One of the most famous recent quotes about privacy comes from Scott McNealy, president of Sun Microsystems. Not too long ago, he said, “You have zero privacy. Get over it.”
Is McNealy right? You surely expect me to disagree, and I will. I want to take issue with him on two levels.
First, is it really true that people no longer have any privacy? We know that more information about more individuals is maintained by more third-party record keepers than ever before. A good deal of this information can be used or obtained legally with diligent effort and enough money. Even more can be acquired by those willing to pay a bribe or violate a law.
But a great deal of effort and expense is required to collect all that data. The cost and trouble of collection provide some privacy protection. Further, no matter how hard you work, there is much information that cannot be acquired without a great deal of illegal or coercive activity. People retain a zone of privacy that remains beyond the reach of the great American marketing and information industries. Granted, that zone is shrinking, but it is there and it is sizable.
It is also likely that we know less about our neighbors than at any time in the past. Do you know the names of your neighbors? Do you know where they work, their financial status, hobbies, extended families? If you are like many urban Americans, you probably know little about the people who live near you. Modern life allows us to go about our business with a great deal of anonymity from people we see regularly. The institutional trail created by credit cards and frequent shopper programs may be greater, but the personal trail is often fainter.
We also have more legal protections for privacy today than ever before. The Fair Credit Reporting Act was the first modern privacy law, and it has been joined by laws and rules providing protections for records maintained by schools, federal agencies, financial institutions, telecommunications companies, healthcare providers and payers, and others. You could just as easily cite all the laws passed in the past 30 years and argue that we have more privacy today than ever before.
My second objection is a definitional one. I don’t know what McNealy means by the word privacy, and I don’t think that he knows, either. Many negative things can be said about the state of privacy today, and I have said some of them in this space. If his point was that personal privacy is seriously threatened today, I won’t quibble. That isn’t, however, what he said.
Privacy means more than how much information about you is maintained somewhere or who has access to it. Even if much personal information is maintained by institutions, and even if they can lawfully use and disclose it for a variety of purposes, it is still possible for an individual to have a measure of privacy. How can this be so?
If you are a regular reader, you should be able to guess that I am going to talk about fair information practices, or FIP. Privacy is not just a matter of use and disclosure. It is difficult to discuss the elements of privacy without considering FIP. Most privacy laws around the world are implementations of FIP.
So is access and correction. People also have greater rights of access to information about themselves maintained by others than in the past. The right to correct records often goes along with the right to see records. Access and correction rights for personal records are by no means universal, but the rights are increasingly common.
Record keepers are increasingly paying attention to their collection practices. Organizations engage in pretext calling to collect data at their own peril today. State and federal agencies have gone after organizations that engage in unsavory collection activities.
Another more widely recognized privacy principle is security. Record keepers have many reasons to worry about the security of their personal data. Each story about a hacker who obtains access to the credit card numbers for customers of Internet companies brings more attention to the vulnerability of any company that does not adequately protect its database. We have a long way to go on the security front, but we have better tools and increased awareness of the problem.
We are also doing better on the accountability front, another FIP. Some companies are more willing to consider privacy complaints. We have some privacy dispute resolution services, and federal and state agencies sometimes investigate privacy complaints and bring lawsuits. The other new element is the willingness of trial lawyers to file class action suits. Many privacy lawsuits have been brought, and they are changing the privacy landscape.
So do we have zero privacy? Hardly. Do we have enough privacy? That is a different question entirely.