There's a case on trial right now about privacy. An anti-abortion Web site has information about specific people who perform abortions. The plaintiffs want the information removed, claiming it constitutes a threat. When one of the people on the list was murdered by an as yet uncaught sniper, the name was crossed out but not removed.

Without going into more specifics of the case, let me make an observation. If we lived in a world with a strong right to privacy, this case would never have come to court.

Is this such a hard thing to understand? A person should have control over his or her personal information. If she doesn't want her name and address published or distributed, that is her business, and her wishes should be respected.

Unfortunately, that's not the way the USA works. Privacy isn't a right. It isn't even a major concern for most businesses and government agencies. Consider Social Security numbers. According to law, there are only a few federal agencies that can require it. Yet I've had rental agencies ask it so they can perform a credit check. When my employer switched health insurers last year, they gave the new insurer my SS# without my knowledge. I changed my health insurance ID as soon as I learned they were using my SS#; but to this day I have problems with their computer systems which assume that a person's ID is their SS#. Imagine what I would have had to go through if they had refused to change it.

Another aspect of the situation is opt-in vs. opt-out. Businesses want to get as much data on customers as they can, so they favor an opt-out approach to privacy (when they give people a choice at all). People have to explicitly make it known that they don't want their personal information distributed.

The problem with this approach is that a person has to make his or her wishes known to so many businesses that it becomes impossible to keep up. Every time you use a credit card, subscribe to a magazine, enter a contest, or give your name and address to any business, that information can be and is freely distributed by the business. Allowing people to control how their personal information is distributed ("opt-in") would solve this. However, it denies corporations the ability to make money by selling personal information, so the business world is against it.

Even when a business offers opt-in privacy, there's no guarantee they will follow it. That's because there is almost no legal protection for personal information, and people have virtually no legal right to control how that information is used. If we did, then the case mentioned at the beginning would be a moot point.

This is what I advocate. We need strong national legislation that:

  1. Recognizes that a person's personal information is the property of that person.

  2. Allows a person to seek damages against any entity that distributes personal information without that person's consent.

  3. Mandates the opt-in approach to privacy.

There are a lot of complex issues involved - for example, is a phone number yours, or does it belong to the phone company? - but these can be resolved.

At least we can start on a personal basis. All we need to do is respect each other's privacy. If you're not sure about something, get the person's approval first.

Is it so hard to understand?

Last updated 3 June 2000
All contents ©1999-2002 Mark L. Irons