Understanding Privacy


Well , most people started talking about privacy only after GDPR came into existence. However , Samuel Warren and Louis Brandeis published “The Right to Privacy” in 1890 in the Harvard Law Review. They set forth the definition of privacy as “the right to be left alone.” This definition , although written in the context of the physical world can easily be extended to the digital world. Through this blogpost , lets try to understand the definition of privacy and its types. We will also explore the origins of privacy so as to better enable to understand the various laws and resolutions passed in this regard.

Section 1 of the California Constitution says ,

“All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring , possessing and protecting property, and pursuing and obtaining safety , happiness and privacy.”

Hence , privacy has been defined as the desire of the people to freely choose the circumstances and the degree to which the individuals will expose their attitudes and behaviour to others.

Privacy can be defined in many ways. There are 4 categories or classes of privacy.

  • Information privacy - Concerned with establishing rules that relate to the collection and handling of personal information. Financial information , medical information etc are examples of this. Most of the debate nowadays is related to information privacy.
  • Bodily privacy is focussed on a person’s physical being and any invasion thereof. Can include drug testing , body searches , abortion etc.
  • Territorial privacy is focussed on placing limits on the ability to intrude into another individual's environment. Can include location gathering , video surveillance etc.
  • Communications privacy includes protection of the means of correspondence. Includes telephonic conversations, email and other forms of communication behaviour.

Fair Information Practices (FIP)

These are the guidelines for handling , storing and managing data with privacy , security and fairness in an information society that is rapidly evolving.

Here are the principles :

  • Rights of individuals
  • Controls on the information
  • Information Lifecycle
  • Management

Let us understand them in detail.

With regards to the rights of individuals , companies must address the following

  • Notice
  • Choice and consent
  • Data subject access

Consider an e-commerce portal who is collecting various kinds of information about the individual. This portal should inform and take consent from the customer that it would be collecting the information and for what purpose. They must also provide an individual with access to the collected information for review and update,

The second FIP relates to the controls which the collecting entity has applied to ensure that the information is secured and available only to authorised individuals. It also relates to the quality of the information collected. Collected information must be accurate , complete and only to be used for purposes mentioned in the notice.

The third FIP relates to the lifecycle of the information. This includes collection , use and retention and disclosure. Collection must only relate to the purposes mentioned in the notice. If an organization collects location information for the purpose of providing the list of nearby hotels in the area, it should collect only for that purpose.

Usage and retention of such information should be limited in nature. If the location information is used for identifying as to where the individual lives and then using that information to sell him insurance or any other services ,  it is in violation of the notice according to which the information’s purpose was defined.

If the information is to be disclosed to a third party , then it must be used only for the purposes as mentioned in the notice with the implicit or explicit consent of the individual.

The final principle of the FIP is Management. This relates to

  • Organizations must clearly define , document , communicate the privacy policies and procedures
  • Second , they must put mechanisms in place to ensure that what is said is actually being followed.

In the next blogpost on privacy , we will learn about the regulations related to the FIPs.

Comments

You may also like to read...

How to Pass the CISSP Exam in First Attempt

The CISSP CAT Exam Experience

How to Pass SSCP Exam in the First Attempt