On Privacy

Image of Vaxholm Fortress gate, by “Rhododendrites.” Creative Commons License.

Readers of a certain age will remember the experience of going to a professor’s office after an exam to find their grade, the list of doom or celebration taped to the office door. At best, individuals were identified by their student ID number, but more often, it was just last name-first initial-grade. Childress, H. ………. B+, there for everyone to see in the alphabetical list of forty other kids. We don’t do that any more, and we’d be appalled to see it, but in the 1970s, that was normal.

By the time I was professionally involved in higher ed, our daily work was governed by FERPA, the Family Educational Rights and Privacy Act. Without a student’s individual and direct permission, we couldn’t say anything about a student at all except that they were or were not enrolled. FERPA can be overridden by a subpoena, of course, or by law enforcement if they declare an immediate public-safety concern, but in general, we didn’t say nothin’ to nobody.

Medical records are governed by a similar law, HIPAA, or the Health Insurance Portability and Access Act. The premise is the same: your health is your business and no one else’s. (The Insurance part of that is important, though, because it means you don’t really have privacy control over your medical records at all. Your health insurance providers can read the whole thing.)

The notion of privacy is that our information is an extension of our selves, and that we deserve the same autonomy over that information as we do over our bodies. We decide who knows what about us: we “let someone in” or “shut someone out,” opening and closing doors differentially depending on who’s asking.

Sometimes the door is literal; physical barriers are one of the strategies of privacy protection. Others include distance and isolation; reserve and non-engagement; intimacy with selected others that makes it clear the rest of the world isn’t welcome to our small, shared circle; and anonymity, in which things about us might be known but nobody knows or cares who we are (e.g., what happens in Vegas stays in Vegas).

Privacy has always been less than absolute, just as every individual right is less than absolute. Hester Prynne’s scarlet letter was the 17th-century version of contemporary sex-offender registries, a legal claim that one’s sins should be visible to all. In our “big data” age, we surrender privacy every minute, mostly in ways we haven’t considered. But epidemics raise privacy concerns in different ways, and some people feel that their safety is compromised if the infected aren’t wearing a big red C.

The fact that the virus can be spread without symptoms, and that a quarter of people with COVID never develop symptoms, is a few steps too far for some people to track. Easier to decide that some people are unsafe and call it enough. Let “them” change their behavior; I need a haircut.

Now, as our Town’s emergency management director, I know some things and hear some other things that I don’t share. Unlike my statistics class at Michigan Tech in Winter 1977, I’m not going to be posting people’s grades on the door, or the town website. It’s neither my business nor anyone else’s. Those who are sick—with ANY illness, from measles to cancer—deserve to manage their own information, as would be true in any other circumstance. We aren’t shunning or excommunicating anybody. We’re in this together, as we always are.