IA: Context of IA Services - Information Assurance Architecture

Information Technology Reference

In-Depth Information

“privacy” over 1,600 times, and although it does not directly define privacy, it

alludes to definitions through third-party references, including:

n

“Alan Westin, Privacy and Freedom (1967) and Janna Malamud Smith, Pri-

vate Matters: In Defense of the Personal Life (1997). These writings emphasize

the link between privacy and freedom and privacy and the 'personal life,' or

the ability to develop one's own personality and self-expression.”

“In 1890, Louis D. Brandeis and Samuel D. Warren defined the right to pri-

vacy as 'the right to be let alone.'”

“Or, as Cavoukian and Tapscott observed the right of privacy is: 'the claim of

individuals, groups, or institutions to determine for themselves when, how,

and to what extent information about them is communicated.'”

n

8.8.1

Privacy Qualiiers

The concept of privacy is one consideration, but what privacy applies to is quite

another. The focus for online privacy is personal information or personally identifi-

able information. Consider the examples in Table 8.1.

8.8.2

Compliance Requirements

There are external and internal compliance requirements. Internal requirements

include organizational mission and other convictions concerning the protection of

privacy of client, vendor, partner, and employee information.

Various legislative compliance requirements (external), including the HIPAA

Privacy Rule, the Privacy Act 1974, and the Freedom of Information Act, provide

privacy qualifiers. The PATRIOT Act encroaches on personal privacy in the name

of national security; both are foundations of American way of life and the two must

work in harmony, each containing a bit of the other.

8.8.2.1 External Privacy Qualifiers

Organization type and industry will dictate which external compliance require-

ments come into play with respect to privacy. Organizational types include com-

mercial, nonprofit, and both civilian and defense government. Industry-specific

concerns include health care, financial, and those that qualify as part of United

State's critical infrastructure.

HIPAA Final Security Rule, p. 15.

Ibid., p. 16.

Search WWH ::

Custom Search

Home