Data-breach reports have tripled in a year yet the protection ofa few remains privileged
PRIVACY HAS two definitions. There is the definition that appliesif you are wealthy, or a celebrity, or a corporation ororganisation, and you wish carefully to protect from the public eyeyour infidelities, personal peccadilloes, ethically questionableactivities, illegal doings or other foibles that might damage yourincome, reputation or bottom line.
Then, there is the definition that applies if you are just anordinary citizen and a bank, an insurance company, an electronicsmanufacturer, a telecommunications company, a law enforcementagency, a government department or other organisation holds or wouldlike to view lots of potentially sensitive information about you.
If you are in the former, elite group, lucky you. You will findyou are entitled to all sorts of perks and privileges when it comesto your special definition of privacy. Your national government maycome up with laws specifically to protect your version of privacy.
Justice systems may invent special protections that mean not onlyis no one allowed to mention whatever it is you or your company issaid to have done, but no one is even allowed to mention that such alegal protection is there in the first place.
Social media and internet companies may, despite publicstatements about valuing their users and freedom and democracy,relinquish information about the people who might have saidsomething annoying about you, your company or your government, thebetter to enable the justice system to get these aggravating peopleoff your back.
If you are in the second group, your privacy is too often acommodity.
Even though there are distinct legal requirements for a citizen'sinformation to be protected in specific ways, companies will ignorethem or implement lacklustre protections and policies. Then theywill say publicly they are shocked, shocked to find 1) theircustomers' personal details and credit card information have beenstolen by hackers; 2) their employees have lost numerous laptops andmemory devices full of unencrypted client or customer information,which has gone who knows where; 3) their lack of strict accesspolicies has meant employees have amused themselves with trawlsthrough people's personal data. Particularly interesting items mayhave been sold to private investigators or to tabloid newspapers.
Governments will enact laws that require years of informationabout you, the citizen, to be stored away, just in case you commit acrime at some distant, future point. In general, governments willignore the recommendations from their own data privacy officials andeven statistics from their own law enforcement agencies, whichindicate that far shorter storage periods for such information aremore than adequate for the occasional court cases that arise.
And governments will work to set up more protections for theprivacy of the first group, through various press commissions and byfailing to modernise defamation laws that already make it almostimpossible for investigative reporting (as our years and years oftribunals in Ireland make clear), much less for anyone to operateeven an internet discussion board without fear of being sued.
The past couple of weeks have certainly highlighted these twodifferent definitions of privacy.
On the one hand, we all learned about so-called"superinjunctions" in Britain that prevented a wealthy Englishfootballer allegedly involved in an extramarital affair from beingnamed. As tens of thousands of Twitter users made clear, the law isa bit of an ass in this regard.
Radio and television talkshows explored every aspect of theissue, often, in a farcical twist, without naming the footballerwhose name everybody already knew.
Meanwhile, Twitter has handed over account information on atleast one of those said to have revealed the superinjunctions.
At least in this particular situation, the UK government hasrecognised that the system needs to change. British prime ministerDavid Cameron told an ITV programme this week: "It's not fair on thenewspapers if all the social media can report this and thenewspapers can't, so the law and the practice has got to catch upwith how people consume media today."
But this is the same government that has - as does our own - someof the most far-reaching laws internationally on retaining citizendata, with some of the weakest protections on the privacy of theaverage citizen.
On the other hand, for tart contrast, one can read the annual2010 report of Ireland's Data Protection Commissioner, Billy Hawkes,published this week (www.dataprotection.ie).
According to the report, the commissioner's office received threetimes as many reports of data breaches this year as last. As thereport states, "Higher levels of awareness and stricter requirementsunder the Security Breach Code of Practice that we issued in Julywill have contributed to the increase. But this does not explain orexcuse a tripling of the number of breach reports to our Office overthe past year."
In the report, as in the news generally over the past year, oneis presented with a roster of data breaches: of companies that admitpersonal information held on their files was hacked into or lost; ofgovernment department and insurance company employees improperlyviewing or selling on files of personal information; and ofincorrect marketing use of data. Once again, the commissioner alsopoints out various concerns with how organisations manage citizendata.
Yet the "privacy" of one celebrity or company is often deemedmore critical than millions and millions of citizen data records.That's an imbalance that is long overdue for proper scrutiny andredress.
No comments:
Post a Comment