Privacy
Privacy can be interpreted quite broadly. However, court decisions in many countries have followed two rules closely:
-
The right to privacy is not absolute. Privacy must be balanced against the needs of society.
-
The public’s right to know supersedes the individual’s right to privacy.
These two rules demonstrate why it can be challenging to determine and enforce privacy laws. Rapid developments in information technology have made it much simpler to gather, store, and integrate massive amounts of data on individuals in large databases, as we previously discussed. On a daily basis, information about you is created in a variety of ways, including searches on search engines, credit card transactions, phone calls (both landline and cellular), banking transactions, busy intersections, surveillance cameras, other roadways, public spaces, and places of employment (including police records). These data can be integrated to produce a digital dossier, which is an electronic profile of you and your habits. The process of forming a digital dossier is called profiling.
Electronic Surveillance
The tracking of people's activities with the aid of information technology has grown to be a significant privacy issue. The ACLU observes that this electronic surveillance, or monitoring, is expanding quickly, especially as new technologies become available. Employers, the government, and other institutions all use electronic surveillance to gather information. In public places like banks, subways, and airports, surveillance cameras follow you around.
In addition, Cheap digital sensors are widely available today. They are used in utility meters, passports, employee ID cards, smartphone cameras, video game motion sensors, and laptop webcams.
The monitoring of human activity is being aided by new technologies like low-cost digital cameras, motion sensors, and biometric readers. Additionally, the cost of using and storing digital data is falling quickly. As a result, the collection and storage of sensor data has skyrocketed.
Facial recognition technology is yet another illustration of how new gadgets can contribute to electronic surveillance. This software was previously only functional in highly regulated environments, like passport checkpoints.
Google Picasa and Facebook Photo Albums, two well-known online photo-editing and sharing services, both use facial recognition technology. Both businesses promote photo tagging, the process of giving names to individuals in pictures. Then, facial feature indexing software is used. When someone is identified in a photo, the software looks for similar facial features in untagged pictures. The user can use this process to quickly gather pictures where the tagged person is visible. Notably, the person is unaware of this procedure. Once you've been identified in a photo, that image can be used to look for other instances of you online or in private databases, such as those fed by security cameras.
Personal Information in Databases
In numerous databases, modern institutions keep information about people. Credit-reporting companies may house these records in the most prominent places. Banks and other financial institutions, cable TV, phone, and utility companies, employers, mortgage lenders, hospitals, schools and universities, retail establishments, and governmental organizations (the Internal Revenue Service, your state, and your municipality) are some other establishments that store personal information. There are several concerns about the information you provide to these record keepers.
Some of the major concerns are:
-
Do you know where the records are?
-
Are the records accurate?
-
Can you change inaccurate data?
-
How long will it take to make a change?
-
Under what circumstances will personal data be released?
-
How are the data used?
-
To whom are the data given or sold?
Privacy Codes and Policies
The rules set forth by an organization to safeguard the privacy of its clients, customers, and employees are known as privacy policies or privacy codes.
Senior management has begun to realize in many corporations that they must safeguard the vast amounts of personal information they collect. Additionally, a lot of businesses give their clients the option to opt-out of certain uses of their information.
-
Up until the customer specifically requests that the data not be collected, the company is allowed to collect personal information using the opt-out model of informed consent.
-
Privacy advocates favor the informed consent model of opt-in, which forbids businesses from gathering any personal data unless the client expressly consents to it.
Privacy Policy Guideline: A Sample
1. Data Collection
Only information about specific people should be gathered in order to further a legitimate business goal. In relation to the business objective, the data should be sufficient, pertinent, and not excessive. Before any information relating to an individual can be collected, that person must give their consent. Such consent might be inferred from the person's behavior (e.g., applications for credit, insurance, or employment)
2. Data Accuracy
Before being entered into the database, sensitive information gathered about specific individuals should be confirmed.
Information should be kept up to date as needed The file should be made available so that the person can verify that the information is accurate. The individual's version should be noted and included with any disclosure of the file if there is any disagreement regarding the accuracy of the data.
3. Data Confidentiality
To prevent unauthorized data disclosure, computer security procedures should be put in place. Physical, technical, and administrative security measures should all be part of these procedures. Except when required by law, data should not be disclosed to third parties without the individual's knowledge or consent. Other than the most common disclosures, data disclosures should be recorded and kept for as long as the data are kept. For reasons at odds with the business goal for which they are collected, data should not be disclosed.
All of the good privacy intentions in the world are useless unless they are supported and enforced by effective security measures.
International Aspects of Privacy
Governments all over the world have endorsed a wide range of contradictory privacy and security laws as the number of internet users has increased. For businesses, the highly complex global legal system is leading to regulatory issues. There are data protection laws in about 50 different countries. Many of these laws are in conflict with international agreements or call for particular security precautions. There are no privacy laws at all in other nations.
We refer to this issue as transborder data flows because it results from the lack of consistent or uniform privacy and security standards. One group that has taken action to address this issue is the European Union (EU). The European Community Commission (ECC) issued guidelines to each of its member nations in 1998 regarding people's rights to access information about themselves. Multinational corporations with U.S. bases may run into issues because EU data protection laws are stricter than American ones and could subject them to legal action for privacy violations.
A number of privacy concerns are raised when data is moved into and out of a country without the consent of the people involved or the authorities. When records are kept in another nation for further processing or transmission, whose laws apply? For instance, which country's privacy laws govern the data, and at what points during the transmission, if it is sent by an Indian company via a U.S. satellite to a British corporation? As time passes, questions like these will arise more frequently and with greater complexity. In order to address some of these privacy concerns, governments must make an effort to create laws and standards that can keep up with the rapidly evolving information technologies.