What's the big deal about privacy online?
Why care about privacy? After all, co-founder of Sun Microsystems Scott McNealy famously said, “You have zero privacy anyway; get over it!” However, privacy enthusiasts have taken issue with that, as well as Eric Schmidt, executive chairman of Google, commenting that, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.”
Personal vs. public
So, does this mean we should start to voluntarily censor ourselves online? For example, if we are feeling a little depressed, should we avoid seeking helpful reading materials online, so we do not get pigeonholed as a depressed person by the rest of the world through our search records? No. Privacy can be achieved, if businesses would just rethink the way they design their information systems, and consumers can also help protect themselves.
Good data protection measures can reduce our chances of being the victim of identity theft, protect what should be considered personal information about us, allow us to make choices about what we consider personal vs. public information, and even protect our physical safety and the safety of our personal property.
Why do we need to ensure privacy?
Privacy is necessary to prevent us from living in digital “glass houses.” We did not accept the unsafe factories built during the Industrial Revolution, so the Occupational Safety and Health Administration (OSHA) was created.
To help clean up the excessive pollution emitted during the early days of these new factories, the Environmental Protection Agency (EPA) was created. As famed computer security specialist Bruce Schneier has pointed out, in the Information Age, we now have data pollution. We should embrace the concept of Privacy by Design, working with businesses to clean up the unnecessary and erroneous data and try to prevent the creation of this data in the future.
Technology is moving fast
Cultural lag theory can be applied to the privacy arena. This theory points out that technology tends to take off before the appropriate controls have been thought out and implemented. However, this does not mean we shouldn’t continue to develop, refine and implement controls to address the problem.
The definition of what it means to be private online
Privacy was early defined by Supreme Court Justices Warren and Brandeis in 1890 as the “right to be left alone.”
Privacy pioneer Alan Westin further refined the definition of privacy in 1967 as the ability to determine for ourselves when, how and to what extent information about us is communicated to others.
In the past decade, the American Institute of Certified Public Accountants/Canadian Institute of Chartered Accountants (AICPA/CICA) in their Generally Accepted Privacy Principles (GAPP) have defined privacy as “the rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure and disposal of personal information.”
At debate now is the concept of the right to be forgotten, meaning the right to have data that has been collected about you to be purged at your request, as long as laws don’t exist for it to be kept.
How are we protected, and what can we do?
Where you live helps define how well your data is protected.
The United States has enforced some sector-based laws, but largely has followed self-regulatory models, while the European Union, Canada and several other countries have enacted wide-sweeping legislative models. So, in the United States, users need to be savvy and make smart choices about their behavior on the Internet and protect themselves. Here are some suggestions:
Ten practical actions you can take to protect yourself on the Web
- THINK before you share your information with any site or person on the Internet.
- Do your homework and read privacy policies.
- Never log in to your financial assets, such as online banking sites, from a public network (at hotels, coffee shops, airports, etc.).
- Use different passwords for your finances than for your social networks and games.
- Protect your home computers by making sure your home network is closed. Otherwise, neighbors, their visitors or even someone sitting in a car outside your home may access your network.
- Be very careful about giving your Social Security number out and only do so on a secured network (Look for “https,” not “http” in the website.).
- On social networking sites, such as Facebook, make all of your privacy settings “friends only.”
- Do not answer those 20-question lists on social networking sites. They are also questions typically asked to allow you to access many financial websites if you lose your password.
- Periodically check your credit report. You can get one free report per year from each of the three major credit agencies. That means you can get one free every four months; put it on your calendar.
- Do not let your children have the location-based options activated on their mobile devices, including portable game devices.
How can businesses promote better data-protection practices?
Many free tools are available for businesses and consultants to use. The concept of Privacy by Design largely has been endorsed worldwide. Commissioner Ann Cavoukian of Ontario, Canada coined the term, and her office has been working to deliver practical guidance to businesses and consumers.
Some of the principles include being more proactive, not just reactive, to privacy issues. They also emphasize designing systems with privacy in mind and protecting data throughout its entire life cycle with the company. Firms should not collect data just because they can. It can become a liability. Companies should also be honest with customers about what data they collect and how it’s protected.
Consumers expect businesses to handle their data appropriately
The Privacy by Design Research Lab at Arizona State University, under the direction of Commissioner Cavoukian and Dr. Marilyn Prosch of the W. P. Carey School of Business at ASU works to provide guidance to businesses. For example, a major challenge in the mobile world is protecting people’s privacy about their whereabouts without hindering ways in which mobile-service providers can achieve their business goals.
Recently, the concept of Privacy by Redesign was also hatched by Commissioner Cavoukian and Dr. Prosch as they recognized that a majority of systems cannot feasibly be scratched, so they need to be redesigned with privacy in mind. The three Rs of Privacy by Redesign are: Rethink, Redesign and Revive. This supports the concept of reducing data pollution and working toward improving existing systems.
Another great set of tools have been developed by the American Institute of Certified Public Accountants/Canadian Institute of Chartered Accountants (AICPA/CICA) in their Generally Accepted Privacy Principles (GAPP). GAPP is available for businesses to use, is free of charge, and many supplements, such as the newly released Privacy Maturity Model, are also available.
About the Author
Associate Professor Marilyn Prosch is co-founder of the Privacy by Design Research Lab at Arizona State University. She teaches in the Information Systems Department at the W. P. Carey School of Business at ASU, and her research centers on privacy, electronic commerce and other subjects related to information technology. Prosch is a well-known expert on protecting your personal and business information online. The W. P. Carey School of Business is one of the largest and highest-ranked business schools in the country, with more than 10,000 students and an MBA program ranked Top 30 by U.S. News & World Report.