are designed to protect. The misuse of data is the concern and there in lies the problem such re-definitions seek to maneuver around.
In the case of government, 4th amendment protections are there for those who have been wrongly searched and to protect people from intrusive, and intimidating, searches. The promise that "we'll look but trust us, we won't tell anyone or use it against you" is of small comfort. Privacy from a governmental aspect is one of concern based not only on what is happening now, but what may happen in the future. The example I think makes this most clear is Germany in the 1930s. To be Jewish in Germany in 1931 would not be much means for hiding this affiliation. By 1939, hiding this fact was, for some, a matter of life and death. The best protection a citizenry has against such misuses of information is to prevent it's collection in the first place.
In the private sector; the challenges are that the recourse people have is only civil. This creates a problem where an organization may choose to violate its privacy policy (we'll ignore the issues of informed consent, changing contracts without re-affirmation and liberty for now). A good example of this is when .coms in the late 90s would sell their only asset (a user list) upon bankruptcy. People who had their "private" information sold had little recourse since the company that they had given their information to (and thus had the contract with) was no longer around (and even if they were, the fact that they are in bankruptcy ensures that there will be relatively little way for them to receive adequate compensation for the wrong or for the court to provide a disincentive for such actions not to happen again).
My point in these two examples is that this re-definition has far reaching consequences that are somewhat masked by the gentle nature of this re-definition. People need to be sure they understand such implications before we re-write the law to turn the veil of privacy into the hope of non-disclosure.
A Matter Of Privacy Blog
Post a Comment
<< Home