Technology. Technical measures can protect privacy as well, although a relevant question is who decides to implement any given technical measure. From an individual standpoint, encryption and anonymizers are today the primary privacy-protecting technologies. That is, encryption of personal information can be used to ensure that such information can only be accessed with the express permission of the subject of that information, and that communications cannot be seen by others than those taking part in the communication. Anonymizers (e.g., anti-spyware tools, anonymous browsers) allow an individual to explore cyberspace (e.g., using e-mail, viewing Web sites) with a high degree of anonymity. In addition, anti-spam and anti-phishing technologies help individuals to be left alone and reduce the leakage of personal information. Technical safeguards to protect privacy are also available to the collectors of personal information, who may wish to protect such information to make individuals more willing or more comfortable about sharing information with them. For example, technologies are being developed that can screen out individuating characteristics in large-scale public data-gathering systems such as video cameras, and some statistical methods and data-mining algorithms have been developed that facilitate the anonymization of information without changing the important statistical properties of the information taken in the aggregate.
Policy. Policy measures, by which are meant actions that information collectors can or must take, are arguably the most important privacy protection tool. That is, privacy is much more an issue of who is permitted to see an individual’s personal information than of technologically restricting access to that information. People may be concerned about personal health and medical information being improperly disclosed, but this problem may arise at least as much as a result of policy decisions to make such information broadly accessible to relevant parties as from the activities of hackers breaking into medical databases. Policy measures fall into five generic categories:
Limits on the information collected and stored (data minimization). For example, often the most “obvious” efforts to enhance public safety or security are highly privacy-invasive (e.g., collect all possible data about individuals and mine it extensively). However, it may be possible, with some thoughtfulness early on, to collect a much more limited set of information that will still satisfy a given purpose. Collected information, once used, can also be deleted to prevent further use. Of course, such limits will be strongly resisted by information collectors who do not know in advance of collection the specific purposes for which they need information, and who see information as an opportunity to develop a resource that might be useful for an extended time. Note also that limits need not be formulated in all-or-nothing