Privacy is one of the hallmarks of being an American. We’ve always valued our family life, our financial life and our personal choices in everything from shopping habits to educational records to use of the Internet. Unfortunately, our personal information is not so personal anymore.
On the bright side, marketing research firms collect information about the cars we buy, cell phone choices we make, computers we use and many other decisions we’ve made when we shop in stores or online. On the grim side, our records are accessible in many ways, even when we have taken measures to keep things under the covers (literally or figuratively). Hackers and thieves are able to access our personal information and engage in identity theft.
Recently, WMBD-TV aired an investigative report about problems with public access to personal information at the McLean County Recorder’s office. That government department keeps track of real estate transactions—records which are based on financial and personal information of all property owners. WMBD reported that all it took was 60 seconds on the web, a few simple clicks of the mouse, to gain free access to personal information (Social Security numbers, financial information and entire copies of mortgage filings).
The McLean County Recorder is neither the only unit of government nor the only business with public access to citizen or customer records. There have been stories in the past couple of years about academic institutions with easily accessible records of alumni and current students, employers with employee records available for viewing and credit card vendors who seem to put cardholder records on display to be seen and stolen.
We’re not talking about phishers who send emails trying to pry ID numbers and credit card information via email to random addresses—or about blatant identity thieves who worm their way into our records. We’re talking about government agencies and businesses who don’t always take individuals’ privacy seriously.
Database management is quite complex, and there are many layers of information on every customer or user, corporate or personal. Some of the risk we run in our transactions comes from the transmission
of information and some of it from storage. Corporate and governmental data holders often do understand that privacy regarding personal records and information is a legal and ethical issue. They are not permitted to invade our privacy and they understand that limitation.
At the same time, personal information is not always protected properly. There are holes in data management and communication methods. To repair these holes takes substantial effort, intelligence and money. Many records are tied into other systems based in other companies, retailers and governments or in third-party transaction providers. Often the problem does not lie between those who hold the information and those whose information is held, but computer software and outsiders.
We can understand that something very unethical (and illegal) occurs when property is stolen. That’s a very tangible violation of privacy. You’ve taken my things. We also can understand that it is unethical and illegal to “cross the threshold” when it comes to marriage and family life, and to violate privacy when it comes to our personal history and preferences (unless we agree to that). When information was more tangible, we could insist that it be protected in locked filing cabinets and not shared without our authorization and approval. But intangible information stored in databases in the form of bytes is much harder to get our arms around. It is our information, to be sure, but it is part of a database we do not understand, cannot design and have very little say about.
I increasingly receive plainly-worded pamphlets from my bank, credit card companies, academic institutions and medical providers that detail how my privacy is protected and that information about me cannot be shared without my authorization. That’s welcome assurance. But data becomes public on the front end of a business transaction when information is recorded about me and my decision-making.
Businesses, governments, academic institutions and other entities owe it to customers and clients to protect all information unless legally required to disclose it (usually with our approval). Even more, it is ethically essential to do everything possible to safeguard sensitive information. Our personal data may be one of the last things that really is ours to safeguard, and we need to be aware of the ethical dilemmas businesses face. They need to know many things about us for many reasons, but the ethical glue here is that information, while intangible, is at the heart of doing business. We need to strive to protect it. IBI