Transparency is often talked about in the privacy world. Consumers, citizens, privacy advocates and regulators want businesses and governments to be as transparent as possible about how they’re collecting, using, sharing and deleting personal information. In recent years, tech companies have fought to allow for more disclosures of government requests for user data. In fact, Twitter just released their biannual report on Tuesday (requests are up 40 percent, by the way).
Cynics may say that privacy policies are aimed to make a company’s privacy practices litigiously impermeable, but good ones demonstrate transparency—often in layered or real-time disclosures within the context of a transaction and to help consumers navigate the complex digital panorama. Hence, transparency can be a very good thing.
But transparency also requires forethought, contextual analysis and, most importantly, scrubbing.
These were things lost in former Florida Governor Jeb Bush’s push to be more transparent—likely in anticipation of a 2016 presidential run. You see, this week, the self-described first “eGovernor” in the U.S. published a massive trove of email correspondence, covering an eight-year span (1999-2007).
On his website, Bush wrote about the “spirit of transparency,” explaining, “I am posting the emails of my governorship here. Some are funny; some are serious; some I wrote in frustration. But they’re all here so you can read them and make up your own mind.” But as The Verge points out, some contain sensitive personal information of Florida citizens. Not really expressing the "spirit of personal privacy" on this one.
Yes, in this grand gesture to share a candidate’s political outlook, privacy was lost. Of the dozens of gigabytes of email correspondences, none of the information was redacted; emails, addresses, personal feelings, medical diagnoses and, yes, Social Security numbers are there for your perusal.
With a team of reporters on hand, The Verge has published a number of examples of this disclosure of private fact. In one example, an unsuspecting individual shared thoughts of personal struggle; another included employment issues, complete with a Social Security number; while yet another included a child’s life-threatening medical condition with the child’s and mother’s name as well as her contact information, health ID number, and yes, once again, her Social Security number.
Clearly, the Bush camp forgot about personal privacy amidst this attempt at transparency. Bush wrote, “Email kept me connected to Floridia and focused on the mission of being their governor.” And now transparency has connected him to the realities of the Digital Age.
Maybe he was the eGovernor of 2000, but the eGovernor of 2015—just like public and private organizations across the marketplace—must understand the nuances of personal privacy. Plus, the lack of respect for context and secondary use are worth pointing out here. As an undergrad in the late 1990s, I often was required to write in my Social Security number at the top of tests, and it was conspicuously posted on my student ID card. You know, the same card that checked out books at the library and got me food at the dining halls. Clearly, that was the era and mindset of many of Mr. Bush's constituents, but things are different now. I long ago shredded my old tests and student ID.
Would that woman with the sick child have shared that data had she known it would eventually go public? Likely not. Would that person expressing a personal struggle have done the same? Who knows, maybe it was part of a larger cry for help. Ultimately, this serves as yet another lesson on how NOT to treat data. Yes, it may, on the surface, be of beneficial use for you or your organization’s purposes—and, yes, it might even be legal!—but is it violating the privacy and expectations of others? These are important questions to ask before going to market.
As we’re seeing almost day in and day out, hackers are becoming more and more savvy, while nation-states continue to develop sophisticated state-sponsored cyberattacks. In fact, Bush’s disclosure came out on the same day that President Barack Obama announced the birth of a new cyber threat agency designed to detect and share threat data among government agencies. We're now living in a world where hackers can steal reams of personal information and company secrets for making a bad movie. It's also a world where state-sponsored hackers, allegedly, may have stolen upwards of 80 million medical records to zero in on specific groups of influential people. (Simple encryption may have helped in both circumstances.)
Redacting personal information before making it public and encrypting stored, sensitive personal data should be no brainers in 2015. I’m sure Mr. Bush had good intentions—if politically self-serving—but this attempt at transparency should have been left off the platform if he wants to be ePresident.
If you want to comment on this post, you need to login.