Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Privacy and DV, and Org. Strategy'

Privacy and Dataveillance,
and Organisational Strategy

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 26 August 1997

© Xamax Consultancy Pty Ltd, 1997

Private use of this document is approved, including printing of a copy, provided that the authorship and source remain associated with the copy. Copying of the whole or a substantial part of this document requires the copyright owner's approval, whether for private or for commercial purposes.

This document is at


An earlier version of this paper was presented as a Keynote Address to the Conference of the I.S. Audit & Control Association ( EDPAC'96), in Perth, Western Australia, on 28 May 1996.


The public is increasingly wary of the power that IT offers organisations. They are increasingly sceptical about companies and regulatory agencies that use personal data in unreasonable ways, and that apply dataveillance technologies such as data matching, profiling, video-surveillance, chip-cards and biometric identification without adequate justification or without appropriate safeguards.

One result of that concern is that demand for greatly enhanced privacy regulation is now close to critical mass. Legislation for the State public sectors, and for the private sector generally, must be anticipated in the very near future.

Another implication is that organisations that are slow to appreciate these new realities risk suffering the consequences; whereas those that move proactively to gain a competitive or strategic advantage from their privacy stance will reap the benefits.

Organisations that deal in personal data or apply dataveillance technologies need to urgently adopt a positive stance to this issue. This involves incorporation within corporate strategy, detailed planning and implementation, and the embedment of privacy-sensitivity in organisational culture and in computer-based systems.

Auditors should be examining corporate mission statements and strategic plans, to ensure that the organisation is adopting an appropriate stance in relation to personal data and privacy-intrusive technologies and practices. Information systems auditors need to examine plans, policies, manual and automated procedures and practices, for compliance with the law, and with corporate privacy strategy and policy.



Privacy has been a mainstream issue in Australia since Zelman Cowen's Boyer Lecture Series a quarter-century ago (Cowen 1969). For many years, the public sector has held the threat of regulation at bay, and only the Commonwealth Parliament has actually passed any substantive legislation. The private sector has, with the exception of the credit-granting industry, also succeeded in avoiding the imposition of controls.

The party's over. With the ever-growing power that information technology (IT) has conferred on companies and government agencies, public concerns have reached the point where legislative action is now inevitable in several States, and, following commitments by both the old and new governments, further legislative action is inevitable at federal level.

The primary purpose of this paper is to present the manner in which companies and government agencies can adopt a strategic approach to the issue. In order to do so, it is first necessary to review the concepts of privacy and dataveillance, and some of the technologies that are bringing public focus to bear. The concerns that theorists have described, and that the public have said that they feel, are then summarised. Existing laws are briefly reviewed. The especially exposed industry sectors are identified, and the signs of imminent change described.

The paper's original contribution comprises the application of strategic management thinking to the challenge confronting businesses and bureaucrats. Some general proposals and some specific proposals are provided, and the special topics of anonymity and pseudonymity addressed. A substantial set of electronic resources and a reference list are provided.

Privacy and Dataveillance

Contemporary society involves large institutions, such as the Taxation Office, the Department of Social Security, Medicare, banks and insurance companies, operating at great 'social distance' from individuals. People do no feel any great affinity to these institutions, and in some cases their morality in their dealings with such organisations is not high.

To guard themselves against human errors, misdemeanours and fraud, these organisations have come to apply a high degree of 'information intensity' to the administration of their relationships with individuals. Associated with these practices has been the explosion of information technologies, including the digital computer, data capture devices, storage devices, and local and tele-communications.

From these technologies has emerged the phenomenon of 'dataveillance' ( Clarke 1988). This is the monitoring of people not through their actions, but through data trails about them. Monitoring of identified individuals is referred to as personal dataveillance, and of whole populations as mass dataveillance.

The physical surveillance of individuals is generally fairly apparent, and oppressive. Dataveillance is less overt, and more surreptitious. It is applied not to the individual themselves, but to a data-shadow of the real person, or 'digital persona' ( Clarke 1994a). It sustains the feeling of oppression, but adds to it fears of the unseen and unknown, and significant risks of error, ambiguity and misinterpretation.

Compared to physical surveillance (such as the monitoring of people from watch-towers and by sitting in cars outside houses, and using telescopes and directional microphones), and electronic surveillance (monitoring people using 'bugs' and telephonic interception), dataveillance is far cheaper and far more capable of being automated. IT has brought about a very considerable increase in the privacy-intrusiveness of organisations' operations, and resultant serious public concern about the inadequacy of privacy protections.

'Privacy' needs to be distinguished from the restricted and specifically legal notion of 'confidentiality', which refers to the duty of individuals who come into the possession of information about others, especially in the course of particular kinds of relationships with them. Both 'privacy' and 'confidentiality' are anglo-saxon notions, and are not always readily translatable into other languages. The idea of 'data protection' arose on the Continent during the 1970s. Unlike 'privacy', which focusses on people, 'data protection' focuses on data about people. The European perspective is that privacy is too abstract and diffuse to regulate, whereas data-handling practices can be more easily subjected to regulation. Indeed, most anglo-saxon legislation is more concerned with 'fair information practices' than with privacy protection per se. The German constitution has subsequently been read to imply a right of individuals to 'informational self determination', which appears to bring the European ideas back somewhat closer towards those discussed in english-speaking countries.

