Track Report
Seeking a Clearer Understanding of “Privacy” and “Confidentiality”
What assumptions are we making in discussing privacy and confidentiality in
the context of computer technologies, particularly as computer privacy relates
to computer security? We assume that without a desire for privacy the desire
for security makes little sense. On the other hand, even if we assume a totally
secure system, privacy problems don’t go away. For purposes of getting
a better understanding of privacy and confidentiality, it might be useful to
assume that all systems are completely secure, thereafter determining the nature
of the privacy problems that remain. Of course, we should do this without losing
sight of the fact that in the real world, there can be no such thing as a completely
secure system. So, we also need to determine the nature of privacy problems
when systems are secure to varying degrees.
Of course, it could also be argued that the security issue is besides the point.
Consider Lotus’ Marketplace database: the developers didn’t have to
break into any system to acquire the information, and yet it poses a serious
threat to privacy. Similarly, physicians and nurses have unrestricted access
to patients’ confidential medical records; and problems may arise if physicians
and nurses do not treat this information as confidential.
But what do “privacy” and “confidentiality” mean? Why, in
moral and social arrangements, are privacy and confidentiality important? Is
there a moral right to privacy and, if so, on what philosophical (or other)
basis is it founded? In short, what moral arguments can be advanced on behalf
of the individual’s right to privacy? Similarly, is there a legal right
to privacy and, if so, on what basis is it founded? A recent poll by the Los
Angeles Times found that 71% of Americans believed they had a right to privacy.
What did those polled understand by “privacy”?
We need to define privacy before we protect it. At first glance, what information
is or is not private seems somewhat subjective. For example, some persons may
not want their age or salary divulged, while others seem not to care whether
such information is public or private. This suggests subjectivism. Further,
what information is regarded as appropriately public or private may be a function
of the culture to which one belongs. And this suggests relativism.
Is privacy a right? If so, then it is the kind of right that may be selectively
exercised or waived. Talking to a doctor about one’s bowel movements involves
waiving one’s right to personal privacy. We waive the right in such instances
because it is in our best interest to do so. This too suggests that there is
an element of relativism involved in our exercising or waiving the right to
privacy. However, it should be noted that in most such cases, the assumption
of confidentiality is an important aspect of the disclosure.
While examples can be offered suggesting that privacy may be a subjective matter
(again, whether one wants one’s age or salary made public), such examples
cannot address the more fundamental question of whether it is the case that
everyone wants to control the process in which decisions are made regarding
the private or public status of information about one’s self. Further,
we should note that when we decide to divulge information to a doctor or lawyer,
the confidentiality of such information is protected by law. Here we ought to
consider whether it would be a good idea to afford persons similar legal protections
regarding the practices, for instance, of credit bureaus.
An example may serve to illustrate the advantages and disadvantages of current
credit bureau practices. Consider an individual who, for several years, has
done business with a small independent bank that does not report to any credit
bureau the financial histories of its customers. One day the individual moves
to a larger town and wishes to make a car loan from a larger bank. He is refused
the car loan because the new bank is unable to determine the individual’s
credit history.
There may be a fallacy in thinking that what Americans want most is privacy.
They may in fact want more credit and greater convenience. People do not want
to go back to the days when obtaining a car loan took two weeks and securing
a mortgage took several months. Of course, Americans may also want to know what
information about them is being disseminated. But satisfying both desires need
not be an impossibility.
How can privacy and confidentiality be distinguished? Privacy belongs to an
individual, and holds between the individual and the world. Confidentiality
involves a relationship between two people. In confidential arrangements, there
is an implicit agreement between persons that information won’t be passed
on, perhaps even an implicit promise. Such personal relationships imply a consent
to retain information as well as a measure of trust. In the research arena,
for example, a researcher “promises to hold” information. In some
cases, the breaking of the promise may be held not only against the individual
who breaks the promise, but against the institution for which the individual
works. Confidentiality may be construed as a tool we use to assure privacy.
We’ve noted that relations exist between the problem of privacy and the
problem of security. It should also be said that relations exist between privacy
and ownership, and between privacy and access. Determining the nature and extent
these relations is imperative if we are to acquire a clearer and more comprehensive
understanding of the nature of privacy and confidentiality in computerized settings.
Studies of problems in isolation are bound to be inadequate.
Go to: The Use and Abuse of Electronic Mail and Electronic Bulletin Boards
Home > Research Resources > Computing and Privacy > Track Report
HOME | IN
THE NEWS | RESEARCH
RESOURCES
TEACHING RESOURCES | STUDENT
RESOURCES | LINKS
The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street | New Haven, CT 06515
Director: (203) 392-6790 | e-mail: webmaster@computerethics.org
© 2000 – 2007 – Research Center on Computing & Society