ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Understanding the Impact of Human Behavior on Privacy

Understanding the Impact of Human Behavior on Privacy

| Published: 3/17/2014 8:57 AM | Category: Privacy | Permalink | Email this Post | Comments (0)
Vasant RavalVasant Raval, DBA, CISA, ACMA
The issues of privacy will linger on. We as a profession—the regulators, the IT innovators and the developers—will continue to muddle through challenges of both implicit and explicit privacy goals. In turn, these challenges will continue to take different shapes. The technology infusion that cuts across cultures and navigates through national boundaries with great ease will exacerbate the difficulties of capping the privacy issue. To all these challenges, add one more:  Everyone wants to make more money in the near term with great breakthroughs. Risk that you can afford to ignore, i.e., that may not offer enough motivational force to take the time or money to examine proactively, during product and service development.
Also, consider this:  Privacy is not just an IT problem, although it could be IT-sourced in many cases. Many sociopolitical and psychological factors play a role in the privacy domain. Human behavior is an intriguing variable; any time you consider it—and there are very few circumstances where it is not warranted to be considered—you come up with an open system subject to many contingent or moderating variables. 
For example, a community member whom I know well came to me for tax advice. The situation was complex, involving tax treatment of investment losses suffered from a Ponzi scheme. Of course, this is confidential and we briefly touched on that during our conversation, but several weeks later, when he was talking to my wife, he expressed surprise that she did not know about his problem. The misplaced expectation was that there is no privacy between husband and wife. People say they want privacy, but they really do not think it happens.
I am often a victim of what I call “reverse privacy”; students tell me what I should not know, which compromises my professional integrity and independence. And they know they should not disclose such realities to me, their teacher. Students may, for example, declare to their teacher that in order to receive tuition reimbursement, they need a minimum of a B grade in the course. Telling people what they should not know about your situation is as much a problem of privacy—or reverse discrimination through privacy abuse—as the privacy itself. It is quite likely that such a disclosure may not affect the judge’s opinion; however, you do not want to create a situation of conflict in their minds. As an educator, it is my duty to cultivate sensitivity around disclosures of this type and help prevent potential ethical dilemmas that should not even exist.
What all this tells us is that we really need to invest more thinking on privacy. Ideally, such an effort, or a series of efforts, should provide us with rules that we as individuals, as professionals, as community members, etc., should follow. Without clear and brief privacy guidelines, not much can be accomplished; the talk of privacy remains just talk. Can you verbalize your rules of privacy?
Note:  Opinions expressed here are those of the author and not of Creighton University.
Read Vasant Raval’s recent Journal article:
Information Ethics: The Piracy of Privacy,” ISACA Journal, volume 2, 2014.


There are no comments yet for this post.