Public policy is an instrument that is used by nation-states to achieve their aspirations. The moral codes held and shared together by society compel its policymakers to draft policies, laws and regulations that represent the ethos and aspirations of society.
Humans have historically relied on information and data to innovate and create value within a society. 银行和金融部门, medical facility providers and government entities have always relied on information and data to deliver services, create products and contribute towards the overall socio-economic growth of the society. However, the size, structure and usability around the data have varied throughout the human history.
在当今世界, improved computational capabilities have enabled businesses and public and private organizations to better structure their data in the form of huge databases and leverage analytics to generate business intelligence and contribute value creation.
有了这些计算和分析能力, there are increasing avenues to develop profiles of humans’ behavior around their purchasing, 支出和消费习惯, 他们的基因图谱, 他们的旅行历史, 病史, etc. While these capabilities add value to the human society, they also come with risks of intruding into individuals’ privacy.
不幸的是, the discourse around personal data is only centered around its protection from leakage or prevention from breach. However, the primary objective to safeguard the personal data is to ensure that such data are not processed to create a more inequitable society and bring about unfair outcomes.
The amount of discrete data available today allows us to bring more nuance and innovations into public policy, therefore aiding in ironing out any imbalances within the society.
Public policy experts wish to avail themselves with discrete personal data accumulated by public and private organizations to effectively address issues associated with healthcare, 财务可持续性和整体安全问题.
提出政策建议, there is a need to identify broad patterns of human behavior and propose a solution that may further require some algorithmic decision-making. This identification of human behavior or preferences and then associating it with respect to ethnicities, race or religion can cause the wedges within a society to deepen even further.
因此, the protection of personal data is not just associated with its secure storage in a safe or information systems but rather its fair processing that helps to eliminate or minimize the asymmetry within the social classes of the society. But when such personal data are used to carve out policies that might be extractive in nature or to target a particular section of a society, then there is strong likelihood that it would end up legalizing the prejudice and systemic racism.
There is strong contention among privacy advocates that use of such discrete personal data can strengthen the elite capture and cultivate extractive public policies where minorities of the society can be further targeted to extraction.
Consider the scenario in which increasing medical treatment costs need to be addressed within a society, and as the public policymakers begin to crunch through the data, they figure out that a substantial chunk of medical costs has been associated with the treatment of a specific disease that might be more prevalent within individuals and families of a specific racial or ethnic background. If similar information is used by public policymakers or regulatory authorities to allow medical insurance companies to increase the insurance premium for individuals belonging to that racial or ethnic community, then it may put the community at a disadvantageous position or may deprive some from similar communities to afford the medical insurance at all.
There can be various similar scenarios where minority sections of the society can be subjected to policy decisions which will inflict damage to the society’s fabric, 因此, such data processing might serve as a tool to perpetuate the problem rather than the solution.
Data privacy therefore needs to be seen as a public policy challenge and not just as an information security issue. The objective of protecting the personal data is linked to creation of a fair, 和谐公正社会.
编者按访问ISACA 隐私页面 有关隐私的其他信息, 包括框架和指南, 认证和培训, 以及其他特色资源.
作者简介: Muneeb是一名信息安全专家 & Privacy Consultant with a forte in strategy, program development, governance and compliance. 总部设在中东地区, 他的客户来自金融界, governmental and telecommunication sectors to help them in developing and implementing cybersecurity and privacy programs in accordance with their regulatory, 法律和遵从性要求. He has contributed with his knowledge and expertise through various writings, 播客, 政策审查和会议出席. 欲知详情,请浏览: http://www.linkedin.com/in/muneebimranshaikh/.
