Privacy

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Privacy

The need for information privacy and protection has sparked some level of dedicated regulation in almost every country around the world. But rules, restrictions, and punitive measures vary from country to country. In the US, the confusion is further compounded by a growing number of state laws deriving chiefly from California SB 1386, as well as several pending federal privacy laws, each with its own definition of sensitive information. In addition, industry regulations, such as HIPAA privacy and security requirements and payment card industry (PCI) security standards put a further onus on companies to stay abreast of ever-changing and increasingly detailed requirements.

Privacy and Security Trade-offs

Privacy and security can be in conflict, requiring trade-offs between the two, or privacy can enhance security. For the collection of taxes it is in the interests of government if one's earnings and income are well known. On the other hand, that same information may be used to select someone or his family as a good target for kidnapping. In these narrow terms, one group's interest is to keep the information private. One of the goals of computer security is confidentiality. Identity theft, for example, is a security problem that is created from a lack of privacy or failure of confidentiality.

Privacy can also have free speech ramifications. In some countries privacy has been used as a tool to suppress free speech. One person's speech can sometimes be considered a violation of another's person's privacy. In various cases the US Supreme Court has ruled that the First Amendment trumps privacy. In Bartnicki v. Vopper, 532 U.S. 514 (2001) Docket Number: 99-1687, US Supreme Court ruled 6-3 that someone cannot be held liable in court for publishing or broadcasting intercepted contents of information, as long as that information is of public concern. Conversely, the Constitutional right to privacy is built in part on the First Amendment.

Census data is another area where such trade-offs become apparent. Accurate data are useful for planning future services (whether commercial or public sector), on the other hand, almost all censuses are released only in a way which does not allow identification of specific individuals. Often this is done by randomly altering the data and directly reducing accuracy.

On the other hand some trade-offs may be regarded as false by some observers. Identity card systems, which may reduce privacy, are often presented as a method of increasing security.

References