Track Report - Seeking a Clearer Understanding of “Privacy” and “Confidentiality” - The Research Center on Computing & Society

Text-only Version

Jacques N. Catudal, Ph.D.

Seeking a Clearer Understanding of “Privacy” and “Confidentiality”

What assumptions are we making in discussing privacy and confidentiality in the context of computer technologies, particularly as computer privacy relates to computer security? We assume that without a desire for privacy the desire for security makes little sense. On the other hand, even if we assume a totally secure system, privacy problems don’t go away. For purposes of getting a better understanding of privacy and confidentiality, it might be useful to assume that all systems are completely secure, thereafter determining the nature of the privacy problems that remain. Of course, we should do this without losing sight of the fact that in the real world, there can be no such thing as a completely secure system. So, we also need to determine the nature of privacy problems when systems are secure to varying degrees.

Of course, it could also be argued that the security issue is besides the point. Consider Lotus’ Marketplace database: the developers didn’t have to break into any system to acquire the information, and yet it poses a serious threat to privacy. Similarly, physicians and nurses have unrestricted access to patients’ confidential medical records; and problems may arise if physicians and nurses do not treat this information as confidential.

But what do “privacy” and “confidentiality” mean? Why, in moral and social arrangements, are privacy and confidentiality important? Is there a moral right to privacy and, if so, on what philosophical (or other) basis is it founded? In short, what moral arguments can be advanced on behalf of the individual’s right to privacy? Similarly, is there a legal right to privacy and, if so, on what basis is it founded? A recent poll by the Los Angeles Times found that 71% of Americans believed they had a right to privacy. What did those polled understand by “privacy”?

We need to define privacy before we protect it. At first glance, what information is or is not private seems somewhat subjective. For example, some persons may not want their age or salary divulged, while others seem not to care whether such information is public or private. This suggests subjectivism. Further, what information is regarded as appropriately public or private may be a function of the culture to which one belongs. And this suggests relativism.

Is privacy a right? If so, then it is the kind of right that may be selectively exercised or waived. Talking to a doctor about one’s bowel movements involves waiving one’s right to personal privacy. We waive the right in such instances because it is in our best interest to do so. This too suggests that there is an element of relativism involved in our exercising or waiving the right to privacy. However, it should be noted that in most such cases, the assumption of confidentiality is an important aspect of the disclosure.

While examples can be offered suggesting that privacy may be a subjective matter (again, whether one wants one’s age or salary made public), such examples cannot address the more fundamental question of whether it is the case that everyone wants to control the process in which decisions are made regarding the private or public status of information about one’s self. Further, we should note that when we decide to divulge information to a doctor or lawyer, the confidentiality of such information is protected by law. Here we ought to consider whether it would be a good idea to afford persons similar legal protections regarding the practices, for instance, of credit bureaus.

An example may serve to illustrate the advantages and disadvantages of current credit bureau practices. Consider an individual who, for several years, has done business with a small independent bank that does not report to any credit bureau the financial histories of its customers. One day the individual moves to a larger town and wishes to make a car loan from a larger bank. He is refused the car loan because the new bank is unable to determine the individual’s credit history.

There may be a fallacy in thinking that what Americans want most is privacy. They may in fact want more credit and greater convenience. People do not want to go back to the days when obtaining a car loan took two weeks and securing a mortgage took several months. Of course, Americans may also want to know what information about them is being disseminated. But satisfying both desires need not be an impossibility.

How can privacy and confidentiality be distinguished? Privacy belongs to an individual, and holds between the individual and the world. Confidentiality involves a relationship between two people. In confidential arrangements, there is an implicit agreement between persons that information won’t be passed on, perhaps even an implicit promise. Such personal relationships imply a consent to retain information as well as a measure of trust. In the research arena, for example, a researcher “promises to hold” information. In some cases, the breaking of the promise may be held not only against the individual who breaks the promise, but against the institution for which the individual works. Confidentiality may be construed as a tool we use to assure privacy.

We’ve noted that relations exist between the problem of privacy and the problem of security. It should also be said that relations exist between privacy and ownership, and between privacy and access. Determining the nature and extent these relations is imperative if we are to acquire a clearer and more comprehensive understanding of the nature of privacy and confidentiality in computerized settings. Studies of problems in isolation are bound to be inadequate.

Back to the top

Go to: The Use and Abuse of Electronic Mail and Electronic Bulletin Boards

Home > Research Resources > Computing and Privacy > Track Report

The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street • New Haven, CT 06515
Director: (203) 392-6790 • e-mail: webmaster@computerethics.org

© 2000 – 2007 – Research Center on Computing & Society