@INFO.POLICY

On the road to privacy, expect a bumpy ride

Robert Gellman

If you follow the privacy wars, you may have detected a shift in focus over the last year.

Until recently, the focus of debates on privacy and media coverage was on what the private sector was doing with commercial Web sites'gathering cookie data and so forth. Other aspects of privacy received some attention, but the Net drove the coverage.

I'm now noticing a lot more attention paid to government activities that affect privacy. Privacy and civil liberties advocates have always been concerned about government. After all, with the power to arrest, prosecute and seize, the government is potentially the biggest privacy invader of all.

People have long feared the government's ability to intrude into personal lives, but in the past decade, that fear has become directed at the private sector as well.

It isn't that people mistrust the government any less, but that commercial activities with private data have caused the fear to mushroom. That's why organized privacy advocates have focused so much on the Internet.

Right-wing and libertarian communities have always had strong antigovernment sentiments, but now the right and the left share concerns about privacy. These newer privacy voices concentrate almost exclusively on government invasions of privacy.

Another reason for the focus on government is that the private sector can't stand all the attention and is hoping the public sector will draw some fire.

The government certainly deserves its share of attention. Personally, I don't see much difference between the public and private sectors when it comes to privacy. Each affects people in different and unwelcome ways, and the two sectors pass information back and forth routinely.

Still, some of the attention to government has gotten silly. Last year, Reps. Dick Armey (R-Texas) and Billy Tauzin (R-La.) asked the General Accounting Office to evaluate federal agencies by the Federal Trade Commission's criteria for fair information practices.

The private sector would choke if it had to comply with the Privacy Act of 1974, a collection of fair information practices that apply to federal agencies. By the same token, the FTC criteria, which are incomplete to begin with, are not relevant to federal Web sites. Even the commission commented on the inappropriate use of its criteria.

Armey has taken on federal agencies in other, equally inane ways.

He objected to the Health and Human Services Department's health privacy rules because they enabled HHS to obtain records to enforce those rules.

Armey did not seem bothered by the dozens of other disclosures authorized by the rules. He did not object, for example, to the provision allowing massive disclosure of personal health records to the private sector for marketing. Does Armey think it is better to give health records to junk mailers than to HHS?

Everyone who runs a government computer or data system should be a bit more nervous today. Expect more attacks, political or otherwise, on government activities that affect privacy. The ride will get considerably bumpier.

Robert Gellman is a Washington privacy and information policy consultant. E-mail him at rgellman@cais.com.

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group