We all prefer to exercise some control over what information we divulge about ourselves and the uses to which that information is then put. This has less to do with any tendency towards secretiveness and more to do with an interest in ensuring that our information is put to use in ways that we’re happy with. The privacy issue involved here is referred to as ‘secondary use’ and is one that the UK insurance sector has fallen foul of in recent times. I’ll be looking at ‘secondary use’ in this and a subsequent post.
Secondary use is the use of data for purposes unrelated to that for which it was initially collected, without the consent of the person involved. The public find secondary use troubling for a number of reasons. Firstly, when information is removed from the original context in which it was collected, it is more likely to be misunderstood or misconstrued. Such misunderstandings occur because someone disclosing a particular bit of information in one context for a purpose that fits that context may omit explanatory details that become crucial when that information is then used in another context. This is more common than we may at first hand think. We all tend to emphasise different aspects of a person or of an event, depending on the context in which we are discussing it.
Secondly, we are concerned about secondary use because it makes us feel uncertain about giving up our data in the first place. Not knowing how our data may be used in the future, or by whom, and not knowing how it may be misconstrued in a secondary context, can lead to feelings of insecurity and vulnerability.
And finally, it troubles us as a breach of trust, perhaps even of confidentiality, under the terms (formal or informal) to which we agreed the original disclosure. If a firm doesn’t respect the terms under which the information was divulged to it by its clients, then it could well face questions about the trust its clients have in the products and services it provides. Trust isn’t something the public applies selectively to what a firm gets up to.
An important feature of secondary use is the extent to which consent was sought, and then given, about the uses to which the information is to be put. If consent is to have any meaning, it has to be respected, be it in the context of medical, legal or financial services. Someone thinking of downplaying consent when designing an insurance process might want to consider how they would want their own clinical records handled in a medical context.
We all gain collectively from consent being respected and it is this which moves secondary use from being an issue about any one individual’s information and turns it into an issue that’s of concern to society as a whole.