Current computing technologies enable the collection, exchange, analysis, and use of personal information on a scale unprecedented in the history of civilization. These technologies, which are widely used by many types of organizations, allow for massive storage, aggregation, analysis, and dissemination of data. Advanced capabilities for surveillance and data matching/mining are being applied to everything from product marketing to national security.

Despite the intended benefits of using these technologies, there are also significant concerns about their potential for negative impact on personal privacy. Well-publicized instances of personal data exposures and misuse have demonstrated some of the challenges in the adequate protection of privacy. Personal data -- including copies of video, audio, and other surveillance -- needs to be collected, stored, and managed appropriately throughout every stage of its use by all involved parties. Protecting privacy, however, requires more than simply ensuring effective information security.

The U.S. Public Policy Council of the Association for Computing Machinery (USACM) advocates a proactive approach to privacy policy by both government and private sector organizations. We urge public and private policy makers to embrace the following recommendations when developing systems that make use of personal information. These recommendations should also be central to any development of any legislation, regulations, international agreements, and internal policies that govern how personal information is stored and managed. Striking a balance between individual privacy rights and valid government and commercial needs is a complex task for technologists and policy makers, but one of vital importance. For this reason, USACM has developed the following recommendations on this important issue.



1.             Collect and use only the personal information that is strictly required for the purposes stated in the privacy policy.

2.             Store information for only as long as it is needed for the stated purposes.

3.             If the information is collected for statistical purposes, delete the personal information after the statistics have been calculated and verified.

4.             Implement systematic mechanisms to evaluate, reduce, and destroy unneeded and stale personal information on a regular basis, rather than retaining it indefinitely.

5.             Before deployment of new activities and technologies that might impact personal privacy, carefully evaluate them for their necessity, effectiveness, and proportionality: the least privacy-invasive alternatives should always be sought.


6.             Unless legally exempt, require each individual's explicit, informed consent to collect or share his or her personal information (opt-in); or clearly provide a readily-accessible mechanism for individuals to cause prompt cessation of the sharing of their personal information, including when appropriate, the deletion of that information (opt-out). (NB: The advantages and disadvantages of these two approaches will depend on the particular application and relevant regulations.)

7.             Whether opt-in or opt-out, require informed consent by the individual before using personal information for any purposes not stated in the privacy policy that was in force at the time of collection of that information.


8.             Whenever any personal information is collected, explicitly state the precise purpose for the collection and all the ways that the information might be used, including any plans to share it with other parties.

9.             Be explicit about the default usage of information: whether it will only be used by explicit request (opt-in), or if it will be used until a request is made to discontinue that use (opt-out).

10.          Explicitly state how long this information will be stored and used, consistent with the "Minimization" principle.

11.          Make these privacy policy statements clear, concise, and conspicuous to those responsible for deciding whether and how to provide the data.

12.          Avoid arbitrary, frequent, or undisclosed modification of these policy statements.

13.          Communicate these policies to individuals whose data is being collected, unless legally exempted from doing so.


14.          Establish and support an individual's right to inspect and make corrections to her or his stored personal information, unless legally exempted from doing so.

15.          Provide mechanisms to allow individuals to determine with which parties their information has been shared, and for what purposes, unless legally exempted from doing so.

16.          Provide clear, accessible details about how to contact someone appropriate to obtain additional information or to resolve problems relating to stored personal information.


17.          Ensure that personal information is sufficiently accurate and up-to-date for the intended purposes.

18.          Ensure that all corrections are propagated in a timely manner to all parties that have received or supplied the inaccurate data.


19.          Use appropriate physical, administrative, and technical measures to maintain all personal information securely and protect it against unauthorized and inappropriate access or modification.

20.          Apply security measures to all potential storage and transmission of the data, including all electronic (portable storage, laptops, backup media), and physical (printouts, microfiche) copies.


21.          Promote accountability for how personal information is collected, maintained, and shared.

22.          Enforce adherence to privacy policies through such methods as audit logs, internal reviews, independent audits, and sanctions for policy violations.

23.          Maintain provenance -- information regarding the sources and history of personal data -- for at least as long as the data itself is stored.

24.          Ensure that the parties most able to mitigate potential privacy risks and privacy violation incidents are trained, authorized, equipped, and motivated to do so.

USACM does not accept the view that individual privacy must typically be sacrificed to achieve effective implementation of systems, nor do we accept that cost reduction is always a sufficient reason to reduce privacy protections. Computing options are available today for meeting many private sector and government needs while fully embracing the recommendations described above. These include the use of de-identified data, aggregated data, limited datasets, and narrowly defined and fully audited queries and searches. New technologies are being investigated and developed that can further protect privacy. USACM can assist policy-makers in identifying experts and applicable technologies.

Related Articles

Global Technology Policy Update – December 2016
ACM PUBLIC POLICY HIGHLIGHTS Cybersecurity Education and Research in Europe – The ACM Europe Policy Committee released a policy white paper “Advancing Cybersecurity Education and Research in Europe.” Committee Chair Fabrizio Gagliardi recently presented the find ...Read More

  • (Posted on 12-Dec-16)
  • Global Technology Policy Update – October 2016
    ACM PUBLIC POLICY HIGHLIGHTS Computer Science Education and Research in Europe – ACM Europe Policy Committee members will be attending the European Computer Science Summit in Budapest, Hungary on October 24-26, which features programs on the challenges and opportunities in ...Read More

  • (Posted on 09-Oct-16)
  • Global Tech Policy Update – September 2016
    ACM PUBLIC POLICY HIGHLIGHTS Cybersecurity in the United States – The ACM U.S. Public Policy Council submitted comments to the Presidential Commission on Enhancing National Cybersecurity. The comments address the challenges and possible approaches to strengthening cybersecu ...Read More

  • (Posted on 07-Oct-16)
  • Global Tech Policy Update – June 2016
    ACM PUBLIC POLICY HIGHLIGHTS Internet of Things – The ACM U.S. Public Policy Council submitted comments on the Internet of Things to the National Telecommunications and Information Administration (NTIA). The comments describe the challenges and opportunities arising from Io ...Read More

  • (Posted on 14-Jun-16)
  • U.S. Tech Policy Update – June 2016
    CONGRESS Tuesday, June 7, 2016 House Floor: H.R. 4904, MEGABYTE (Making Electronic Government Accountable By Yielding Tangible Efficiencies) Act of 2016 U.S. House of Representatives Markup: FY2017 Labor, HHS & Education Appropriations Bill Senate Appropriations Subcommittee ...Read More

  • (Posted on 06-Jun-16)