|“||There is growing concern that computers now constitute, or will soon constitute, a dangerous threat to individual privacy.||”|
Information privacy (also called informational privacy or data privacy) is
|“||the ability of a person to control, edit, manage and delete information about themselves and to decide how and to what extent such information is communicated to others. Intrusion can come in the form of collection of excessive personal information, disclosure of personal information without consent and misuse of such information. It can include the collection of information through the surveillance or monitoring of how people act in public or private spaces and through the monitoring of communications whether by post, phone or online. It extends to monitoring the records of senders and recipients as well as the content of messages.||”|
Information privacy (also called informational privacy or data privacy) is
|“||those aspects of privacy law that involves the right of individuals to determine when, how and to what extent they choose to share personal information about themselves with others.||”|
|“||the interest individuals have in controlling or at least significantly influencing the handling of data about themselves.||”|
|“||used to refer to standards for the collection, maintenance, use, and disclosure of personally identifiable information. A central component of 'information privacy' is the ability of an individual to control the use of information about him or herself.||”|
Information privacy is not an unlimited or absolute right. Individuals cannot suppress public records, nor control information about themselves that, by law, is used for a permissible purpose (e.g., criminal defendants cannot prevent courts from examining their prior criminal record before imposing sentence, and sellers of realty cannot prevent a title search of their property). Although individuals may refuse to disclose certain facts about themselves, such disclosure is often either required by law (e.g., tax information) or required if the data subject hopes to participate in society in a meaningful way (e.g., disclosing financial information to obtain a mortgage or releasing medical information to obtain insurance coverage). As a practical matter, individuals cannot participate fully in society without revealing vast amounts of personal data.
Although there is no universal agreement about what "privacy" is, it is of considerable and increasing concern to individuals. Threats to the privacy of personal information arise primarily as a result of the widespread increase in the availability and use of computers and computer networks, the corresponding increase in the disclosure of personal information by Internet users to websites, the routine collection of personal information about online users by websites, and the utilization of personal information online for direct marketing and advertising purposes.
Protection of information privacy is widely seen as serving at least five interests that are critical to a democracy:
- An interest in ensuring society (both public and private sectors) makes decisions about individuals in a way that comports with notions of due process and fairness. Accuracy of CHRI and use of that information which includes providing notice to the individual and giving the individual an opportunity to respond, is consistent with notions about fairness. The absence of these protections may produce erroneous or unjustified decisions about employment, credit, health care, housing, or other valued benefits or statuses.
- An interest in protecting individual dignity. When individuals endure stigma, embarrassment, and humiliation arising from the uncontrolled use and disclosure of information about them, they lose the sense of dignity and integrity essential for effective participation in a free and democratic society.
- An interest in protecting individual autonomy. When individuals lack control over personal information about themselves, they lose a sense of control over their lives. The ability of individuals to control personal information about themselves promotes personal autonomy and liberty.
- An interest in promoting a sense of trust in, and a check upon the behavior of, institutions. When individuals lose the ability to selectively disclose their sensitive personal information, they lose trust in the public and private institutions that collect, hold, use, and disclose this personal information.
- An interest in promoting the viability of relationships critical to the effective functioning of a democratic society. Numerous relationships, such as the doctor-patient relationship, the lawyer-client relationship, or even the news media and confidential source relationship, depend upon promises of confidentiality in order to promote the candid sharing of personal information and trust within the relationship.
Thus, the critical question becomes: how do we balance the need to use information (by government, commerce, and individuals) with the natural desire of individuals to decide what information about themselves will be exposed to others? Having articulated principles for striking that balance, how do we implement them?
In the United States there is no comprehensive legal protection for personal information. The U.S. Constitution protects the privacy of personal information in a limited number of ways, and extends only to the protection of the individual against government intrusions. However, many of the threats to the privacy of personal information occur in the private sector. Any limitations placed on the data processing activities of the private sector will be found not in the Constitution but in federal or state law.
There is no comprehensive federal privacy statute that protects personal information held by both the public sector and the private sector. The Privacy Act of 1974 protects the privacy of personal information collected by the federal government.
The private sector's collection and disclosure of personal information has been addressed by Congress on a sector-by-sector basis and/or that focus on particular types of information. These federal laws include the:
- Cable Communications Policy Act of 1984
- CAN-SPAM Act
- Children's Online Privacy Protection Act (COPPA)
- Computer Matching and Privacy Protection Act of 1988
- Driver's Privacy Protection Act of 1994
- Electronic Communications Privacy Act of 1986 (ECPA)
- Employee Polygraph Protection Act of 1988
- Fair and Accurate Credit Transactions Act (FACTA)
- Fair Credit Reporting Act of 1970 (FCRA)
- Family Educational Rights and Privacy Act of 1974
- Gramm-Leach-Bliley Act of 1999 (GLB)
- Health Insurance Portability and Accountability Act (HIPPA)
- Identity Theft and Assumption Deterrence Act of 1998
- Privacy Protection Act of 1980
- Telephone Consumer Protection Act
- Video Voyeurism Prevention Act of 2004
- Video Privacy Protection Act
- Horst Feistel, "Cryptography and Computer Privacy," Scientific American (May 1973).
- Conducting Privacy Impact Assessments Code of Practice, at 5.
- Alan Westin, Privacy and Freedom 7 (1976). See also Alan Westin, The Equifax Report on Consumers in the Information Age XVIII (1990).
- Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
- Report of the National Task Force on Privacy, Technology, and Criminal Justice Information, at 10.
- Options for Promoting Privacy on the National Information Infrastructure
- Report of the National Task Force on Privacy, Technology, and Criminal Justice Information