PETs have traditionally been considered to be software and other
systems which allow individuals to withhold their true identity
when using electronic systems, such as anonymous web browsers,
specialist email services, and digital cash.
However, the ICO considers them to include any technology which
exists to protect or enhance an individual’s privacy. So a system
that allowed a doctor to see all the details of a medical record
but only allowed the receptionist to see the contact and
administrative information would be using a privacy enhancing
approach.
Deputy Information Commissioner David Smith believes the
technologies can be "a winning strategy" for the businesses which
install them. "They help reduce the risks of privacy breaches and
the significant costs associated with them at the same time as
building trust among customers and clients," he said.
The ICO’s note provides some examples of the use of PETs,
including:
- Encrypted biometric access systems that allow the use of a
fingerprint to authenticate an individual’s identity without
retaining the actual fingerprint;
- Secure online access for individuals to their own personal data
to check its accuracy and make amendments;
- Software that allows browsers to automatically detect the
privacy policy of websites and compares it to the preferences
expressed by the user and alerting the user to any clashes, known
as P3P; and
- ‘Sticky’ electronic privacy policies that are attached to the
information itself preventing it being used in any way that is not
compatible with that policy.
The guidance does not go into any detail on these PETs.
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
