What's the meaning of 'privacy'?

* Can we all agree on the meaning of 'identity', 'privacy' and 'personal'?

In the past few issues, I've been talking about vendor offerings in the identity management space. I'll get back to the conversations I've recently had with vendors next week, but a couple of things have popped up that - unless I deal with them now - I'm liable to forget.

A couple of years ago, at the urging of Ed Harrington, chairman of The Open Group's  Directory Interoperability Forum, I spent a few issues talking about the taxonomy of identity - the meanings, usages and relationships of the terms we use. As I said then, definitions of words can shift faster than a sand dune in a windstorm.

The only way to quickly and efficiently move to where identity management becomes a reality rather than a goal is to first agree on the meaning of the terms we use to describe the reality and those goals. A bit later, I was pleased to write that PingID chairman and CEO Andre Durand had also tried to define a taxonomy for identity management. His three tiers of identity management: personal identity, corporate identity, and marketing identity were remarkably similar in design, structure and relationship to Harrington's hierarchy of identity, persona and role. We kicked the terms around for a while, but no one took up the challenge to create a standard taxonomy.

Last week, I read a lament by Timothy Grayson (he works for the Canadian Postal Administration, but likes to talk about identity) called "I guess I just don't understand Privacy" http://timothygrayson.com/blog/archives/000737.html.

It seems that a Canadian Privacy Commissioner had ruled that those sometimes annoying inserts that come along with your bank statement amounts to a breach of the customer's privacy. Read the whole entry by Grayson (and the articles he links to) as it's much too long to re-create here. But I do like his reasoning:

"To be an invasion of one's privacy presumes that all communication and contact with a person has to be approved by the recipient. The logical extent of this is that there can be no communication because the initial mover is prevented from moving. That logical extent is, of course, ridiculous. But what it does present is bold relief of the inherently unworkable nature of a 'privacy culture' that extends the definition of privacy in this excessive, individual-centric way."

In other words, we need some generally understood definitions of terms like "privacy," "identity," "personal information," etc. How can we ever hope to move to a worldwide, federated, everybody's-included identity metasystem if we can't even agree on the meaning of "identity" and "privacy" and can't tell which information is "personal" and what isn't?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.

IT Salary Survey: The results are in