Ethics, Privacy Law, and the Library

S Conger et al make the claim that “Globally, privacy law is not a settled issue;” (S Conger et al p. 402)  they then go on to show the differences between multiple countries or groups of countries in terms fo privacy law. I would like clarification on this topic, to understand further what they mean.  For instance, the Constitution of the United States was ratified in 1791, and in this document is one of the major underpinnings of privacy rights in the United States.  To quote  the fourth amendment for our discussion here:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” (U.S. Const Amend. IV)

Now, it is evident from the text of the amendment that this limits what the government can do with respect to intrusion on personal privacy, but the importance of this in the context of privacy laws is this: we ought to be secure in our persons, including electronically. So this is an ethical question not a legislative- meaning that we need to address how people act, and not address it as a matter of legislation.  I would argue strongly that new laws will not make people more moral, and what good is a new law if the old one’s are not respected by, and benefit, all members of a society?

The reason I started the post out with this manner is to address the nature of the beast of the online self with respect to privacy.  Each of us should be secure in our persons, and not fear that an ethical breach will occur, because as a society we should trust one another. I know this does not address the transnational/corporate arguments of S Conger et al’s paper, but it all must be viewed in the context of simplicity; it is the idea of personal freedom that ought to be protected.

S Conger et al explore the four different levels of relationships between online parties, or entities. The first level “is the individual with his personal information. The second party is a vendor/provider with whom the first party engages in a transaction to obtain benefits.” (S Conger et al p. 404) The second party can only obtain what the first party gives it, and there is always a limit to what a person is willing to reveal online which reaches different individuals at different times; this can be referred to as “perceived reasonableness of data.” (S Conger et al p. 404) The authors go on to speak of a social construct of personal data transactions “in which the individual gives up some amount of privacy in order to obtain benefits” (S Conger et al p. 405); at many times in the article, S Conger et al speak about the “collective good.” The third level in this dynamic of relationships is within the realm of “data-sharing partners” (S Conger et al p. 406) such as Experian and  governments (mentioned in numerous places within S Conger et al’s article). S Conger et al state that “legally ambiguous methods used by some third parties include pretexting, that is, posing as a customer to obtain information, using spyware to collect data and click streams, and repurposing collected data without permission.” (S Conger et al p. 406) The fourth party described in this relationship of entities is the “illegal entities.” This last list includes: “hackers, thieves, and third party employees who violate company policy.” (S Conger et al p. 406)  The fourth party is what is at the heart of the privacy debate, because it is this group which sows the most seeds of mistrust for which privacy issues must be addressed. For instance “ More than 550 million records including personal identifying information have been breached since 2005 in the USA, while reported global losses add another 200 million records.” (S Conger et al p. 407)  If you haven’t heard of businesses like LifeLock yet, please look into them for your own personal data protection. No system is perfect, but having someone else protect your online identity and privacy may just be worth looking into. (Note: I do not currently, nor have I ever worked for LifeLock.)

S Conger et al proceed to discuss four emerging technologies and their impact on personal information privacy: GPS, RFID, Smart motes, and bio-organisms (the links go to articles I found pertaining to the selected topic). “Characteristics of the emerging technologies that pose threats to privacy relate to their ubiquity, invisibility, invasiveness, collectability of heretofore uncollectible information, programmability and wireless network accessibility.” (S Conger et al p. 409)

It is hard to extrapolate the real significance of this article for libraries, except that we should be highly in tune with ethical actions and Personal Information Privacy. Within that mindset, libraries must think about such things as user accounts, patron data, Digital Rights Management (Zimerman p. 95), and cloud computing (Bansode and Pujar p. 506).

Do you ever feel like…

Cloud computing provides one of the easiest targtes for the fourth party described by S Conger et al. “Even though there are some concerns in using cloud services such as privacy, security, etc., some of the libraries have already embraced this new technology to run some of their services.” (Bansode and Pujar p. 506)  Bansode and Pujar provide an excellent analysis of different types of cloud computing and cloud computing initiatives which highlight the benefits of various cloud computing services. I would like to look at a disadvantage of cloud computing that they go over in their article: data security and privacy.

“The biggest concerns about cloud computing are security and privacy, especially if the organisations are dealing with sensitive data such as credit card information of customers. If the proper security model is not yet in place, then  the data stored on the cloud is vulnerable to attacks from viruses, theft, etc. In addition to that, since the services are offered over the Internet it is very difficult to assess the physical location of servers and software and security audit is hard to undertake.” (Bansode and Pujar p. 510)

So, what are the roles of information professionals in dealing with the issues and challenges. I think the biggest thing we can take away from this discussion, though it was brief, is that we must be concerned for the other’s data privacy and protection.  As an institution, the library, it is our duty to meet the privacy needs of our patrons and keep them informed of their rights to the best of our ability and understanding. We should also, when optimal, provide information literacy sessions on online privacy, even if it is incorporated into the user’s regular library experience.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s