June 2010 Edition
Computer Science Department, University of Cape Town
| MIT Notes Home | Edition Home |
| MSc-IT Study Material June 2010 Edition Computer Science Department, University of Cape Town | MIT Notes Home | Edition Home | |
In essence the issue revolves around:
Collection and use of data
Information obtained from data versus loss of privacy
The needs of the organisation collecting and using the information versus individuals’ right of privacy (considered a social good)
An example is that Amazon collects information on its clients in order to be able to inform them of new books in their interest areas.
What is personal privacy and why is it valuable? Most people expect privacy in their personal space such as home – the domain in which government and other organisations should not interfere. Privacy is often seen as intrinsic good – good in itself – which can lead to other good. Kant’s theory is that privacy is essential to autonomy and that autonomy is inconceivable without privacy.
Read the following paragraph:
In order to establish a relationship with an individual one needs to be able to control information about oneself in order to maintain a relationship. Collecting and grouping of information into a database causes us to lose control of the information. This loss of control reduces our ability to form relationships.
Do you agree with what is being said there? Do not consider just personal relationships consider professional relationships as well.
It is said that information a person gives to an organisation empowers them over the person – for example, a credit card company. Organisations can establish this relationship without any action by the individual (e.g. Subscription information). This problem has been amplified by the introduction of computers. Government has tried to deal with this and to allay fears by passing laws that prevent different database from being joined (e.g. the Home Affairs’ and Police’s fingerprints databases). Laws have been passed on the privacy issues concerning medical and credit records amongst others.
In the mid 1970s, the United States provided five principles to govern fair information gathering practices:
No secret personal data keeping.
Individual must be able to discover their personal information and how it is used.
Individual must be able to discover and stop information collected for one purpose but is used for another.
Individual must be able to correct wrong information.
Database administrator of personal information must take necessary precautions to prevent misuse and also to assure reliability of data.
Do you think that these principles are still appropriate today when it comes to electronic databases. What changes, if any, do you think needs to be made to this code?
This issue of individual – organisation relationships is discussed further in the section on Privacy Issues on the workplace later in this chapter.
The Internet expansion plays a large role in increasing the potential for misusing of information. The information is flowing across borders more readily and frequently. Irrespective of the individual nation’s policies, there is still a need for a global policy.
European Union has a policy that is enforced amongst its members. Each member states must make sure that personal data must be:
Processed fairly and lawfully
Collected for specific and legitimate purposes
Not processed further (except for statistical, scientific or historical reasons and then with prior permission)
Adequate but not excessive for purpose required
Kept up to date
Accurate for purpose collected
Kept no longer than required
There have also been many proposals for better protection with broad conceptual changes and legislative initiatives:
Appreciate and action the principle that privacy is a social good.
Need for a comprehensive approach that is not a piecemeal approach but also integrate a global exchange of data.
Power of private corporations never envisaged – this is a new vacuum.
Sweden introduces the Data Inspection Board:
Licences all automated personal information systems in both public and private sectors
Controls collection of personal data
Can investigate completes
Designs rules for personal data collection
Discuss the pro and con of a system such as that of Sweden’s Data Inspection Board is. Do you think that each country should go this route?
The ACM’s code of conduct considers privacy and seeks to:
Minimise data collected
Only allow authorised access to data
Provide proper security
Determine required retention period
Ensure proper disposal of the data