Privacy
When designing ICT systems designers must remember that privacy is a fundamental human right for everybody. Here in the UK, Article 8 of the Human Rights Act 1998 deals with the right to privacy. Nearly every country in the world includes a right of privacy in its constitution.
Designers must also think of the privacy aspects. These include the two following separate but related concepts:
- Information privacy, which involves the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records. It is also known as "data protection";
- Privacy of communications, which covers the security and privacy of mail, telephones, e-mail and other forms of communication
Designers must also consider that privacy requirements will differ for different impairments and in different circumstances.
When using a public access terminal, privacy issues arise when:
Locating and accessing the terminal
Where queuing is likely, consideration
should be given to some non-obstructive method of queue control such as
variation in colour of flooring or pavement. The system should maintain
privacy and security for the user;
Operating instructions
If audio output is used to provide private
information to the user, then it should be through a telephone handset
located at the terminal or through a headset connected through a standard
mini jack to the terminal; however, it is essential that the position
of the jack socket is standardised. If a handset is provided, inductive
coupling and amplification should also be incorporated.
Non-confidential information can be output on a loudspeaker, but the volume should be a function of the ambient noise level;
Touchscreens
Information, which is sensitive and private to the cardholder, should
not be visible to any other person; screen filters improve privacy but
often at the expense of visual quality. However, the user may wish to
display information with large character size, but they should be made
aware of the privacy problem.
Card and biometric identification systems can also raise privacy concerns:
Contactless smart cards are activated when in the range of the device.
There are privacy implications with this form of card and problems when
multiple cards or multiple systems are in close proximity eg. a person
with a contactless bank card walks past an ATM whilst someone is using
it - to whom does the machine respond?
In difference circumstances, a different degree of privacy will be appropriate.
Identification of the user may be necessary especially if used as an electronic
purse. Biometrics can enable this.
However, depending on cultural background, some users will feel that some biometric systems are a threat to their privacy or unacceptable for some other reason. Therefore designers should be sensitive to these aspects, otherwise consumers could decline to use the services.
With the introduction of electronic voting there is not only the privacy concern of using the electronic voting machine there is also the concern of what happens to the vote once it has been cast.
Voters expect their votes to be private and for no-one to know how they have cast their votes. Not only should voters be assured of privacy for their own peace of mind, but privacy should also be enforced to ensure that the voter has no means of proving to a third party which way they voted.
Unsupervised electronic voting introduces a number of problems into notions of privacy. Privacy is harder to ensure when voters are casting their votes in their own homes or in unsupervised public places.
With this advent of information technology, interest in the right of privacy has greatly increased. The potential of powerful computer systems has prompted demands for specific rules governing the collection and handling of personal information.
In many countries, the privacy concept has been fused with data protection, which interprets privacy in terms of management of personal information.
The expression of data protection in various laws varies. All require
that personal information must be:
- obtained fairly and lawfully
- used only for the original specified purpose
- adequate, relevant and not excessive to purpose
- accurate and up to date
- accessible to the subject
- kept secure
- destroyed after its purpose is completed
As well as keeping in the mind the above points, an ICT system designer should finally remember that unless a user feels that what he believes to be private is private, he or she will not make use of ICT based services.
Further information:
- Privacy Online: OECD Guidance on Policy and Practice
- Best Practice Manual (Part 1). eEurope Smart Card Charter Trailblazer 8 - User Requirements group, March 2003
- User Requirements for Cardholder Identification, Authentication and Digital Signatures. eEurope Smart Card Charter Trailblazer 8 - User Requirements group, 2002
- General model for a Privacy Code of conduct for interoperable smart card systems (Part 2) eEurope 2002 Smart Card Charter Trailblazer 8 - User Requirements group, March 2003
- Human Rights Act 1998
- The Liberty Guide to Human Rights - The Right to Privacy
- Privacy & Human Rights 2003 - An international survey of privacy laws and developments
- Access Prohibited? Information for Designers of Public Access Terminals
- Implementing electronic voting in the UK. Local Governement Association, May 2002
- Interactive Digital Television Services for People with Low Vision
- Light R. Civil Rights Law and Disabled People. Disability Awareness in Action, Resource Kit No.7, 2000
- Casserley C. Towards inclusion - civil rights for disabled people. New Beacon, June 2001, 85 (998), 34 - 36