What’s at risk when privacy is violated? How can you determine whether a process, service, or project could cause a privacy problem? The following sections describe the types of activities that can be associated with privacy harms and ways to prevent these problems.
Understanding privacy harms
There are many theorists who have worked to identify and classify privacy harms. One of the first was Alan F. Westin in his classic book, Privacy and Freedom, published in 1967. The information on this page is adapted from Professor Westin's work and also Professor Daniel J. Solove's "Taxonomy of Privacy," described in his book Understanding Privacy, published in 2008.
If you anticipate or identify possible privacy harms, read IU’s Privacy Principles to learn how you can address these concerns or contact privacy@iu.edu for assistance.
Types of privacy harms
Consider the following privacy harms, particularly related to interactions with individuals whose information is collected, used, disclosed, and retained by Indiana University. Is it possible that your actions could be viewed as harmful?
Information collection
What the individual might think:
“They are collecting information about what I am doing -- more than they should!”
Indiana University must collect information in order to perform its mission activities. Although not all collection is harmful, information collection can constitute a harmful activity.
Examples of information collection activities that can lead to privacy harms:
- Surveillance — watching, listening to, or recording an individual’s activities
- Interrogation — inappropriately probing for information
- Visual — viewing private activities without the individual’s knowledge
- Communications — such as wiretapping phone or email
- Too Much Information (TMI) — asking for “private" information unnecessarily
Things to consider:
- Are you doing something with your process, service, or project that could be seen as too much information collection?
- Are you collecting information you don’t really need?
- Be aware that whether you look at or use the information is not the critical question; the fact that you are collecting it is in itself a concern.
- What might you do to address these concerns? For more ideas, visit the Privacy Principles.
Information processing
What the individual might think:
“They have a lot of data about me, and they are storing, manipulating, and using it!”
Indiana University must process information in order to perform its mission activities. Although not all processing is harmful, information processing can constitute a harmful activity. This is especially true when the processing results in an incorrect assumption, and is used as the basis for making a (wrong) decision concerning an individual.
Examples of information processing activities that can lead to privacy harms:
- Aggregation — combining pieces of information about an individual that were collected from different sources
- Identification — linking unidentified information elements to particular individuals
- Insecurity — failure to protect information from leaks and unauthorized access
- Secondary use — use of collected information for a purpose different from the use for which it was collected, without the individual’s consent
- Exclusion — using data to exclude an individual, especially if the data was incorrect or interpreted incorrectly
Things to consider:
- Are you doing something with your process, service, or project that could be seen as an information processing harm?
- Information processing can be helpful when it "personalizes" and gives better service. But it can invade privacy when it goes too far or is used in ways that break commonly accepted norms.
- Are you keeping information long after you are finished with it? This can make it vulnerable to processing harms.
- Privacy is a balancing act. Individuals are going to balance the gains from using your service with the potential privacy harms. Some may choose not to use your service because they don’t know how you will process their information.
- What might you do to address your users’ concerns? For more ideas, visit the Privacy Principles.
Information dissemination
What the individual might think:
“They spread or transfer information about me — more than I think they should!”
Indiana University often must disseminate or share information in order to perform its mission activities. Although not all dissemination is harmful, information dissemination is one of the most commonly performed harmful activities.
Examples of information dissemination activities that can lead to privacy harms:
- Breach of confidentiality — breaking an agreement to keep information confidential
- Disclosure — disclosing data to persons or entities the individual doesn’t expect
- Exposure — revealing intimate information, as in a public exposure of private facts
- Increased accessibility — amplifying the accessibility of information
- Blackmail — a threat to disclose personal information
- Appropriation — the use of an individual’s identity, such as using a name or picture, without the individual’s permission
- Distortion — disseminating false or misleading information about individuals
Things to consider:
- Is it likely that individuals using your process, service, or project would think that you may be disseminating their information inappropriately?
- Are you in fact disseminating information in ways that users wouldn’t expect?
- Could the information you are disseminating be considered “intimate”?
- Are you certain the information you are disseminating is accurate?
- What might you do to address this concern? For more ideas, visit the Privacy Principles.
Invasion
What the individual might think:
“They come into my space and contact me, or tell me what to do!”
Indiana University communicates with individuals every day using a multitude of digital and paper methods, but invasion can occur physically as well, and IU manages many physical spaces that serve both public and personal purposes. Invasion infringes directly on the individual, and is a serious privacy harm.
Examples of invasion:
- Invasions into private affairs
- Invasive acts that disturb an individual’s tranquility or solitude
- Decisional interference — entering into an individual’s decisions regarding his or her private affairs
- Unwanted email —unwanted communications into an individual’s personal space, including his or her email inbox, is considered an invasion.
- Unwanted phone calls — entering into an individual’s personal space by calling his or her personal phone number (especially if it is a mobile phone)
- Entering a room without knocking
Things to consider:
- Are you doing something with your process, service, or project that could be seen as a privacy invasion?
- Are you sending digital communications to personal email inboxes?
- Are you calling personal phone numbers?
- What might you do to address this concern of your users? For more ideas, visit the Privacy Principles.