got privacy?  Musings on the state of Privacy in a connected world.
 
While many organizations have a strong desire to make their web-sites useable and accessible for as many people as possible, most likely do not realize that this can result in some loss of privacy for users.

Accessibility can work in a number of ways, either through active involvement by a user choosing certain options on the site, or passively without direct user interaction through good site design, color palette selection and similar.  Where active involvement by a user is required, this may be achieved either with them making a conscious choice at the time of using a site, or they may already have made a selection (e.g. choice of browser, screen resolution, use of screen reader) which is communicated to the site at the time of use.  For users with disabilities, the availability of appropriate and useable accessibility options may mean the difference between them being able to use a site, or looking elsewhere.

How this overlaps with privacy may not be immediately obvious.  Privacy refers to the amount of control that we have over our personal information, and how this is shared and used.  On the Internet, Privacy can be taken to mean that you are aware of the information that you are sharing, and this information is used in a way that you are comfortable with until it is destroyed.

Browser Information Leakage
So how can accessibility compromise privacy?  By knowing that a user is visually impaired, and combining that information with other information, for example that they are located in a certain area (from their IP address, or GPS or other location), you could compromise an individual’s privacy.  Research has already indicated that between 63% and 87% of Americans can be uniquely identified by birth date, gender and 5-digit zip code (see here and here for the research and here for some analysis by the Electronic Freedom Foundation).  If you’re not convinced – check out the Panopticlick “browser fingerprinter”, also from the EFF.  When I just tested my browser, its fingerprint was unique amongst nearly 800,000 configurations tested so far. 

Logon Information Leakage
Other accessibility options, such as reading text aloud, may be appropriate for an application being used at home, but may impact privacy if they are used in a location such as a library or a bank lobby, or may not even work if the appropriate hardware is not in place.  Developers must give thought to where a website may be used when developing privacy options, particularly when the website grants access to sensitive information.

How Privacy can impact Accessibility
Restrictions on sharing information about people’s health and health conditions may impact the ability to plan appropriately accessible services for them.  As a result, companies may not have the information that they need to know how to adapt their sites to their user base, reducing their ability to provide accessible information for all.

While none of these issues are insurmountable, the fast evolving fields of Accessibility and Privacy mean that practitioners must be conscious of these areas when designing new applications as in many places there is no standard for managing the overlap of these two fields.

 
 
January 28th is Data Privacy Day.  In a single generation, privacy concerns have shifted from worrying about who can see through your windows to who might be able to see your medical records on the Internet.  Data Privacy Day gives us a chance to reflect on these changes, and to think about what steps we can take to better control personal information and manage our privacy.

The fact is that information, from where you live to how you live, is now available to many companies that you do business with, or in some cases to everyone with an Internet connection.    This disclosure can provide many benefits, from customized offers based on purchase history to a free cup of coffee on your birthday.  Disclosure also carries risks.  Many of us have received notices telling us that our personal information has been lost or stolen, and although most of these instances do not lead to direct harm to us individually, they often cause concern.

Interestingly, the number one privacy concern that most people have is not related to the information that they share. Given the proliferation of social networking and other online activities, people are often comfortable (sometimes too comfortable) when it comes to sharing information in the public (or semi-private) domain.  The real concern for many is how information that has been shared with trusted people or organizations will be managed and protected once is out of our direct control.  Individuals can reduce this risk by limiting what they share, but we also need to take responsibility for holding organizations to their privacy policies and agreements; they are stewards of your information.

So to mark Data Privacy Day, here are 4 simple things that you can do to improve your own privacy:

1.       Think before sharing your personal information.  For example, when a shop asks for your phone number at the checkout ask why they need it.  Usually the request is because they want a number that uniquely identifies you, rather than because they plan to call you.  So, consider declining or just choose a generic number that you can remember.  Similarly, if someone asks for your birthday, then January 1st will often suffice.

2.       Always opt-out.  Unlike Europe, where you need to opt-in to consent to your data being shared, we in the U.S. have to ensure that we opt-out whenever we have the opportunity to restrict companies from sharing information with other companies or partners.  It only takes a few seconds, and restricts what can be done with your information.  Find those boxes, and tick them.

3.       Treat Social Networks like coffee shops.  If you wouldn’t talk about it in a coffee shop, don’t talk about it on Facebook or Myspace.  If you wouldn’t shout it on a street corner, don’t share it on Twitter!  Once you have shared something electronically, it is out of your control, even if you think that only your friends will be able to see it.

4.       Maintain Healthy Skepticism.  Be suspicious about any requests for personal information, even if they look like they come from a person or organization that you know.  Many people continue to be fooled by these requests.  It’s easy to take a couple of minutes to make a call and confirm that a request is genuine before providing information that could be used to commit identity theft, or cause you other problems.
 
Does someone's right to privacy end once they are dead?  In the US, we do not have a constitutional right to privacy in the same way that Europeans do (yet!), but explicit provisions in HIPAA (Health Insurance Portability and Accountabilty Act) maintain that information about an indivudual should be maintained as private after their death, but other regulations such as the Freedom of Information Act may conflict in certain situations, in addition to free speech rights guaranteed under the First Amendment.

In the EU, the right to personal privacy explicitly survives death

Some interesting links around this subject can be found at:

Is there privacy after death?
Privacy after death debated.

Some more thoughts on this topic from Rebecca Herold (@privacyprof) who had written a couple of thought pieces around this topic here and here