Skip to main content

Currently Skimming:

Part III Privacy in Context, 6 Privacy and Organizations
Pages 175-208

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 175...
... What this quick look at various sectors of society makes clear is that it is often not the gathering of information itself that is perceived as a violation of privacy, but rather a specific use of that information. In addition, a number of generic questions are suggested by the privacy issues these domains raise, questions that set the stage for a more detailed analysis of three important sectors: health care, libraries, and law enforcement and national security.
From page 176...
... addresses the long tradition of sensitivity to privacy issues in the library community. In addition, the library community has been an early adopter of information technology as a way of furthering its mission, and thus the impacts of technological change have manifested themselves very clearly in the library context.
From page 177...
... Whether those organizations are for-profit corporations, educational institutions, media and content providers, or notfor-profit organizations, they all gather, store, and use information about their customers, users, and clients. This chapter presents a brief overview of several institutional sectors and their use of information and information technology particularly as that use relates to the privacy of the individuals involved.
From page 178...
... At the same time, the personal information collected about customers can be used for many different purposes, and information that was initially gathered for a benign purpose can be used in different ways for other purposes -- sometimes with undesirable or inappropriate results. For example, information gathered to study the correlations between the financial well-being of residents and their place of residence can be used for redlining by lenders, that is, denying financial services to people based solely on the shared attribute of where they live, rather than a full consideration of their individual situation.
From page 179...
... And, in many instances, a new use for information occurs simply because a clever individual or an innovative organization discovers or invents a way that information already collected and on 2 The "fine print" of published privacy policies is a well-known issue. Many privacy policies are written in a way that requires college-level reading scores to interpret.
From page 180...
... Consider the issue of privacy as it relates to businesses and the behavior of their Internet customers. Using the anchoring vignette approach, a possible survey question might be, How much priacy [do you/does "Name"]
From page 181...
... [Jane's] employer keeps lists of every Web site visited by each 4Additional discussion of privacy issues related to worker surveillance can be found in Mark Jeffery, ed., "Information Technology and Workers' Privacy," Comparatie Labor Law and Policy Journal 23(4)
From page 182...
... To the extent that businesses and other organizations see fit to develop and implement privacy policies, these policies to varying degrees are informed by the principles of fair information practice described in Section 1.5.4. Fair information practices were originally developed in a context of government use of information, but over the past 30 years, they
From page 183...
... 6.2 EDUCATION AND ACADEMIC RESEARCH INSTITUTIONS 6.2.1 Student Information Collected for Administrative Purposes Educational institutions at all levels maintain enormous quantities of information about their students. Indeed, school children often learn that information about them is being kept and accumulated in a "permanent record" that potentially follows them throughout life.
From page 184...
... As more and more educational institutions begin using access control mechanisms for entry to their facilities, even the location of individual students will become more traceable at various levels of granularity -- and information about who entered and left a given location in a given time window could facilitate the identification of social networks. Much of the academic information about students is subject to the protection of the Family Educational Rights and Privacy Act (FERPA)
From page 185...
... The desire to provide secure but accessible online services that would simplify the application process for students and allow ready access for those within the educational institutions to the submitted material led to a situation in which the security of the overall system could be compromised. Similar worries have arisen over other systems used by educational institutions, whether they have to do with applications, current students, or alumni.
From page 186...
...  ENGAGING PRIVACY AND INFORMATION TECHNOLOGY IN A DIGITAL AGE BOX 6.1 A Case Study in the Ethics of Privacy The discovery, reaction, and counter-reaction to the 2005 compromise of infor mation in records for several universities' business-school admissions add up to an interesting case study in the area of privacy, technology, and education. A number of business schools subscribed to a service that allowed a single admissions dossier to be shared among the schools, which is a convenience for the students applying to these schools.
From page 187...
... 6.2.2 Personal Information Collected for Research Purposes Along with all of the information gathered and stored concerning potential, current, and future students, educational institutions involved in research gather and store large amounts of data as part of that research. Some of this information (especially in the social sciences)
From page 188...
... The amount, sensitivity, and importance of this information have long been known. The financial sector was one of the first to be subject to broad-ranging privacy legislation with the passage of the Fair Credit Reporting Act of 1970, and many of the considerations cited in the landmark study Records, Computers, and the Rights of Citizens originated in concerns regarding the gathering and use of financial information.9 Many of these regulations have as their main goal ensuring that the information gathered and used by these institutions is accurate.
From page 189...
... For example, information gathered to determine the risk of offering loan or credit services could be used to market other, unrelated services to particularly creditworthy customers, such as additional credit cards or lines of credit. Payment records indicating international travel could be used to market travel insurance or loss protection.
From page 190...
... This could be an indication of a lack of interest in blocking such sharing, or it could be an indication of the complexity of the mechanism created by the law for making such a choice. The exercise of formulating these notices, however, has arguably forced financial institutions to review their privacy policies and data-handling practices in a way that they otherwise would not have done, and thus reduced the likelihood of egregious privacy practices that might have slipped through the cracks.
From page 191...
