IT can have a major impact on personal privacy even if
system developers do not plan any deliberate intrusion, so IT
specialists need to think more widely about the potential uses of
their systems.
This understanding emerged from a BCS debate involving senior
representatives from IT user companies, suppliers, government and
universities as part of the national Foresight Programme of
advanced research.
The "thought leadership" debate, held under a rule of anonymity,
considered some uncomfortable questions that IT developers might
ask themselves, for example:
- Does someone developing a system to make web page creation easy
need to consider that people can extract personal web content and
use it in different ways to those intended by the originator?
- Does the developer of a database application need to think
about whether they give people a simple way to check their personal
data which might be managed by the system?
- Should someone writing software to connect mobile devices to a
network consider privacy issues around the personal data that flies
around when someone connects to a network?
- Does someone writing software to manage credit card
transactions need to think about the privacy implications of the
secondary uses of a card: for example, to collect air tickets
already paid for and to check in automatically?
So how can proper deliberation of privacy and security
implications be initiated?
IT people should start to think beyond engineering and take account
of the need to respect and protect privacy. They should not
consider themselves as mere tool developers, use of whose tool is
someone else's concern, the debate heard.
At system development level, IT professionals need to think about
the privacy and security implications of what they are developing,
how to minimise leakage, and how to enable individuals to check
personal information handled by their systems. Security
professionals need to be included in the design of systems, not
just at the deployment stage.
At a broader professional level, IT people need to think about
privacy, spread awareness of the issues, and consider social needs
and how they are met in systems. IT professionals at this level
have a duty to share awareness of what a system implies for the
overall context, involving IT and human processes, the debate
heard.
It is not enough for IT professionals to give reassurances that
encryption for communication protects privacy if they ignore the
point that users are working with databases at either end of the
communications link. Arguably all IT professionals must have
ethical training, because of the pervasive nature of IT.
RFID and privacy
The BCS thought leadership debate heard that the privacy issues
discussed affect radio frequency identification tagging technology.
Under European law, any company that uses RFID must notify the
consumer the tag is on the product and provide details on how to
discard the tag and access the information held on it.
