- Citizens concerned about their privacy and in particular how this might be being compromised by eCulture social transition
- Those concerned with development of legislative and governance standards
- Professionals that are developing solutions that will utilise in one for or another personal and private information of subscribers or users
- Marketers, advertisers and information analysts that hope to exploit personal information for commercial gain
Information privacy, or data privacy (or data protection), is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.
Privacy concerns exist wherever personally identifiable information or other sensitive information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues can arise in response to information from a wide range of sources, such as:
- Healthcare records
- Criminal justice investigations and proceedings
- Financial institutions and transactions
- Biological traits, such as genetic material
- Residence and geographic records
- Privacy breach
- Location-based service and geolocation
The challenge in data privacy is to share data while protecting personally identifiable information. The fields of data security and information security design and utilise software, hardware and human resources to address this issue.
(Source – Wikipedia Information Privacy)
Privacy and Data Protection
Become primary eCulture concerns as reliance and social dependence on technological services and solutions increase. Developers of services and solutions have to take appropriate measures to ensure adequate provision for protecting user personal information.
Privacy in the eCulture context concerns the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share common themes. When something is private to a person, it usually means that something is inherently special or sensitive to them.
The domain of privacy in the context of eCulture overlaps subject categories such as Data Protection in the legislative form, and Cyber Security in a technical form, both of which feature in discussions and news items concerning Information Governance standards in records management, such as those defined by the International Organization for Standardization (ISO) and other trade and sector specific regulatory bodies, for example:
- ISO 27001 – a standard that sets out how organisations should both manage and control information security risks with the purpose of protecting and preserving the confidentiality, integrity and availability of information assets or ‘documented information’.
- ISO 27002 – this standard “established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization”. The actual controls listed in the standard are intended to address the specific requirements identified via a formal risk assessment.
- ISO 22301 – is about how an organisation understands and prioritizes the threats to their business with the objective of qualifying requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
- ISO 15489-1 – is a new Information and documentation – Records management, standards that focuses on the business principles behind records management and how organisations can establish a framework to enable a comprehensive records management programme.
- Information Governance Toolkit for UK NHS and third sector service providers
Consent is an important feature of any system or solution that proposes to capture and share information that is personal and private ton individual. User of smartphones and social networking systems will most likely have become use to the formality of agreeing to their information being accessed or shared by a new application or feature on their device.
This form of explicit consent however is not a feature of all Internet services, many websites and subsequent web based solutions utilise an implicit form of consent, where their right to use and share information is qualified in their terms of conditions, that re hosted on the website but not necessarily present explicitly for the user to agree to the terms therein during any subscription like process.
As the Internet of Things increases and Wearables, Digital Health, Assisted Living and even Robotic automation devices become more prevalent in our lives, the range of personal and potentially sensitive information about us will also increase, as will the:
- range of locations in which this information is stored and managed across the Internet (world)
- range of options and solutions that individuals will be required to utilise, to manage things like preferences and consent
- range of interested parties wishes to gain access to personal information
- the value of personal information to interested third parties and importantly cyber criminals
It is imperative therefore that where ever possible solutions and service providers should be addressing requirements to:
- ensue that users and subscribers are provider clarity on how their information is managed and used
- demonstrate that personal and sensitive data is managed properly to comply with legislative requirements
- are quick to adopt best practice, standards and new security and protection measures when these become available
- maintain the highest standards throughout their operations
- promptly address matters when something goes wrong
Maybe, given that data is set to become the new major trading commodity, there should be more focus on acknowledging the individual providers of information as being share-holders, and by return offer them a percentage of the revenues made from the trading of their information?
This would serve to both encourage user to share data and create a more explicit information trading market where those that are unable to meet the requirements above are exposed.