Privacy: Ten Things To Know

As we kick off a new year, may we at Taft be the first to wish you a happy Data Privacy Day! Yes, it is a thing. In the spirit of the Day, we thought of sharing ten things you may or may not know about privacy and maybe ways you can protect it better.

1. January 28^th is Data Privacy Day. Why Jan. 28? The date is important because on this date in 1981, the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (say that five times quickly) was introduced for signature by the Council of Europe. The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. The day has been recognized in the United States since 2009, when the House of Representatives unanimously passed a resolution declaring Jan. 28 as "National Privacy Day." (Imagine that: a day when something passed unanimously!) The Senate followed suit in the years after.
2. What is privacy? Privacy is an individual value and the right to choose what personal information you share with whom and to what extent. In his page-turner, Privacy and Freedom, Alan Westin defined privacy as "the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." It is a simple transaction. We disclose, or we keep private.
3. Privacy is an individual, human value. Like any other preference or choice, privacy is a human value that we express broadly and also on a case-by-case basis. A person's value for privacy is as different as their taste in food, music, or clothes. Like all values, the value for privacy can change based on your life experiences. You likely have a different appreciation for privacy today, as an adult, than you did as a teenager. Or, if you have been burned by someone sharing something private with others, you might have a higher sensitivity and value for privacy than someone who has not.
4. Privacy is about "personal information." This may seem obvious, but often people will confuse "confidentiality" with "privacy." While they are related, confidentiality is much broader and can apply to all kinds of information, including trade secrets, business plans, and contracts. Privacy is specifically about individually identifiable information about a person (or "natural person", as the law likes to say.)
5. Privacy is not secrecy. Often when one expresses a value for privacy or wants to exercise a privacy right, they are met with "what do you have to hide?" Such a response suggests that a choice to not share something is a matter of secrecy and not privacy. Secrecy conveys an effort to protect information from disclosure, often in fear of negative consequences of that disclosure (i.e., a criminal act or affair). This is not privacy. People choose to keep information private for a wide range of reasons, and most have nothing to do with hiding a bad deed.
6. Privacy is not security. Like "policies and procedures" and "peas and carrots," privacy is commonly lumped together with security. To be sure, security and privacy are related. However, they are two very different concepts. If privacy is the right to choose when, what and to whom you disclose information, then security is the ability to exercise that choice or control.
   
   Indeed, you can have security without privacy. For example, you can have a locked garage with nothing in it. However, you cannot promise privacy without security. Security is needed as a means to control what, to whom and when something is disclosed.
7. The word "privacy" is not in the U.S. Constitution. That's correct. The word "privacy" does not appear in the Constitution or the Bill of Rights. Yet, we (currently) have a right to privacy under the U.S. Constitution. Why? Well, like a lot of our rights and protections, the U.S. Supreme Court has interpreted the Constitution to provide for many rights that are not explicitly enumerated. Arguably, the right was first established in Griswold v. Connecticut in which the Court struck down a state law banning the use of contraceptives by married couples. The majority held that privacy was necessary to exercise such a right under different amendments including the First, Third, Fourth, Fifth, and Ninth Amendments. In other words, without privacy, one would not have the ability to fully exercise his or her right to free speech, religion, assembly, or rights to be exercised in being afforded due process. Later cases would similarly protect privacy in bodily autonomy, sexual relationships and establishing and maintaining family relationships.
8. "A reasonable expectation of privacy." You may hear this expression all the time, but ever wonder from where it came? Again, we can thank Supreme Court case law. This time the Court was interpreting the 4^th Amendment's protections against unreasonable search and seizure. In Katz v. U.S., the Court established the "reasonable expectation of privacy" test, which stated a "search" occurs when the government violates what would be a person/society's reasonable expectation of privacy.
   
   Examples of such instances in which an expectation of privacy would be reasonable include, but are not limited to:
   – one's body
   – one's home
   – a conversation in a phone booth (remember those?)
   – locked luggage
   – private papers.
   
   This expectation is hardly static. By contrast, in the modern era, sharing information with a "third party" (i.e., cell phone provider or email service provider) can remove a reasonable expectation of privacy.
9. Laws will always lag when it comes to privacy. As with any subject matter, the laws protecting privacy will never be fast enough to provide protections against privacy violations. While laws regulating companies and individuals in how each handle and shares personal information may reduce risk to that information being disclosed or used inappropriately, they will never provide complete protection. Whether technology-based or not, the law simply is a remedy against past harms and will not stop inadvertent disclosures or outright violations from occurring. Lastly, laws are intended to protect the many and not necessarily the rights or interests of the few. Accordingly, even the most comprehensive law(s) may never satisfy your individual value for privacy.
10. You are in the best position to protect your privacy. As with all things, no one will care what matters most to you than YOU. Considering this, and the speed with which data can be collected, processed and shared, the best protection against a disclosure of your personal information against your wishes are the choices you make on a daily basis. Be it through a personal relationship, a device, or a company, you can make choices over whether you chose to trust that relationship and share your personal information or keep it to yourself.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.