As data becomes increasingly digital and accessible, privacy -- a subject for which many Americans seem to have little concern -- becomes more complex. In November 1995, many of the issues central to privacy were highlighted in a two-day seminar in Hartford, Conn. Attendees discussed what privacy means, how it can best be applied and where it clashes with important values such as access to government information.
The National Privacy and Public Policy Symposium, organized by the Connecticut Foundation for Open Government, was divided into eight groups -- biotechnology and medicine, business, economics of information, government information practices and freedom of information, information and communications technologies, journalism, law and national security/law enforcement. Each panel discussed its subject area from a privacy perspective. In so doing, the panels either were able to illuminate the ways in which privacy should be accommodated within that discipline or to describe the privacy issues that existed within that area.
Alan Westin, a Columbia University professor and pioneer in the study of privacy, opened the conference by explaining that his survey work indicated society was split into three reasonably identifiable groups:
Privacy fundamentalists, for whom privacy was an important component of any transaction that involved disclosure of personal information.
Privacy unconcerned, who seem to care little about personal privacy.
Privacy pragmatists, whose weighing of privacy concerns can shift back and forth depending on the circumstances.
Westin described these pragmatists as looking to the claimed benefit of collecting data and deciding if that would be a benefit to them. They would then look at the relevancy and propriety of the information to be collected. Finally, they would decide if fair information practices were being used -- rights of correction, notice, opt-out and similar practices. In Westin's opinion, these "privacy pragmatists" formed the middle ground and shaped the nature of privacy transactions.
I had both the privilege and task of synthesizing the strands coming from the various disciplines, examining them with an eye to finding the commonality that might flow throughout the debate. It was not an easy task and as I sifted through the materials, there were areas of agreement that came up in discussion with some frequency. Although those areas were not new to privacy advocates and practitioners, they indicated that almost any serious approach to privacy is going to be based on such long-held concepts as the principles of fair information practices. While the ability of an individual to control his or her personal information is an outgrowth of fair information practices, control is not absolute.
THE DEFINING ELEMENT
The Report of the National Privacy and Public Policy Symposium -- available for $35 a copy from the Connecticut Foundation for Open Government, P.O. Box 587, Danbury, CT 06813 -- noted that a flexible standard, which requires notification that information will be used for a certain purpose, is the defining element in any code. The uses of information are already restricted by the requirement that they be consistent or compatible with the purpose for collecting the information. While this is a solution, it exists in an imperfect world where abuses of personal information are common. Be that as it may, the system would probably fall apart if individuals were to exercise complete control over the use of their personal information."
A number of participants indicated they were optimistic the Internet would provide a greater measure of individual consent before personal information could be collected and used. The report pointed out that "commercial Web sites on the Internet could clearly post the rules for collection, use, and dissemination of information before an individual decided to participate. If an individual was willing to agree to those rules, he or she would proceed further into the transaction with the knowledge of how personal information could be used. If the company's terms were unacceptable, the individual could decline to participate."
The value of privacy as a good business practice has seeped into the economy. The report observed that "business has become more aware that privacy can be viewed as an important consumer benefit .... To apply this to the Internet, businesses that required too few privacy choices or required disclosure of too much information as a condition of participation would fail to attract customers, while those who paid close attention to privacy concerns would benefit."
The press was severely criticized by many as being the greatest invader of privacy and the journalism panel spent much of its time defending its practices. The report noted that "while many of the most egregious invasions of privacy happen with the tabloid press and their broadcast counterparts -- such as ambush interviews, reporters and producers who pay or cajole friends and family members to provide information, and the use of supersensitive sound or picture equipment to eavesdrop on individuals -- the press as an institution often seems to be more concerned with how to get sensitive information than whether such information should be pursued or used in the first place."
After spending several months reviewing the proceedings, I concluded that privacy and ethics are closely linked and what bridges the two are the principles of fair information practices. The report observed that "it was clear that the concept of fair information practices was universally accepted as the best existing model for ensuring fairness, accuracy, relevancy, timeliness and completeness in the collection, use and dissemination of information. Those terms by their very nature imply a set of ethical standards. It is certainly true that fair information practices by themselves will not resolve every privacy problem that comes along. But they are society's best articulation of how to approach privacy issues."
But, the report noted, "not all personal information is created equal as a matter of privacy. Legislatures have created an 'unwarranted' threshold for privacy in the context of government records, and that same threshold is probably useful in making other determinations. Where we live, where we work, where we send our children to school are all pieces of 'personal' information that some individuals may consider more private than others. But those choices are largely played out in public. Our neighbors know where we live. Most of us don't think twice about having that information published in phone books or city directories. However, other personal information, even if provided in the semipublic corridors of a hospital, is of a more personal nature and legislatures have often indicated that such information should not be public. On the federal level, this has included medical and personnel records at a minimum.
"The flexibility of such standards as 'unwarranted' was designed to clearly indicate that the disclosure of certain personal information would not rise to the level of an invasion of personal privacy. But as privacy becomes a more important concern to more people, those standards provide the needed flexibility to change as perceptions of privacy change. For example, if disclosure of home addresses was not considered an invasion of privacy today, society might decide that disclosure of such information would be an invasion of privacy tomorrow. If the societal perception changes, the standard will move to accommodate it."
Harry Hammitt is the editor/ publisher of Access Reports, a newsletter published in Lynchburg, Va., covering open government laws and information policy issues. E-mail: <firstname.lastname@example.org>.