Work with federal information systems? Responsible for risk management, continuous monitoring, or FISMA compliance? Check out my book: FISMA and the Risk Management Framework.

Tuesday, August 31, 2010

Congressionally legislated privacy may not consider benefits of information sharing

With the addition of yet another privacy bill to the slate of draft legislation pending in Congress, this time in the Senate in the form of the Data Security and Breach Notification Act of 2010 (S. 3742) introduced early this month by Democrats Mark Pryor and John Rockefeller, there clearly remains heightened interest in protecting personal information, even if none of the bills so far has made it very far towards becoming law. While significant attention has been drawn to privacy, especially privacy of information in online contexts, if the current legislation is any indication, federal legislators seem to be emphasizing individual privacy protections at the expense of considering the benefits of information sharing, both to consumers in some settings, and for the success of major initiatives such as health care reform (and data sharing through health information exchange), proposed financial regulatory reform, and ongoing priorities such as anti-terrorism efforts. In an article posted on the Hillicon Valley blog of The Hill, technology publisher Tim O'Reilly expresses concerns that if privacy practices are legislated by Congress, there is a good chance any resulting regulations will err on the side of heavy-handedness, and fail to acknowledge either the benefits to some forms of information disclosure and that fact that many individuals are quite willing to balance privacy against those benefits, particularly if they are afforded some level of control over what personal information is shared and how it is used. In a similar vein, Emory economics professor Paul Rubin offered a list of 10 common misconceptions about privacy in an opinion piece posted by the Wall Street Journal online. In the aggregate Rubin provides an argument for trying to avoid being too restrictive in information disclosure regulations and focusing too much on increasing privacy protections without considering the potential negative impacts of doing so.

No comments:

Post a Comment