fbpx
Home » Privacy Harms that Organisations Should Consider

Privacy Harms that Organisations Should Consider

0 comments 456 views

An organisation should consider whether personal information that is lost, used in an unauthorised way, or otherwise misused could result in:

Physical harm

Questions to ask: Could the use or misuse of this personal information lead to stalking, harassment, or physical assault? Could the publication of personal information lead to intimidation or threats? Could the use or misuse of personal information promote or enable physical harm?  Examples of personal information: physical or GPS location; address; photograph or description

Economic harm

Questions to ask: Could the use or misuse of this personal information lead to identity theft? Could an individual lose productivity or time resolving any financial issues?  Examples of personal information: Financial account numbers; credit card numbers

Reputational harm

Questions to ask: Could the use or misuse of this personal information harm an individual’s image or regard in the community? Could they lose business, employment, or be rejected socially? Could someone be confused about whether this individual is the one making a statement?  Examples of personal information: Romantic or sexual details; medical details; a person’s name, image, or likeness

Emotional harm

Questions to ask: Could the use or misuse of this personal information cause emotional distress, such as anger, annoyance, anxiety, embarrassment, fear, frustration, humiliation, or a feeling of violation?  Examples of personal information: Intimate images; physical location; information used in identity theft; health or medical details

Relationship harm

Questions to ask: Could the use or misuse of this personal information harm an individual’s relationships or damage their trust. Examples of personal information: Private communications; information shared in confidence; questions for expert advice; information covered by fiduciary duties

Chilling effect harm

Questions to ask: Could the use or misuse of this personal information inhibit an individual from exercising a right?  Examples of personal information: Political or religious opinions; beliefs; information about associations, including minority groups; medical details

Discrimination harm

Questions to ask: Could the use or misuse of this personal information disadvantage an individual? Could an individual be subject to unequal treatment or harassment? Could a discriminatory pattern be further entrenched for an individual? Does the use or misuse of this personal information result in disproportionate effects on different groups of individuals? Does this personal information in any way affect rights? Examples of personal information: Details relating to gender, sexual orientation, race or place of origin, or other minority status; directory information such as address if publicised

Thwarted expectations harm

Questions to ask: Could the use or misuse of this personal information be against the individuals’ reasonable expectations? Would we be breaking promises by using information this way? Violating a contract? Examples of personal information: Behavioural information; usage information; personal information used in a way the individual did not expect or understand

Loss of control harm

Questions to ask: Could the use or misuse of this personal information cause an individual to lose control of their personal information or choices? Are we retaining the personal information in a way that holds potential for harm? Is there a potential “downstream” use that the individual cannot control? Does the individual want the personal information to be shared the way were are planning? Could this personal information create or increase an individual’s vulnerability? Examples of personal information: Biometric information; information created by the individual

Data quality harm

Questions to ask: Could the use or misuse of this personal information cause harm if it is not accurate, complete, or up-to-date? (Even the harm of having to take time to correct the personal information?) Examples of personal information: Consumer profiles or reports; address; income or financial details

Lack of informed choice harm

Questions to ask: Could the use or misuse of this personal information in this way prevent an individual from refuting, responding, or asserting rights? Examples of personal information: Background checks; credit checks

Disturbance harm

Questions to ask: Could the use or misuse of this personal information disrupt, disturb, or be a nuisance?  Examples of personal information: Phone numbers; emails addresses; other contact information

Loss of autonomy harm

Questions to ask: Could the use or misuse of this personal information in this way restrict someone’s choices, coerce, trick, or manipulate them? Does using this personal information harmfully distort the individual’s decision-making?  Examples of personal information: This harm could apply to many kinds of information, and depends more on how options or choices are presented and the manner in which consent is obtained.

This list is derived in part from the “Typology of Harms” by professors Danielle Keats Citron and Daniel J. Solove.

Another useful way to consider harms is to group them into categories. In a 2017 report on automated decision-making, the Future of Privacy Forum (FPF) identified ways that the use of personal information could lead to differing treatment of individuals or harmful impacts on members of certain communities.

If personal information is misused, the result could be a:

  • Loss of Opportunity, such as jobs or employment, insurance and benefits, housing access, or educational access;

  • Economic Loss, such as credit issues, receiving different prices, or receiving only certain advertisements;

  • Social Detriments, such as being grouped or filtered into bubbles, being stereotyped or treated incorrectly, or subjected to bias; or

  • Loss of Liberty, such as being placed under surveillance or watch, or being restrained or incarcerated.

FPF’s table of harms is below, and the full report is available on the FPF’s site.

Read The Full Article From the Bermuda Privacy Commissioner

 

related posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept