Information privacy is a complex and continually changing topic. Individuals' sensitive information is being both collected and shared more and more frequently as a result of increased technology use.

Security of Personal Information Edit

Three aspects relevant to the discussion of information privacy are: [1]

  1. Disclosure control: how much control does one have over his/her private information?
  2. Sensitivity: how sensitive is the information? This can be hard to judge and will vary from each individual’s perspective.
  3. Affected parties: who will be affected by the sharing of this information and how?
Information Privacy - Information Security Lesson -12 of 12

Information Privacy - Information Security Lesson -12 of 12

Threats to Information Privacy Edit

Increased use of information and communication technology has created four critical threats to information privacy: data collection, lack of informed consent, loss of control, and ownership of data. [1]

Specific examples of emerging technologies that threaten personal privacy:

  • RFID: remote/secret scanning is possible; trend toward RFID in ID and credit cards [1]
  • VOIP: interception means identification of communicating parties (even if what is being said is encrypted) [1]
  • Electronic voting: insecure technologies, ISP interference [1]
  • Location based service: location tracking of users easy to abuse [1]
  • Mobile apps accessing sensitive data [2]
  • Facial recognition software [2]

Information policy Edit

Policy regarding information privacy varies greatly between organizations, whether those groups are in the government or private sector, and can be self-imposed and/or regulated by law.

"Information policy determines the kind of information collected, created, organized, stored, accessed, disseminated and retained. Who can use the information, whether there will be charges for access, and the amount charged, is also covered. Usually associated with government information, information policy also establishes the rules within which private information providers and the media operate."[3]

Information Privacy Law Edit

The primary law governing information privacy in the US is the Privacy Act, supplemented by additional laws. These additional laws have been criticized for their inconsistency, because they cannot be broadly applied, and are specific only to various situations. e.g. the Fair Credit Reporting Act, the Health Insurance Portability and Accountability Act, and the Federal Educational Rights and Privacy Act. Additionally, while there are significant rules in regards to the governments' acquisition and use of personal information, there are relatively few regulations for everyone else. One notable exception is the Children's Online Privacy Protection Act, which does apply to commercial websites and online services.

Regarding privacy law in Canada:

"Computers and telecommunications make it possible for governments and corporations to collect vast amounts of information on individuals. Protection of personal information is an important concern for most people. Personal privacy protection legislation ensures that you know what information the government is collecting about you; that it is only collected for specific reasons associated with specific government programs or laws; and that you can correct any inaccurate information. The Federal Government and most provinces have some privacy legislation covering government data." [4]

Guidelines for Ensuring Privacy Edit

One set of guidelines is the Code of Fair Information Practices, which is based on five principles:[5]

  1. There must be no personal data record-keeping systems whose very existence is secret.
  2. There must be a way for a person to find out what information about the person is in a record and how it is used.
  3. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.
  4. There must be a way for a person to correct or amend a record of identifiable information about the person.
  5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

Dr. Daniel Soper goes further, supporting adherence to the following principles in order to protect the rights of individuals. [1] These principles are aligned with those outlined in the amended Homeland Security Act of 2002 Fair Information Practice Principles.

  • Limited collection: information should be obtained fairly and lawfully.
  • Data quality: information gathered should be of high quality and relevant to the context.
  • Purpose specification: the purpose of information collection should be clearly specified, and that information should be destroyed after its purpose is achieved.
  • Limited use: collected information should be used only for its specified purpose unless an individual specifies - or law requires - it to be used otherwise.
  • Security: procedures must be in place to prevent loss, damage, misuse of information.
  • Openness: information about the storage, acquisition, and use of one's information should be easily obtainable.
  • Individual participation: individuals should have right to examine, challenge, and correct personal information.
  • Accountability: organizations must monitor adherance to priniciples and be held accountable for violations.

Information Privacy and Libraries Edit

As upholders and defenders of First Amendment rights, it follows that libraries have the responsibility of ensuring information privacy for their users, whether public or private institutions.

The ALA has aligned its own Bill of Rights to include privacy and confidentiality.

"For libraries to flourish as centers for uninhibited access to information, librarians must stand behind their users' right to privacy and freedom of inquiry... Library privacy and confidentiality policies must be in compliance with applicable federal, state, and local laws. The courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution."[6]

References Edit

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6
  2. 2.0 2.1

Further Reading Edit

Vasalou, A. et al (2015). Privacy as a fuzzy concept. Journal of the Association for Information Science and Technology, 66 (5), 918-929. Doi: 10:1002/asi.23220