REPORTS OF COMMITTEES
| DOI | http://doi.org/10.1111/j.1468-2230.1977.tb02419.x |
| Published date | 01 March 1977 |
| Date | 01 March 1977 |
REPORTS
OF
COMMITTEES
COMPUTERS
AND
PRIVACY
THE
computer is widely feared. It constitutes a threat to middle-
class employment, and has increasingly become regarded as a threat
to personal privacy. The potency of such fear has been amply
documented,' though its fertility
to
produce actual invasions must
on
the same authority remain
in
doubt. One focus for the fear
centres
on
the capacity of the computer to enhance governmental
power at the expense of the people. For this reason some discontent
was expressed that the Report of the Younger Committee
on
Privacy concerned itself exclusively with threats emanating from
the private sector.2
An
interdepartmental working party was
accordingly established to examine the situation
in
the public sector,
and an up-dated version
of
that party's report has now been
publi~hed.~ It appeared as a companion to the White Paper
Computers
and
Privacy"
which set out the Government's current
thinking
on
the subject.
It
is
worth noting that the Younger Committee explicity
abandoned any attempt to define the concept of priva~y,~ and that
the White Paper implicity follows its predecessor's example. This
is highly disturbing. Thus the Younger Committee while refusing
to define privacy at least excluded the dissemination of false
personal information from its ambit as confusing intrusion into
privacy with defamation.6 The White Paper however apparently
regards inaccurate and incomplete information as a danger to
pri~acy.~ Thus while neither document defines the concept with
which it is most closely concernedAwe can at least deduce that
they use the same word to mean different things. The White Paper
also fails to emphasise the by now well-established distinction
between the problem of privacy which
is
concerned with the
definition of the circumstances in which a legal right
is
to be
regarded as being infringed, and that of security which
is
concerned
with the means of preventing such infringement from taking place.
The danger of such a vague approach is that failure to diagnose
the problem precisely may lead to a search for a panacea rather
than for remedies. Completely different complaints may be regarded
as symptoms of a common disease, and because a particular remedy
fails to treat one of them it stands
in
danger of being rejected in
relation to all, including those for which it is appropriate.
1
e.g.
Privacy,
Crnnd. 5012 (1972) App.
E,
Table
F;
Westin,
Dara Banks
in
a
Free
2
See
Terms of Reference,
Cmnd. 5012 (1972). para.
1.
3
Computers: Safeguards for Privacy,
Cmnd. 6354 (1975).
4
Crnnd. 6853 (1975).
5
Crnnd. 5012, para. 73.
6
Ibid.
para. 71.
7
Crnnd. 6354, para.
31.
Society
(1972),
p.
477, Appendix
B,
Table
EL-2.
198
Mar. 19771
REPORTS
OF
COMMITTEES
199
It is suggested that much more rigorous analysis is required than
has yet been provided, and in particular that each aspect of every
different area of application should be distinguished, and appro-
priate measures devised. They may have nothing in common, and
not even be capable of administration by the same machinery. Such
an approach is by
no
means inconsistent with that advocated by
the White Paper, though it may go a little further along the same
route. The Data Protection Committee has already been set up as
an interim body to prepare the way for a permanent authority.8 It is
envisaged that eventual legislation will declare standards by which
the adequacy of safeguards for privacy should be j~dged.~ It is
important to note that the White Paper insists that these,
“
must be more than mere declarations of broad principle and
must set the standards with a sufficient degree of particularity.
The range of computers holding personal information and the
types of information held, are wide and varied, and
no
set of
objectives could be formulated which would be universally
applicable.
”
This is a wise approach and the more detailed the appraisal of the
Data Protection Committee, and even more importantly, of the
eventual Data Protection Authority, the better. This may help to
prevent here the creation
of
excrescences like the Iowa legislation
relating
to
the disclosure of criminal records which was
so
sloppily
drafted that its effect was to prevent the disclosure of the criminal
records
of
those subsequently found guilty while permitting free
dissemination in the case of those subsequently acquitted,’O or that
in Oregon which had to be repealed three days after coming into
force because the police were, for example, unable to inform wives
of the whereabouts of their husbands who had been arrested.’l
Perhaps the most encouraging feature of the White Paper is its
appreciation of the economics of privacy. It points out that,12
“The ultimate safeguard lies in the fact that it is nearly
always possible to make
a
system
so
expensive to break into
that the cost of penetrating it will be greater than the value
of
the information which it holds. At the same time the security
systems which are most expensive to break tend also to be
those which are most expensive to install. The cost of providing
the highest level of security for all personal information systems
would be enormous. Fortunately there is
no
need to do this:
the need is only to provide protection proportionate to the
degree of sensitivity of the information within the system.”
Far too frequently protection has been envisaged as an absolute
response to an absolute threat.
Too
often the purposes inspiring
8
Cmnd. 6353, para. 31.
9
Zbid.
para. 32.
10
Opinion
of
Attorney-General
of
Iowa (September 25, 1973), 4
Computer
Law
11
Computerworld,
October
1,
1975.
12
Cmnd. 6353, para. 24.
Service Reporter
995.
To continue reading
Request your trial