Kindergarten Privacy

I was asked a most intriguing question the other day.  How would I describe privacy concepts…to a four year old?

Why intriguing? Privacy is a hard concept to describe. What is or should be private information is invariably contextual. Some information may be considered “private” in one set of circumstances but perfectly acceptable for public release in another. In some respects, one could easily invoke the “I know it when I see it” test, perhaps most famously remembered from Mr. Justice Stewart’s opinion in Jacobellis v. Ohio, 378 U.S. 184 (1964):

“I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description; and perhaps I could never succeed in intelligibly doing so. But I know it when I see it…”

If one wants to delve further into the topic of describing the complexity of privacy, I recommend Dan Solove’s book, Understanding Privacy.

So, how would one begin to explain privacy and personal information protection to a four year old?

Robert Fulghum’s 1986 book of essays All I Really Need To Know I Learned in Kindergarten brought home the point that the world would be a better place if we remembered to act according to the same rules children learn in their first days of schooling – look at everything around us and live by core principles involving balance and mutual respect. Since its publication, it has been parodied as well as used as the framework for communicating any number of concepts – both simple and complex.  In trying to understand privacy, especially international privacy where the rules vary in scope and application across a number of countries, Mr. Fulghum’s “framework” – with suitable apologies – just might come in handy.

In the context of sharing toys between playmates, some of the basic concepts could be explained as follows:

“Ask First”

If you want to play with someone else’s toys, you should ask first and explain what you want to do with them.  In personal information protection terms, this means notice and consent. And, just as in wanting to play with someone else’s toys, be reasonable.

“Tell Them Who Is Going To Take Care Of The Toys”

Accountability. Maybe a big word for a four year old but it’s a good concept to instill at a young age, especially when more than one might play with the toys on a playdate.  It’s also a good concept for organizations to focus on – many organizations hand privacy off as a secondary function to one or more business units and it subsequently drops down in terms of priority and resources – usually until a breach occurs. Too many organizations seem to have a privacy policy and a privacy officer and not much else.

“Only Do What You Said You’d Do”.

Don’t assume that if they let you play with their toys you can do anything you want with them. In privacy terms, this is reflected in the concepts of limiting the collection, use and disclosure of personal information to those purposes identified in the privacy notice, privacy policy or applicable legislation.

“Take Care of Them While You Have Them”

Safeguards or security. It doesn’t matter what term is used. Just don’t lose the toys or leave them somewhere where someone could take them. Or, in privacy terms, don’t be reckless or negligent so as to lose personal information.

“Don’t Keep The Toys Forever”

The concept of limiting retention: most, if not all, privacy statutes do not specify retention periods – only that organizations should establish them. Record retention policies, coupled with secure destruction policies, crystallize retention periods for all the information held by the organization and should force an organization to think in terms of the “lifecycle” for their information holdings.

“If They Ask to See Their Toys, Let Them”

Think of this as an expression of the concept of access in the plainest of terms. An important point to note is that it is not just the information provided by the individual concerned but also whatever the organization generated about the person. The exceptions to the rules become important here, especially in healthcare.

“If You Do Something Bad, They Can Tell Mom”

That’s not, in any way, shape of form, a reference to Jennifer Stoddard! Just a statement that there is someone to whom they can complain.  Keep in mind, in Canada, people can challenge the compliance of organizations by reference to data protection authorities.

Maybe privacy can be reduced to kindergarten terms. Anything that might represent a simple and easy way to let people understand the basic concepts of privacy is helpful. In one sense, privacy is about respecting personal dignity and we can all use more of that in this world. After all, it’s really people who protect privacy not policies or technology.

12 Responses to “Kindergarten Privacy”

  1. […] interessanter Ansatz zur Erklärung des Begriffes “Privatsphäre” – Michael Power: “How would I describe privacy concepts…to a four year old?” So, how would one begin to explain privacy and personal information protection to a four year […]

  2. Concise and to the point. Well done.
    To often people confuse privacy with security and data encryption. While there are methods to protect information the basis of privacy is consent and reasonable care.

  3. You made ‘privacy’ real clear, well said, thanks!

  4. Michael, this is on the money! Well done.

  5. Hi Michael, what a fabulous piece of article! I have enjoyed your analogy immensely. It would also be fantastic to use this concept to provide privacy training to my ministry’s staff. Hey, even four-year olds can know this, what do you think folks? 🙂 Thanks again for your ingenious posting!

  6. Now all we need is someone to tell when Mom violates the guidelines. Perhaps if all us kids band together…

  7. Had to laugh at the timing of this, as I got into a rather in-depth discussion with my four-year-old, on Sunday night about what Mommy does at work. And why it’s important. I drew some pretty blank looks.

    After reading this, and trying out your analogy on her, we had much greater meeting of the minds on Monday night!

  8. Very well done Michael. While I’m not one to confuse Security over Privacy, I do realize you cannot have the latter without the former. With that, I solicit your permission to leverage these messages in my ongoing awareness campaigns to adults and children alike.

  9. Michael, this is a wonderful post. I hope you don’t mind if I incorporate your concepts into my training program this year.

  10. What they said: good idea, nicely executed!

  11. Yes Michael, great stuff! John G. brought this to my attention – I am speaking to my son’s 1st grade class about privacy tomorrow (career day)! Excellent!

  12. […] Kindergarten Privacy by Michael […]

Leave a Reply