"Transparency establishes trust" (Latanya Sweeney, Chief Technologist, FTC)

Latanya Sweeney, currently Chief Technologist at the FTC, just published a blog post entitled "Transparency Establishes Trust" about her work on the sharing of health data.

Transparency Establishes Trust

We are amidst an era of open data –a period in which we share details of our personal lives widely in exchange for all kinds of services, often trusting companies with our most intimate facts. Sharing information about our personal lives has fostered technological innovations and influenced more transparency in government (e.g., [1,2]) and in science (e.g., [3,4]). However, once personal data are acquired, it may be shared with others without consumer awareness. So how might we add transparency to data sharing? The goal of this blog is to spark discussion and debate.

Before I go any further, let me advise you that I am solely responsible for this blog’s content, characterizations, ideas and choice of topic. This blog may not reflect the views of the FTC or any of its Commissioners.

In 2012, the Federal Trade Commission (FTC) issued its Privacy Framework report that urges companies to adopt practices that make information collection and use transparent [5]. The report describes a particular lack of transparency about the practices of companies that often buy, compile, or sell a wealth of highly personal information about consumers who never interact directly with the company. Consumers are often unaware of the existence of these entities, as well as the purposes for which they collect and use personal information.

A lot of my academic work concerning privacy and technology has been in the healthcare arena [6], so let me use healthcare as an example of what we can learn and achieve when flows of personal information become transparent. A patient expects her doctor and those involved in her care to have access to her medical information. What is not transparent are all the other places where a patient's data may go beyond treatment, care or payment. In the paragraphs that follow, I will describe how we learned about some flows of patient information that otherwise would have been hidden, and using that knowledge, how we assessed risks that inspired solutions.

(For full post, click link below)