There is an old truism in discussions about privacy that if you've got nothing to hide then you've got nothing to fear. But as with most truisms, this one is based on some bad assumptions. It assumes that anyone in a position of power (from a parking warden through to the Prime Minster) has only virtuous motives for using our private information. It assumes that no other third party will ever gain access to our secrets, whether by accident or design. It assumes that the private details we hand over, should that be to the IRD, an online subscription, a Facebook post or a public transit system, will only ever be used for providing the service for which they were intended.
But organisations can always be trusted, right?
We know from experience that this isn't the case. In New Zealand there have been plenty of high-profile cases where public bodies have either abused public trust by on-selling data, or by making it available to their vendors with little control or oversight. In 2013 both the ACC and the Ministry of Social Development made infamous privacy gaffes which made national headlines (the leaks were through incompetence rather than malice, but the effect is the same.) Even in cases where it's obvious that our personal information is being sold, such as on Facebook, we can be incredibly cavalier about it. It's not so much the direct consequences of this behaviour that should worry us, but the unintended risks to which we're exposed.
These consequences will probably not involve a hollywood-style plot where secret agents chase us across town because we made a snide remark about the Mayor, but they will make it easier for organised crime, maladjusted hackers, and individuals that have no right to your secrets to gain access. The most common abuse is outright identity fraud: criminals looking for details that will gain them access to your bank account or credit card. But abuse of privacy for political purposes is also on the rise. It's less of an acute issue in NZ, but that makes it no less important to protect.
Get an expert opinion
A great place to go to learn more about what privacy is, and what it isn't, is the Office of the Privacy Commissioner. When it comes to IT, there are two things to work on:
- Hire an IT professional to make sure your computer network is well maintained and protected, and,
- Work with your team to ensure they are well trained in recognising privacy issues - as the weakest part of any online security is usually the people (just ask the NSA about Edward Snowden!)
I share many things online, everyday. Just like most people, I don't let fear of a possible crime stop me from enjoying life. So rather than avoid online engagement, I choose to expect ethical behaviour from the businesses I deal with and to hold them to account when they don't. It means shining a light on their approach to my privacy because, after all, if they've got nothing to hide, we've got nothing to fear.