Privacy

Privacy is an important part of social interaction, and
security.
In this post, I discuss what privacy is, privacy in
GroupServer,
and laws about privacy.

I should be able to define privacy, as
I am the Privacy Officer for
OnlineGroups.Net
— but I find privacy hard to define.
Thankfully, I am not alone: the New Zealand Law Commision’s paper,
A
Conceptual Approach to Privacy
,
spends many pages discussing how hard privacy is to define.

The paper’s author, Mark Hickford, concludes
that privacy is a sub-category of two interconnected values: autonomy
and respect.
These values apply to aspects of your life (both social and
information) that you expect to have control.
This definition is nice, but not useful when you are trying to write
software.

However, it is easy to know when privacy has been breached.
I quite like Solove’s taxonomy of privacy breaches, which I quote from
Hickford.

  • Collection,
  • Processing,
  • Dissemination, and
  • Invasion.

We constantly think about privacy when coding GroupServer.
For example, GroupServer requires that the user authorises the creation
of an account — otherwise a collection breach could occur.
When presenting aggregate information about a group (such as
posting
statistics
)
we have to ensure that individuals cannot be identified, and that
the data is only used for the purpose that it was intended —
to avoid a processing breach.
(Preventing
processing breaches

is not easy.)
Security is important to prevent dissemination breaches, and for that
we rely heavily on Zope.
Finally, we have to ensure that a user controls the
email addresses he or she claims to, so we do not invade the privacy
of others.
(Email address verification in GroupServer is not right yet, but
we are in the
process of improving it
.)

Ensuring privacy can put us (mostly me) into conflict
with administrators.
The conflict usually comes from good intentions, such as administrators
who want to add users to groups without the annoying verification step.
If the user does not consent to joining a group, a collection breach
can occur.
To gain consent, and prevent a breach, GroupServer sends out a
verification email that the user responds to.
Unfortunately, messages get caught by spam filters, or the
user simply ignores the message.
This normally leads to unhappy administrators, and users.
We cannot sacrifice privacy, so we work on
making
GroupServer more usable,

so these sorts of problems do not occur.

There is hope that privacy laws will become standardised.
OnlineGroups.Net must follow the
New
Zealand Privacy Act (1993)
,
which is based on
The OECD
Guidelines on the Protection of Privacy and Transborder Flows of
Personal Data
.
Other countries, such as
United Kingdom,
Australia,
and
Canada,
also follow the principals in the OECD document.
Even the United States of America has the
Safe Harbour
system, which follows the same privacy principals.

Privacy is not just a good idea, it’s the law; I pledge to constantly
uphold the user’s right to privacy.

Leave a Reply

You must be logged in to post a comment.