The Information Commissioner’s Office (ICO) has issued brief
guidance to bring to a wider audience the use of privacy enhancing
technologies, or PETs, to help protect people’s personal
information.28 Apr 2006
PETs have traditionally been considered to be software and other systems which allow individuals to withhold their true identity when using electronic systems, such as anonymous web browsers, specialist email services, and digital cash.
However, the ICO considers them to include any technology which exists to protect or enhance an individual’s privacy. So a system that allowed a doctor to see all the details of a medical record but only allowed the receptionist to see the contact and administrative information would be using a privacy enhancing approach.
Deputy Information Commissioner David Smith believes the technologies can be "a winning strategy" for the businesses which install them. "They help reduce the risks of privacy breaches and the significant costs associated with them at the same time as building trust among customers and clients," he said.
The ICO’s note provides some examples of the use of PETs, including:
- Encrypted biometric access systems that allow the use of a fingerprint to authenticate an individual’s identity without retaining the actual fingerprint;
- Secure online access for individuals to their own personal data to check its accuracy and make amendments;
- ‘Sticky’ electronic privacy policies that are attached to the information itself preventing it being used in any way that is not compatible with that policy.
The guidance does not go into any detail on these PETs.