What is Privacy?
Generally, privacy is the right to be let alone, free from interference or intrusion. We may hear people say "I don't care about privacy because I don't have anything to hide," but that argument misses many important privacy concepts. Privacy is not just about confidentiality, but also about having control over our own domains and knowledge about what is done with those domains. Privacy is integral to free speech, openness in research, and the ethical treatment of individuals and institutional assets. Beyond compliance with laws, privacy is trust! It is a concept closely related to the US Constitutional concept of ordered liberty. This talk, "In Defense of Privacy," explains the importance of privacy to personhood and society.
The University of California Privacy and Information Security Steering Committee Report of January 2013 described privacy as two intertwined concepts of autonomy and information privacy.
- Autonomy is an individual’s ability to conduct activities without concern of or actual observation
- Information privacy is the appropriate protection, use, and dissemination of information about individuals
Another way to think about the various parts of privacy is to split the field into various concepts (domains):
Bodily privacy.
Genetic testing, health research, drug tests, and abortion rights all involve the concept of bodily privacy.
Territorial privacy.
Video surveillance, house and car searches, and physical access restrictions all deal with the concept of territorial privacy.
Communication privacy.
Workplace email monitoring, recording a phone call, and wiretaps all involve the concept of communication privacy.
Data privacy.
Social media, smart phone apps, and educational technology services all have data privacy implications.
Vast amounts of data about individuals are collected and processed every second from millions of sources. This information is routinely used not only to predict behavior, preferences, and status, but also to monitor or manipulate people for gains. As a university that handles the personal data of applicants, students, staff, faculty, research participants, alumni, and the general public, we have an ethical and stewardship responsibility to all of these individuals to treat them and their information with respect.
Privacy Issues on Campus
Any activity that involves human beings has the potential to impact privacy! Below are some examples of university activities with potential privacy implications:
- Posting student grades online
- Writing letters of recommendation
- Using an online classroom discussion forum
- Providing online classes or advising
- Administering a study abroad program
- Reviewing information to identify students in need of assistance (e.g., food or housing insecure, depressed)
- Sharing information between the Student Health Center and other providers
- Analyzing data in support of campus diversity initiatives
- Providing student lists to resource centers
- Using analytics to support learner success
- Recruiting and researching job applicants
- Allowing staff to use their own devices for work
- Storing files in the cloud
- Conducting research involving mobile apps, wearables, or web services
- Studying AI and machine learning using personal data
- Traveling internationally with personal data
- Installing security cameras, biometric access controls, or license plate readers
- Doing donor prospect research
- Maintaining an alumni mailing list and searchable database
- Using wireless signals to detect location activity
- Accessing electronic communications in the course of an investigation
- Maintaining access and location logs
- ...and many more!
What is the relationship between information privacy and data security?
Privacy and security are two interrelated but separate concepts. Information security is concerned with unauthorized activity that causes a loss of confidentiality, integrity, or availability of information or systems (including systems that don't involve personal information). Privacy concerns may arise from unauthorized access, but they can also arise from planned and permissible activity. So, even if information is handled securely, privacy concerns may exist where the use or disclosure of that data impacts individuals.
For example, a social website may handle all information it collects securely, but then use that information to profile individuals, make decisions about the content users will see, and share their information (securely!) with advertising firms.
The Us. Department of Commerce's National Institute of Standards and Technology (NIST) provides a helpful description of the relationship between privacy and security in its publication An Introduction of Privacy Engineering and Risk Management in Federal Systems, NISTIR 8062.