I liked Bob Blakey’s recent article on privacy, along with the paper he and Ian Glazer published. One direction that might need some additional coverage at some time is the “privacy of organizations”. Organizational sensitive data (such as trade secrets or classified material) follows a similar pattern of what Bob and Ian are laying out for PII: it is disclosed to a trusted group (as such it would not fall under their definition of secrecy), and a legal instrument (such as a NDA) is used to ensure that this data is not released to non-authorized parties.
In my own world, I have seen privacy and secrecy as very closely related: to some extend, secrecy was to me privacy with a solid logging/auditing system, so that secrecy is really only preserved operationally, and full access to the audit trail would restore the identity (oh dear *that* loaded term again) of all actors. Bob and Ian obviously use a different definition of privacy, which has much stronger implications for the meta-data architecture, including sensitivity markings or IRM controls.
In order to draw a more precise distinction between different concepts of privacy, it might be relevant to examine the origin of the data about me (the data subject):
- The first bucket is data for which I am the originator (source).
- The next bucket is data that someone I interact with directly collects about me, so they are the originator. This may include web server access logs, shopping profiles, etc.
- The final bucket is data that a third party collects about me, without me interacting with them. In many cases they are not the originator of that data, but instead collect other party’s data (including myself). Note that data in this bucket gets particularly interesting when aggregated.
In an ideal world, I (as a person or organization) would have full control over all three buckets, and could determine how the data about me flows. Unfortunately, the world is not ideal. In most cases I can only control the release (!) of data in the first bucket, but once that data is out in the wild, it will inevitably land in the third bucket, which I have least control over. Attempts at controlling that third bucket through regulatory measures are fairly ineffective, as can be seen by the many identity data releases and losses, even in relatively strict privacy regimes.