Saturday, May 19, 2007

New book on Privacy and Technology

There is a recent book published by the National Academies Press entitled Engaging Privacy and Information Technology in a Digital Age:

Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundary less options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and government agencies may present new ways to compromise privacy, and e-commerce and technologies that make a wide range of personal information available to anyone with a Web browser only begin to hint at the possibilities for inappropriate or unwarranted intrusion into our personal lives. Engaging Privacy and Information Technology in a Digital Age presents a comprehensive and multidisciplinary examination of privacy in the information age. It explores such important concepts as how the threats to privacy evolving, how can privacy be protected and how society can balance the interests of individuals, businesses and government in ways that omote privacy reasonably and effectively? This book seeks to raise awareness of the web of connectedness among the actions one takes and the privacy policies that are enacted, and provides a variety of tools and concepts with which debates over privacy can be more fruitfully engaged. Engaging Privacy and Information Technology in a Digital Age focuses on three major components affecting notions, perceptions, and expectations of privacy: technological change, societal shifts, and circumstantial discontinuities. This book will be of special interest to anyone interested in understanding why privacy issues are often so intractable.

The book is fairly lengthy, but a number of recommendations have been made including the establishment of a privacy commissioner. Here is a short extract from the executive summary, but worth reading the actual book:

Individuals can take a number of steps to enhance the privacy of their personal information and to become better informed about the extent to which their privacy has been compromised, although the effectiveness ofthese measures is bound to be limited. The committee thus recommends that if policy choices require that individuals shoulder the burden of protecting their own privacy, law and regulation should support theindividual in doing so. Firms and other organizations can design and implement self-regulatory regimes for protecting the privacy of the personal informationthey collect. Self-regulation is limited as a method for ensuring privacy,although it nevertheless offers protections that would not otherwise beavailable to the public. The committee offers a number of concrete recommendations to enhance the effectiveness of privacy policies. Specifically, organizations with self-regulatory privacy policies should take both technical and administrative measures to ensure their enforcement, routinely test whether their stated privacy policies are being fully implemented, produce privacy impact assessments when they are appropriate, strengthen their privacy policy by establishing a mechanism forrecourse if an individual or a group believes that they have been treated in a manner inconsistent with an organization’s stated policy, and establish an institutional advocate for privacy. The committee found that governmental bodies have important roles to play in protecting the privacy of individuals and or groups and in ensuring that decisions concerning privacy are made in an informedfashion. However, the U.S. legal and regulatory framework surrounding privacy is a patchwork that lacks consistent principles or unifying themes. Accordingly, the committee concluded that a less decentralized and moreintegrated approach to privacy policy in the United States could bring agreater degree of coherence to the subject of privacy. Two recommendationsf ollow from this conclusion. First, the committee recommends that the U.S. government should undertake a broad systematic review of national privacy laws and regulations. Second, the committee recommends that government policy makers should respect the spirit of privacy-related law.
See also

No comments: