In the development of e-Government practices and principles over the years, privacy and security have become key factors to ensure success of online programmes
Privacy and Mobile Technologies:
What Are The Risks?
Ever changing and emerging technologies continue to present challenges to our individual privacy. In a world in which mobile technologies make it possible to be online at any given moment and in any place, day or night can result in privacy breaches. Mobile phones represent a challenge to protecting our individual privacy because they are ubiquitous and now have the capacity to store multiple pieces of data. Security and privacy are primary issues in using mobile phones. Mobile phones are now key technologies in adapting e-Government policies and programmes. Increasingly, public servants and citizens alike walk around with mobiles that contain programmes, addresses, saved text messages and different forms of information, that are equal to the amount of data that can be found on laptop and desktop computers. Ubiquitous access to the Internet, to one’s own computer and other functions are now common by public sector officials and people in the private sector.
Carrying around a mobile has its advantages and its risks. For example, there are many stories in newspapers around the world regarding the theft of millions of pieces of data by cyber thieves. Some of this is a result of hacking. Much of the risk comes from people who leave sensitive government data in their laptops which in turn gets stolen. This is why policies are needed to prevent and protect loss of sensitive or secret government data.
One of the most enduring policy issues is privacy. In the development of e-Government practices and principles over the years, privacy and security have become key factors to ensure success of online programmes. Both of these are important issues due to the changing nature of technologies and the way people react and use these technologies. From an e-Government perspective, in government, the new technologies are invaluable in connecting with citizens. In surveys on e-Government implementation, the issue that came to light was of people wanting assurance regarding safety of their personal information. Beyond privacy there are the security issues on a broader scale, where we are seeing the rise in spam, spyware, ad-aware, phishing, identity fraud and a host of other hacker activities (good or bad) that make people uneasy when going online. Governments who have evolved e-Government and digital strategies have put a lot of emphasis on the importance of security and on ensuring that secure networks are viable.
e-Government is growing at a rapid rate around the world. It is now estimated that 94% of countries in the world have some form of online services. The degree of e-Government programmes varies greatly from country to country. However, it is clear that with e-Government online services there is a need to ensure that a whole series of policy measures are needed. As noted above, one of the essential policies for good governance is privacy laws and security measures to protect individuals who go online to take advantage of online government programmes and services. Privacy and security are essential to ensure the growth of e-Government. Another emerging issue is the importance of technologies that enhance online privacy and ensure that individuals’ personal privacy is protected.
Privacy is important in the minds of individuals and a lack of privacy or security and the possibility that an individual’s personal information might be used for purposes other than what they are providing for, on the online service, can have deleterious effects on an e-Government programme. In a democracy, technologies that inhibit or potentially erode privacy then become important social and legal issues.
One of the essential policies for good governance is privacy laws and security measures to protect individuals who go online to take advantage of online government programmes and services. Privacy and security are essential to ensure the growth of e-Government
Privacy as a Human Value: Why Privacy
Endemic to all privacy laws are a set of fair information practices that set the boundaries for protection of the individual while allowing a certain latitude for organisations to use personal information when necessary and allowed by law. Privacy laws, those who administer them, and a public who value their privacy and speak out when necessary against potential abuses of these laws, are essential. Privacy laws are the walls that protect individuals against a possibly intrusive society. These laws have acted as the barriers against intrusiveness and met, to some degree, the expectations of protection from outside sources using one’s personal information. In our growing surveillance society, the walls between the private and the public are beginning to crumble.
More and more organisations, governments included, now know more about individuals than ever before in history.
In the United States, there is a Federal Privacy Act. All fifty states in the Union have some form of a privacy law. It is the same in Canada with a Privacy Act (1982) in place at the Federal levels and all ten provinces and three territories have some form of privacy legislation. The United Kingdom, Australia and New Zealand follow the same course.
There are now numerous National Privacy or Data Protection (European designation for privacy) laws around the world. These laws are prevalent in North America, Europe, New Zealand and Australia with other countries following to bring in similar laws.
The European Union Directive on Data Protection requires all twenty-seven member countries to have data protection (privacy) laws as a prerequisite to be a member of the Union. These laws are universal in their coverage, dealing with both the public and the private sectors. The Fair Information Principles set out in the Directive are to be enshrined in all the laws enacted by the member countries. One of the clauses found in the Directive states that a member country might prohibit the flow of personal information to another country if the latter does not have an adequate level of privacy protection. This means that individual countries can prohibit the flow of personal information to another country if it is judged that the country to which the information is being sent does not have some form of privacy protection.
There is also the Council of Europe’s Convention on the Protection of Personal Information (1982) and the OECD (Organisation for Economic Co-operation and Development) Guidelines on the Protection of Data (1980). These instruments were originally developed over the concerns about automated information and the power to harm the individual. However, the European Union Directive mandates that both automated and manual files are protected. Europeans see privacy as a human rights issue. Many might argue that it is a non-tariff trade barrier as it could restrict trade practices by disallowing the sending of personal information to other countries without laws and policies to adequately protect such information. However, the essence of all data protection and privacy laws is to protect the individual from having his or her information misused or abused. This has in it elements of making organisations accountable for what they do with personal information which they collect, while also endowing certain rights on the individual who provides the information. The European Commission Directive on Data Protection, in its preamble, stresses that this is a human rights initiative.
Fair Information Practices
The following are the Fair Information Practices recognised in all data protection and privacy laws around the world.
All international conventions, laws, guidelines and policies, essentially incorporate three basic principles, that is:
- The individual has the right to inspect his or her own files kept by an organisation;
- Specific administrative principles setting out the collection, storage and dissemination of information. These principles lay out:
a) how the information shall be collected,
b) how long it shall be stored before being destroyed (usually only seven years),
c) that the information is kept secure and only accessed by authorised users,
d) what the limitations shall be on sharing the information with others,
e) the necessity to use the information only for the purpose for which it was gathered,
f) that the consent of the individual must be gained if the data is to be used for another purpose,
g) the right of the individual to have access to the file (in whatever form) containing the information, to determine its contents and veracity,
h) The right to have false, misleading or erroneous information in the file either deleted or corrected,
i) The right to make a notification in the file if the information is not corrected or deleted, and, under the final principle;
- The individual shall have the right of appeal to a body independent of government, if the individual believes one of the principles has been violated.
One of the more important functions of privacy officials are informing individuals of their rights under their respective laws and identifying emerging trends and issues in society posing privacy threats.
What is all this concern about privacy? What does this mean to cultures where the concept of privacy is very different?
Databases created by public or private sector organisations are usually subject to criticism if the databases in any way contain personal information. Thus, it is important to assess why people are concerned about the possible abuses of their personal information. It is also important to set out how easy it is to collect identifiable information in today’s technological environment.
Databases created by public or private sector organisations are usually subject to criticism if the databases in any way contain personal information. Thus, it is important to assess why people are concerned about the possible abuses of their personal information
The main features regarding privacy laws and citizens are:
- All citizens where countries have privacy legislation have equal privacy rights.
- There are now billions of pieces of information in thousands of databases, floating around the Internet.
- The ‘cookie’ technology can track a person’s behaviour and preferences and computers can now be programmed to ‘talk’ to each other.
- Private sector organisations are using personal information to increasingly market products,
- services and goods but not necessarily getting informed consent from individuals to use their personal information.
- Citizens want the right to be able to consent to the use of their own personal information.
- There is a rising awareness of citizens about the need for deeper protections of their personal information, i.e. taking responsible action to protect one’s own personal information when possible.
- While there are currently many data protection/privacy laws in place, measures are still needed to assure citizens that their personal information is not being abused.
- Educational measures from Offices of Privacy Commissioners and Data Protection Registrars/Commissioners contribute to raising privacy awareness amongst the public.