One common retort to claims of privacy infringement from government and industry is that in prevents or impairs a societal benefit. The most oft cited example is the alleged dichotomy of security versus privacy. Another incarnation is in the debate over black box recorders in consumer vehicles and whether the public policy should favor detailed tracking to reduce auto fatalities over the lost privacy of drivers. However, not every public policy debate has settled in favor of reducing social harm to the determent of privacy.
Consider sexually transmitted diseases. Health information is one of the special classes of personal information that the US has deemed fit to grace with one of it’s sectoral laws, HIPPA. Public policy in the United States favor strong protection for health data. However, HIPPA only covers health care providers and their business associates. What about private individuals who come into knowledge of health information about another person? May they disclose a persons health condition to the public at large? Generally, the answer is yes, as long as it is truthful. However, this is not always the case. Many states have a privacy tort for public disclosure of embarrassing private facts. The elements of proving such a tort are
- There must be public disclosure of the facts
- The facts must be private facts, not public ones
- The matter made public must be one which would be offensive and objectionable to a reasonable person of ordinary sensibilities.
In some cases, the revelation must not be newsworthy or a matter of public interest. One’s condition of having an STD would seem like the prototypical private fact that one would seek to keep from disclosure. But from a public policy perspective, there is an argument to be made that in order to prevent the spread of the communicable diseases, infection with an STD should be public knowledge to prevent potential partners from becoming infected. However, to my knowledge, no US state requires mandatory public disclosure (to the public at large). They may require reporting to a government agency by health providers or require disclosure of status by an individual to a potential sexual partner. Failure to do so may be criminally or civilly punishable. The decision to reveal one’s status publicly remains in the control of the individual, even when the law requires revelation to those at risk (an STD infected individual’s sex partners). This is by no means a closed debate.
Privacy is often pitted against societal benefits and the debate framed as an individual‘s right to privacy versus this particular social good. Privacy rarely comes out ahead because the societal benefits of privacy are hard to quantify in terms of lives, money, or some other enumerable figure that can be directly compared against. But protection of privacy does have societal benefits. Selective disclosure allows people to building trusting relationship. Financial privacy prevents targeting and theft, making society more productive. Anonymity is critical to a society free speech less speakers be judged for controversial or unpopular thoughts. A lack of privacy impedes risk taking and chills the activities of people. Ultimately, privacy is about decision making and the autonomy of the individual to make those decisions for themselves. Without that autonomy, one does not have a free society and all the benefits that liberty brings.
We can not allow ourselves to fall into the trap that any social good which implicates privacy interests outweighs the privacy harms. If we’re going to take a economic approach we have to find a way to quantify privacy harms as a social costs.
Please note that this blog post is not mean to be a treatise on the intricacies of privacy law as they relate to health data, in general, or sexually transmitted diseases, in particular. For some additional information see http://www.iom.edu/~/media/Files/Activity%20Files/Research/HIPAAandResearch/PrittsPrivacyFinalDraftweb.ashx