... At the same time, criminal elements often interact with financial institutions, and law enforcement authorities have found financial information to be of enormous value in apprehending and prosecuting criminals. Thus, a number of laws enable law enforcement agencies to obtain personal financial information under appropriately authorized circumstances.
From page 192...
... goes to a drugstore to buy film, which was advertised to be on sale. He finds out at the store that in order to receive the discount, he must apply for a courtesy card, which entails an application requiring home address, work, and marital status.
From page 193...
... However, the existence of this practice does not negate the potential privacy concerns raised by customer loyalty cards in the first place. Although even a customer with a loyalty card can request that the register card be used, the customer must know about that option to exercise it, and it is not accidental that there is generally no sign at the register indicating that customers may use the register card.
From page 194...
... Their use is not currently widespread, but both the Department of Defense and WalMart have active plans for deploying the technology in the near future. Privacy advocates have argued that RFID tags will allow anyone with a reader to determine all of the items carried or worn by an individual, and would allow someone with a reader to take a complete inventory of the contents of a house from outside the house.
From page 195...
... Although few people object to the use of RFID tags in retail stores before an item becomes the property of the consumer, post-sale privacy concerns have been raised regarding just such scenarios. As in the case of the Amazon.com book recommender systems, targeted marketing can be considered a benefit to the willing consumer or an intrusion to the unwilling consumer.
From page 196...
... Unlike search engine companies, which index information about individual users as a by-product of the overall indexing of the World Wide Web, the main business of data aggregation companies is the gathering and indexing of information about individuals, and the amount of information that can be gathered in the ways described above is staggering. And the more information acquired concerning an individual, the more valuable the services data aggregators can provide.
From page 197...
... Perhaps a greater concern is the fact that many of the activities of these companies are not clearly covered by the laws and regulations that cover financial institutions, such as the Fair Credit Reporting Act. Unless they are in fact covered by such laws and regulations, there is no requirement that the companies make known to individuals information gathered about them, nor are individuals guaranteed by law a means for challenging, changing, correcting, or amending that information.
From page 198...
... 19 For example, Hoofnagle found that law enforcement authorities can quickly obtain a broad array of personal information about individuals from data aggregation companies. Indeed, in 2004, ChoicePoint had designed a Web site, www.cpgov.com, as a one-stop shopping point for obtaining a compilation of personal information on almost any adult (Chris Jay Hoofnagle, "Big Brother's Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement," Uniersity of North Carolina Journal of International Law & Commercial Regulation 29:595, 2004)
From page 199...
... . The www.cpgov.com Web site notes that the ChoicePoint Online public records interface is no longer available and directs users to the new site, www.atxp.com, with instant access to "ChoicePoint's Premier Web-based investigative information solution, AutoTrackXP®." The site further notes that AutoTrackXP "provides the extensive public record content you are accustomed to obtaining through ChoicePoint Online."
From page 200...
... Credit card information, for example, is often stored to allow ease of contribution in the future, or private financial information is stored over time to enable automatic payments from bank accounts. At times the information acquired by noncommercial entities about their members or contributors is even more sensitive than that kept by for-profit businesses.
From page 201...
... Further, such organizations are often resource constrained, and thus unable or unwilling to invest in a security infrastructure that will protect from acquisition by third parties the information they have gathered. The combination of the information gathered and the weaker security found in many noncommercial undertakings makes them lucrative targets for those gathering information needed for identity theft, or for observation for political purposes, although to the committee's knowledge such things have happened only rarely, if at all.
From page 202...
... Using the anchoring vignette approach, a possible survey question might be, How much priacy [do you/does "Name"] hae from the media?
From page 203...
... The privacy concern, which is discussed more fully in Chapter 8, is that ensuring such control means that the content owner will be able to trace what content a person buys, what devices are used to view or listen to the content, how often the content is accessed, what parts the user finds most interesting, and perhaps even where the content is accessed, all in a manner that is entirely impossible with traditional media. There is also the worry that information gathered in the name of protecting intellectual property will in fact be repurposed to other ends, since that information will be gathered and owned by the companies producing the content.
From page 204...
... are often useful and appropriate for statistical purposes, as when patterns of Food Stamp applications are used to trace the effects of program changes. In contrast, data collected for research and statistical purposes are inappropriate for administrative uses, and privacy concerns can arise if data subjects worry that their provision of data intended for statistical purposes might be used administratively.
From page 205...
... Other organizations, such as retail businesses merchants, data aggregation services, and noncommercial groups, are not so clearly identified with privacy issues, either in the public eye or through regulation, but are beginning to be seen as gathering many of the same kinds of information and of having many of the same vulnerabilities that can lead to concerns about privacy. This brief examination of a variety of privacy issues centering on institutions and organizations makes it clear that the interaction of information technology and privacy is not an issue in only some isolated areas
From page 206...
... Although some situations (such as the use of RFID tags) have attracted public attention, others (such as the aggregation of information in data services such as ChoicePoint)
From page 207...
... Abstracting across the domains outlined in Sections 6.2 to 6.8, a number of generic questions are suggested by the privacy issues these domains raise (Box 6.3)
From page 208...
... Furthermore, their applicability will vary depending on perceptions of crisis and across contexts (e.g., public health, law enforcement, and national security may involve exemptions that would be inappropriate for the private sector or individuals)


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.