For better or worse, digital technologies have undeniably transformed many aspects of daily life. Experiences interacting with the digital world can be different for everyone, especially neurodiverse people. Many neurodiverse people reap its benefits by connecting with other like-minded people through online communities, accessing plentiful knowledge about topics of interest, and learning different strategies for navigating a world built around the needs of neurotypical people. At the same time, these digital technologies present formidable risks around data privacy and digital safety that neurodiverse people are especially vulnerable to.
In adapting how we manage privacy programs to the evolving needs in industry and society at large, it is important we build awareness and competency around neurodiversity and the unique data privacy concerns that arise with it.
What is ‘neurodiversity’?
We hear a lot about ‘neurodiversity’ these days, whether at the workplace, school or in our own communities. This concept was first coined in the 1990s by Judy Singer, a sociologist with autism. Singer asserts that neurological differences are normal variations within the human populations. Neurodiversity covers people with various neurodevelopmental disorders, including autism spectrum disorder, attention-deficit hyperactivity disorder, Tourette syndrome and dyslexia. It challenges the notion that these differences are “deficits” that need to be cured or suppressed through medical intervention. Neurodiversity emphasizes the strengths and benefits these differences can offer, including extraordinary capabilities in things like memorization, recall, pattern recognition and concentration.
Neurodiverse people and technology
Over the last few decades, the number of people diagnosed with neurodevelopmental disorders such as autism spectrum disorder, have steadily increased thanks in large part to increased awareness and changes in diagnostic practices. Neurodiversity is a mosaic, and so ability and support needs can vary significantly between individuals. Some neurodiverse people are able to lead independent lives, including attending college or graduate school, holding down full-time work, or raising families of their own. Others may require ongoing support, not only from carers but also assistive technologies such as augmentative and alternative communication meant to help nonverbal people communicate with others or text-to-speech software to help dyslexic users understand texts.
Contrary to popular belief, neurodiverse people spend a considerable amount of time using digital technologies. Numerous studies have observed a greater likelihood for neurodiverse children, notably those with autism and ADHD, to spend time online compared to their neurotypical peers — habits which can persist even into adulthood. While organizations like the Autistic Self-Advocacy Network and Mencap UK published guides to help neurodiverse individuals and their families enhance their digital literacy, the privacy issues and needs of neurodiverse people remain understudied.
Key privacy issues for neurodiverse people
Information privacy intersects with the lived experiences of neurodiverse people in various ways, but below are some issues that stand out:
1. Safety in digital spaces
Whether browsing through posts on Reddit forums to playing video games with friends, digital communities offer spaces for people to connect with others with similar interests and ideas, often transcending geographical bounds. Many neurodiverse people may feel these digital communities are more welcoming places to make friends and find a sense of belonging compared to interactions in the “real” world. Several features make these spaces attractive to neurodiverse people, such as more structure and control over interactions with other users, less emphasis on grasping nonverbal communication and social cues (i.e., body language), greater ease in resonating with others, and finding people with similar experiences.
However, these digital spaces present offline risks that could put neurodiverse people in particular and others around them in harm’s way. In desiring to connect with others, neurodiverse people may “overshare” personal details about themselves with others they meet online. Driven by a complex set of factors — such as a high level of trust in strangers, feelings of social isolation, anxiety and challenges in controlling impulse — it may be more difficult for neurodiverse people to foresee the potential consequences in their online behaviors.
This could include less-specific things like age, gender and location to unique identifiers like a full name, home address or government ID number that, used alone or in combination, could be used to stalk, harass or inflict harm on someone and their loved ones. Dangerous tactics such as "swatting" — when a user who has obtained personal details through social engineering or doxxing falsely reports a serious crime (e.g., robbery, hostage situation, bomb threat) against someone else and deceives law enforcement into sending a response team to the other person’s house — have grown in online communities. The consequences of it can be lethal. Inadvertently disclosing this information can be especially troublesome when a neurodiverse person may not realize their online “‘friend” may have ulterior motives or engage in “catfishing,” a tactic in which an online person pretends to be someone they are not.
Children and adolescents with neurodevelopmental disorders are also more likely to encounter cyberbullying compared to their neurotypical peers. Another study also observed that users with autism are often subject to higher levels of online harassment, but noted they had more difficulty blocking problematic users, running the risk of prolonging their harassment.
It’s therefore important to instill healthy habits around digital safety and literacy into neurodiverse people as early as possible. Parents have a vital role to play in ensuring that their children are mindful of the choices they make when interacting with the digital world, as well as the potential impact it can have offline.
2. Preventing financial exploitation
Globally, the number of online scams has skyrocketed. In the U.S., reported losses from scams increased nearly 18 times from 2017 to 2021 and affected more than 95,000 victims, costing them more than $770 million. Scams, phishing and other fraudulent activities can not only result in direct financial losses, but might also lead to the exposure of someone’s sensitive personal information to other cybercriminals and in turn more risk of fraud.
