Carnegie Mellon Libraries: Information Ethics Problem of the Month: Confidentiality and Privacy

Confidentiality and Privacy: What's the Difference?
by
Jean Alexander
Head, Hunt Library Reference
jeana@andrew.cmu.edu

Debates about confidentiality and privacy, transparency and secrecy dominate the news. The words "confidentiality" and "privacy" are sometimes used interchangeably, but there is a distinction between the two.

Privacy "denotes a zone of inaccessibility"[1] of mind or body, the right to be left alone and to maintain individual autonomy, solitude, intimacy, and control over information about oneself.

Confidentiality "concerns the communication of private and personal information from one person to another."[2] The key ingredients of confidentiality are trust and loyalty. Professionals rely on the promise of confidentiality to inspire trust in their clients and patients. In the case of lawyers, psychiatrists, and clergy, communications are legally designated "privileged."

If your business surreptitiously collects information for marketing purposes via the Internet, you are intruding on an individual's privacy. If you pass on an e-mail message from a friend to another friend without permission, you are violating confidentiality. Are these actions wrong? As usual with questions of ethics, it depends on the situation.

Confidentiality and privacy are not absolute. Like other values, they often conflict with other goods, such as safety, efficiency, or democracy. Everyone agrees that privacy is a good thing, but many people are willing to sacrifice privacy to achieve other goals, for example, stopping terrorism or protecting children from abuse.

Technology raises concerns about the loss of both confidentiality and privacy because of the ease with which information can be collected and exchanged, often without the knowledge of the individual. As Fred H. Cate says in his book Privacy in the Information Age, "A clear problem is that in an electronic environment, it becomes hard to differentiate between a private and public place and therefore what should be protected and what should not." [3]

Internet users are invariably warned that there is no such thing as a private sphere online; surveillance and dissemination are omnipresent possibilities. But since almost all data storage and communication now takes place on computer networks, this amounts to saying that confidentiality and privacy no longer exist. This seems unacceptable. Faculty have an obligation to protect grades and other student records from prying eyes. Hospitals have a duty to protect certain patient information from insurance companies and employers. Libraries must maintain the confidentiality of borrowing and reference transactions.

You may be concerned about violations of your personal privacy by others. But are you equally willing to take responsibility for your own handling of sensitive information? Do you publicize the e-mail addresses of others, exposing them to unwanted mail? Forward messages and attachments without reading them? Share passwords? Neglect to change your password? Do you stop to consider, when doing research or compiling data, how you should restrict access to that data?

It takes a combination of legal, technological, and individual actions to preserve confidentiality and privacy in an electronic environment. It's not just that Big Brother is watching you. You too are Big Brother.

Health Privacy Project
Institute for Health Care Research and Policy
Georgetown University

[1] Encyclopedia of Applied Ethics (San Diego: Academic Press, 1998), p.649

[2] Encyclopedia of Bioethics (London: Prentice Hall International, 1995), p. 195.

[3] Fred H. Cate, Privacy in the Information Age (Washington, D.C.: Brookings Institution Press, 1997), p. 196.