December 17, 2007

Information Privacy and Enterprise Architecture

The Privacy Act of 1974 states: “no agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.” However, there are certain exception for statistical, archival, and law enforcement purposes.

What is privacy?

In MIT Technology Review, “The Talk of The Town: You—Rethinking Privacy In an Immodest Age” (November/December 2007), by Mark Williams, the author states Columbia University professor emeritus of public law Alan F. Westin defines privacy as, ‘the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.’”

Do we have privacy?

Already in 1999, Sun Microsystems chairman Scott ­McNealy stated, “You have zero privacy anyway. Get over it.

These days, there is no illusion of privacy, as young people routinely put their biographical details and images online at a myriad of social-networking websites. Moreover, “kids casually accept that the record of their lives could be Googled by anyone at any time…some even considered their elders' expectations about privacy to be a weird, old-fogey thing--a narcissistic hang-up.”

Privacy is certainly not an absolute, especially since we need to balance the right to privacy against the first amendment guarantee of free speech. However, when people think their rights to privacy has been abused they have recourse to tort, defamation, and privacy law.

EA’s role in privacy:

User-centric EA supports the Investment Review Board selection, prioritization, and funding of new IT investments with architecture reviews and assessments; these EA reviews include a detailed appraisal of everything in the “information” perspective, including information management, sharing, accessibility, assurance, records, and of course privacy issues.

Furthermore, more detailed privacy impact assessments (PIAs) must be conducted, according to the the E-Government Act of 2002, “when developing or procuring IT systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public.”

Although Generation Y does not particularly seem to value their privacy as you'd expect, EA, along with the privacy officer and the chief information security officer, plays a critical role in monitoring and ensuring the privacy of information managed by the enterprise.

No comments: