Predictability for Privacy in Data Driven Government

32 Pages Posted: 3 Apr 2018 Last revised: 19 May 2019

See all articles by Jordan M. Blanke

Jordan M. Blanke

Mercer University - Eugene W. Stetson School of Business and Economics

Janine S. Hiller

Virginia Polytechnic Institute & State University

Date Written: March 28, 2018

Abstract

The Deferred Action for Childhood Arrivals program (DACA) required individuals to provide a great deal of personal information in order to participate and remain in the United States legally; could information in the same system now be used for deportations? More broadly, how should systems of data that are created legitimately by United States agencies and compiled for one reason, be used for other reasons? The increasing emphasis on “smart cities” that use data to efficiently provide and plan for service delivery will require the integration of data from multiple government and non-government sources, in ways that citizens may not expect. There are increasing calls for the federal government to open up and share the data collected for one reason for use in additional, unrelated ways, and to combine that data with data collected by commercial, private entities. Systems design for enabling citizen privacy is essential for a foundation of trust between public agencies and citizens. For example, the Census Bureau is beginning to take additional steps to protect the facially anonymous statistics that it releases, due to concerns that individuals may be identified by increasingly sophisticated technical means that link data to persons. To address privacy in fast growing and evolving government information systems, the National Institute for Standards and Technology (NIST) proposes a systems approach to protect the privacy of personally identifiable information held by federal agencies. It adopts a privacy engineering and risk management approach with three privacy engineering objectives: predictability, manageability, and disassociability. Because of its fundamental importance to the effective protection of privacy, this article focuses on the first privacy engineering objective: predictability. Predictability is not an established term in the privacy literature. Therefore, this article analyzes the concept of predictability, what it may mean and how it may evolve, and then analyzes it by means of established legal concepts. Nonobviousness in patent law and the reasonable expectation standard in privacy jurisprudence provide lessons for the creation and maintenance of more trustworthy systems and the protection of citizen privacy.

Keywords: privacy, FIPPs, government policy, NIST, privacy framework, privacy engineering, predictability, privacy by design

JEL Classification: K2, K29, O33, O38

Suggested Citation

Blanke, Jordan M. and Hiller, Janine S., Predictability for Privacy in Data Driven Government (March 28, 2018). 20 Minn. J.L. Sci. & Tech. (2018). Available at SSRN: https://ssrn.com/abstract=3152026

Jordan M. Blanke (Contact Author)

Mercer University - Eugene W. Stetson School of Business and Economics ( email )

United States
6785476313 (Phone)

HOME PAGE: http://ssbea.mercer.edu/blanke

Janine S. Hiller

Virginia Polytechnic Institute & State University ( email )

Blacksburg, VA 24061
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
89
rank
279,651
Abstract Views
499
PlumX Metrics