Privacy Handbook. Guidelines, Exposures,
Policy Implementation, and International Issues.
Albert Marcella and Carol Stucki
Wiley, 2003.
ISBN 0-471-23209-2. 357 pages. $80.00. Bibliography, index, glossary, two appendices (35 more appendices on the
companion web site)
Reviewed by Robert Bruen June 7, 2003
One of the most contentious issues of our time, privacy seems to have all but disappeared. We can try to use technology to protect our personal information, but those would discover our secrets also use technology. Since social pressures and moral arguments are ignored, we are left with two two main tools: our own awareness and the law. The privacy war has been underway for a long time with no clear end in sight. Some have given up, like the CEO of a large tech company who said several years ago that we should just get over the loss of our privacy. Of course, he makes $25 million dollars a year, so he can protect himself a little better than the rest of us.
About eight years ago, Bruce Schneier and David Banisar released the Electronic Privacy Papers which contained all sorts of laws, rules, memos, letters and more, documenting the sources for the war. Since that time a number of other books have come out furthering our knowledge of the problem. Marcella and Stucki have brought recent events together in a very useful Handbook. The law is where the war will be won. Without a good understanding of what laws impact our privacy, it will be difficult to fight back.
Privacy in the Information Age has more dimensions than the original problem. For one thing, the technology has allowed large databases, aggregation of data and information sharing. On another front, the internationalization of privacy issues has taken on a life of its own. The European approach is very different from that of America, for example.
Some of the recent changes are for the better. Many more web sites post a privacy policy. The HIPAA rules are now in effect to protect medical privacy. Some changes are introducing more problems, such as the DMCA has done. Of course, where you stand on the issues makes a difference as to whether a particular change is helpful or not, best illustrated by the PATRIOT Act.
The book covers all the recent laws which affect privacy. It also spends a lot pages on international efforts. It is a little surprising to learn which countries have a privacy rules built into their constitution when the US does not. Our privacy laws have been extended from language in our constitution, since privacy is not explicitly mentioned.
Most related concepts and terms can be found in the book with technical correctness and clarity without hyperbole. Each chapter has endnotes and the suggested readings is a good list, although the Electronic Privacy Papers was missing from it.
One of the great features of the book was a push for policy with a tool to help with an assessment of privacy. They state that it is not the be all and end all of assessment tools, but I found it a very good starting point. This is especially important if a government or a business is serious about privacy for staff, clients and citizens, perhaps even looking to establish a Chief Privacy Officer position.
My biases involving privacy should be clear, but any objective review of this book will find it well researched, well organized and a most useful addition to any privacy bookshelf. Highly recommended in spite of the price.