Many of us have developed strategies to spot and avoid these scams when online. Neurodiverse people, being perceived as more gullible and socially vulnerable, are more likely to be targeted by scammers and other malicious actors looking to take advantage of them. One University of Cambridge study observed that autistic adults were 20% more likely to report being tricked or pressured into giving someone money. Despite these concerning figures, another University of Alabama study suggests people with autism are not more prone to falling for phishing scams compared to people without autism. It is possible that neurodiverse people may still be vulnerable to these scams if they think the person they are interacting with is a “friend.”
Financial abuse may not always involve the direct exchange of money from one person to another. It can be access and control over personal information belonging to a neurodiverse person and using that power for personal gain, like opening a credit account or retitling real estate. Some of this financial abuse can come from family, friends and carers that neurodiverse people are supposed to trust. A 2014 survey from the U.K.’s National Autistic Society polling adults with autism found that “over a quarter had money or possessions stolen by someone they thought of as a friend.”
Persons with disabilities who have higher ongoing support needs — which also includes some neurodiverse people — may face abuse by those entrusted to handle their financial affairs, such as a carer, trustee or conservator, who may misuse or embezzle the assets tied to someone’s name. As trustees and conservators often have ready access to the personal information of the individual under their care, it can be extremely difficult for a neurodiverse person in this situation to detect this abuse. Even if they are aware of it happening, neurodiverse people may be reluctant to report for fear of losing access to care or damaging a relationship with a loved one.
3. Protecting health information
Choosing whether to disclose one’s diagnosis is often a difficult dilemma for neurodiverse people. It is a very personal journey.
Disclosure can be beneficial as it can facilitate access to accommodations at work and school, and can help people like workplace managers, teachers and carers understand how to best support a neurodiverse person. It may also be required in legal settings as part of cases involving disability-based discrimination.
At the same time, many people with neurodevelopmental conditions may feel discomfort in sharing their diagnosis from previous negative experiences or fears that disclosure may lead to differential treatment. Deloitte’s 2021 study on autism in Canadian workplaces showed 56% of workers with autism felt people treated them differently when they learned of their autism, and a further 42% report experiencing workplace discrimination linked to their autism diagnosis.
Diagnoses and related information are covered by different privacy laws globally and may differ between sectors and subnational jurisdictions. It is usually covered under the concept of personal health information, which may be termed differently in some places. PHI can include physical and mental health history, specific treatments or prescriptions, service plans, payments or insurance-related information.
Beyond diagnosis, PHI for neurodiverse people can also encompass things like session notes from psychiatrists or therapists, which, when strung together, can represent a person’s support plan. That can be crucial to someone’s sense of dignity and inner self. That information often details someone’s struggles and fears that they would be extremely uncomfortable sharing outside of health settings. The security of and control over this information is often important in helping neurodiverse people feel comfortable in continuing to seek support. With the uptake of telemedicine accelerating, it’s important for providers and custodians to establish proper safeguards and assure patients of their control over the information to the greatest extent possible.
4. Guardianships and control over personal information
Neurodiverse people may not always have full control over their personal information. While the underlying specific laws may differ, people with higher support needs may be clinically assessed as being incapable of making a medical decision for themselves. In these cases, health providers may turn to surrogate decision-makers, which have specific rankings often defined in law depending on jurisdiction. More generally, a court may appoint someone to serve as a guardian or conservator for that person, which can range from a full guardianship (i.e., control over all matters in a person’s life) to a limited guardianship (i.e., control over social activities, finances).
Recently, neurodiverse self-advocates have criticized guardianships for the heavy restrictions they impose on people with disabilities. They assert guardianships often prevent neurodiverse people from making their own decisions — including exercising control over their personal information — to the extent it may actually inflict harm to someone. Guardians could make choices that go against someone’s wishes and might use their power to abuse those under their care, such as financial abuse.
While there is often good intent behind guardianships, the support needs of a neurodiverse person can evolve over time to the extent they become capable of making their own decisions. Guardians could prevent someone under their care from accessing personal information such as a Social Security number, a birth certificate or documentation that would be necessary for someone to seek employment or pursue higher education but is legally barred from doing so because of restrictions imposed by their guardianship, along with other applicable laws in the jurisdictions they live in.
Many neurodiverse people desire a sense of control and agency over their lives. What this looks like, and the level of support from others, differs between people but it is nonetheless important to craft a careful balance between ensuring neurodiverse people have a trusted advocate to help them make decisions for themselves while also ensuring that wherever possible, neurodiverse people can be in the driver’s seat.
Conclusion
Many of the barriers faced by neurodiverse people are woven into systems and processes designed by and for neurotypical people. Respect for information privacy is a crucial part in fostering inclusion for neurodiverse people across various sectors and contexts. While this article provided a glimpse into the relationship between privacy and neurodiversity, this is only the tip of the iceberg.
As privacy program managers, programs designed without consideration for the unique needs of neurodiverse people can expose them to greater risk and vulnerability. We know that when neurodiverse people are empowered, they can harness their unique abilities to accomplish extraordinary things. A well-designed privacy program can help set the groundwork for that. Ultimately, we owe it to neurodiverse people to listen, learn from them and do better.
