Information privacy is the security of personal data collected by businesses, government agencies, and other entities for the purpose of providing products and services, or for research activities. In many nations, specific legal mandates cover some types of personal information, like bank and medical records. These laws require collecting parties to exercise caution in how they store, use, transmit, and share information to protect the privacy of their customers.
Companies that collect information may be obliged to do so via secure means, and to store their information in a secured location where access is limited to specific personnel. These organizations may also need to publish information privacy statements, disclosing how the data will be used and making customers aware of any applicable laws. Companies cannot transfer or sell some personal information without specific authorization; for example, a phone company might be allowed to give out customer addresses to marketing partners, but a doctor cannot hand over a patient’s medical chart to anyone who asks for it.
As databases grow, issues like data retention can arise. Information privacy requires companies to keep information secure in the long term, and a company may opt to control the amount of data it needs to store by purging old records. In records purges, companies may not destroy certain kinds of information; for example, doctors need to keep patient records for a set period of time, after which they can shred charts and other medical information. The security of databases on old systems can also be a cause for concern, as outdated system architecture can leave data vulnerable to attack.
On the Internet, information privacy is a particularly large concern among some consumer advocates. Many websites collect browser information through embedded cookies as well as forms visitors can fill out. This information can potentially create a mine of data that might be useful to hackers and other entities, including government agencies or employers that want to monitor private Internet activities. Finding secure ways to collect, store, and display data is an ongoing effort among privacy organizations, as is consumer education about how to protect and secure data.