I've run across two new books on confidentiality issues that may be of some interest. One is about personal privacy, the traditional subject of this column. The other focuses on corporate secrecy interests, a related confidentiality issue too often ignored by businesses with sensitive information to protect.
Whether you deal with personal or corporate data, one of these books is relevant to your activities.
For a while, I thought that I had found a privacy book that marketers would relish. “Privacy in the Information Age” (Brookings Institution Press) was written by Fred H. Cate, a law professor at Indiana University. It seems that Cate never met a privacy law he liked, an attitude that may resonate among those of you who don't welcome the growing interest in the subject.
Cate's text is quite short (132 pages), and the book is filled out with appendixes and notes. The entire European Union Data Protection Directive is included, and that might be a useful reference, although it is available on the Internet and elsewhere.
The discussion begins with a standard review of the values encompassed by privacy, but Cate has nothing new to offer and he ends up using someone else's definition. He doesn't think much of privacy and he cheerfully repeats objections of privacy critics with no independent analysis of their arguments. He presents First Amendment and other constitutional objections to privacy laws and even suggests, for example, that it may violate the Fifth Amendment for the government to limit the ability of a doctor to disclose a patient's health records. Yet he never applies this analysis to real-world privacy laws and he never explains why no one else has.
Cate makes few attempts to hide his biases. He offers a brief discussion of the European view that privacy is a human right. He then argues that proponents of that view believe that it justifies not just regulation and costs, but “sweeping regulation” and “considerable costs.” He is willing to take any perspective provided that he can be critical of privacy. Having attacked privacy policy for seeking to accomplish too much, he then criticizes privacy laws for being either too balanced or too weak.
Cate is welcome to his point of view. However, he is not entitled to offer sloppy, incomplete research to support it. He misinterprets some laws, overlooks others and provides woefully incomplete historical analysis. Still, I thought his critique of privacy might find a responsive audience among the readers of DM News. That's why I was shocked when Cate himself proposed a new federal privacy law as a solution. His law would be narrower in scope than European-style privacy laws, but it still would be an omnibus, federal privacy law.
This proposal has no apparent constituency. Anyone convinced by Cate's arguments will be surprised that another privacy law is the proposed response. On the other hand, privacy advocates will reject his proposal because it falls far short of international fair information practice standards.
I can recommend the other book without reservation. “Getting and Protecting Competitive Business Information” (Management Concepts Inc.) is a business guide to using the Freedom of Information Act. The federal FOIA is not a great information collection tool for marketers because virtually all personal data in federal files are exempt from disclosure on privacy grounds. But every company is itself the subject of federal records, and business records do not receive the same protection under the FOIA that personal records do. The book's focus is on protecting corporate records from disclosure. Anyone may try to use the FOIA to accumulate information on businesses for any purpose. Users may include competitors, investigative reporters, analysts or Wall Street predators.
A company can protect its own confidentiality interests by preventing others from obtaining information from federal and state agencies. The book clearly describes the tools available to protect a company's information.
The authors are three heavyweights from the FOIA world. Burt Braverman is perhaps the premier litigator for business information interests. He won a major Supreme Court FOIA case on access to business records. His co-author and colleague, Frances Chetwynd, also is an experienced FOIA lawyer and co-author (with Braverman) of a FOIA legal treatise. The third author is Harry Hammitt, editor of Access Reports, an FOIA newsletter, and a leading authority on FOIA law, history and policy.
Perhaps surprisingly, this book isn't directed at lawyers. The authors seek a more general corporate audience. The FOIA is an arcane statute, with thousands of court decisions relevant to understanding the details. The book manages to discuss basic business concerns about the FOIA without being overly legalistic. A corporate generalist, strategist and even lawyer can readily acquire a basic understanding of the FOIA in the context of business information.
FOIA protection tools allow a company to protect its own sensitive business information. More intriguingly, they allow a company to learn when someone else is collecting information about it. Watching other people watch you can be a source of intelligence. Further, a business requester can not only learn more about other businesses, it also can find out how agencies conduct their own operations. The FOIA can be both a sword and a shield in the hands of a knowledgeable business.
The government probably has more sensitive information about your company than you realize. If you want to learn what you can do to protect your confidentiality interests, read this book.
Robert Gellman is a Washington-based privacy and information policy consultant and former chief counsel to the House subcommittee on information, justice, transportation and agriculture. His e-mail address is [email protected].
