Information and Identity Governance – Privacy

 

What is privacy, who wants it and needs it

Identity is often treated as the converse of privacy, leading to tensions which vary according to cultural and social expectations. Privacy is closely linked to (personal) Data Protection, which has been the focus of many different laws worldwide.

Questions to consider

  • Priority v social cohesion - 4. Do views on the priority for personal privacy as opposed to social cohesion differ?

a. If so, how and why (e.g. cultural, social or economic background or personal circumstance)?

b. Are these views changing over time, possibly after experience of the on-line world?

c. What is different about the on-line world?

  • Trusted third parties - 5. Who is trusted by whom to provide or verify digital identities and/or look after personal data that might be used to support impersonation?

a. How do these principles apply when identity is extended from people to devices, organisations, software, web services, data?

b. How do these principles apply when identity is extended into cloud-based services? Where there are different requirements to manage the identities of the cloud provider, the service provider, the application administrators and the end users?

c. Are identity systems scalable? Is it possible to have a few master Identity Management systems that are trusted by all or will every organisation insist on having their own? What are the legal (liability) and social implications of centralised identity management?

  • 6. Choice and consent - What is informed choice and informed consent? Does this change according to time/circumstance? Who can be trusted to ensure/record that choice was given, changed or revoked? Can consent be revoked?
  • 7. Privacy or primacy - Evidence from Facebook can be understood as indicating that users are less concerned about privacy, than primacy - the ability to be in control of their personal information and what happens to it. Does this mean that the focus of Data Protection legislation should be changed? What are the results from trials of "User Managed Access" systems?
  • 8. Privacy v national interest - How do you maintain the balance between privacy and (national) security, preventing misuse of claims of access to personal information for security and use of privacy to hide malicious activity and evade prosecution?