Privacy is sometimes depicted as a 'right'. In most jurisdictions, however, it is not a 'legal right'. Moreover, although it may be argued to be a 'moral right', exercise of a privacy right by one person frequently generates conflicts with other people's privacy rights. It also generates conflicts with other kinds of rights and interests, at the levels of individuals, groups and societies-at-large.

Rather than defining it as a right, a more practicable approach is to treat privacy as:

the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations.

Hence privacy regulationis most usefully seen as the process of finding appropriate balances between multiple competing interests.

Privacy has the following dimensions:

With the close coupling that has occurred between computing and communications during the last 15 years, the last two aspects have become closely linked, and are commonly referred to as 'information privacy'.

Because there are so many dimensions of the privacy interest, and so many competing interests, at so many levels of society, it is challenging to formulate general rules about privacy protection. In many cases, it is more constructive to establish general principles, subject all relevant parties to them, and ensure that mechanisms exist whereby the principles can be applied in specific settings, and disputes among the relevant parties resolved.

A Scan of Relevant Information Technologies

There are many long-standing instances of IT which are significantly privacy-intrusive. Examples include:

In recent years, a number of additional technologies have been maturing and some early applications have become operational, which have substantial potential as tools of surveillance. Examples include:

Theoretical Concerns

Analyses of privacy-intrusive behaviours and technologies are available (e.g. Rule 1974, Foucault 1977, Kling 1978, Rule et al 1980, Burnham 1983, Marx & Reichman 1984, OTA 1985, OTA 1986, Roszak 1986, Laudon 1986, Clarke 1988, Flaherty 1989, Bennett 1992, Davies 1992). Key concepts include the 'information-intensity' of administration during the twentieth century, resulting in the collection, maintenance and dissemination of ever more data, ever more 'finely grained'.

The 'information-intensity' phenomenon has arisen from the increasing scale of human organisations, making them more remote from their clients, and more dependent on abstract, stored data rather than personal knowledge. Other factors have been an increasing level of education among organisations' employees, the concomitant trend toward 'scientific management' and 'rational decision-models', and, particularly since the middle of the century, the brisk development in IT.

On a more practical level, this author has undertaken an analysis of why the public is scared of the public sector ( Clarke 1993a). This identified a range of specific concerns, including the powers government agencies have:

A similar analysis of why the public is concerned about particular private sector behaviours would be likely to identify many similarities, and some distinct differences. Relevant sources include Packard (1957, 1964), Larsen (1992) and Gandy (1993).

Public Opinion

In order to understand public attitudes to privacy, however, it is dangerous to restrict oneself to only the legalistic, the bureacratic and the socio-philosophical perspectives. Theoretical analyses are all very well, but they tend to lead public opinion, and sometimes even to miss it. For most people, privacy is utterly abstract until it's suddenly gut-wrenchingly, viscerally concrete; and for each individual, that arises in one or more quite specific situations.

Surveys have been conducted of public attitudes to privacy in several parts of the world. In the U.S.A. and Canada, A series of studies has been undertaken by Louis Harris & Associates and Alan Weston, relating to both the U.S.A. (e.g. Equifax 1992) and Canada (e.g. Equifax 1995). A consumers association also recently conducted a survey (PIAC 1995). Surveys have been conducted by the U.K. Data Protection Commissioner. A small academic literature also exists (e.g. Tolchinsky et al. 1981, Woodman et al. 1982, Katz & Tassone 1990, Culnan 1993).

In Australia, a great deal of anecdotal evidence exists which evidences the public's attitudes to privacy; for example, the public demonstrations and the dramatic flood of letters to newspaper editors that expressed opposition to the Australia Card proposal in 1987; and the strong reactions engendered in the public by talk-back radio hosts and television programs from time to time, on a wide variety of topics. While memories of the Australia Card debates persist, there is likely to be considerable and vociferous public opposition to any initiative which is perceived to involve a 'mega data pool' and/or an identification card, especially if it contains a chip.

Some of the stronger public reactions are undoubtedly significantly influenced by media coverage or stirring oratory. The claim of the media and orators alike, however, is that they cannot create snowballs; their impact is significant only because there is already a latent feeling of concern, and the reporter or speaker merely strikes a chord or a raw nerve, or provides a nucleus for the expression of opinion. The Annual Reports of the N.S.W. Privacy Committee (NSWPC 1975-) and of the Privacy Commissioner (HREOC 1989-), which include both reports on specific issues, and specific cases, provide ample evidence of a very wide range of specific concerns.

Beyond anecdotes and cases studies, very little formal research has been undertaken. The only significant study that appears to have been undertaken is a series of surveys between 1991 and 1994 by the Privacy Commissioner's Office (HREOC 1995). Key findings from this research are summarised in Exhibit 1.

Exhibit 1: Key Findings from the Privacy Commissioner's Surveys 1990-94

The Commission for the Future has recently commissioned a study of smart cards in consumer financial services, whose scope includes privacy aspects. In addition, MasterCard International has undertaken a study of the Australian public's attitudes to privacy, particularly in relation to payment cards. A brief report is provided in Clarke (1997).

Existing Laws

Some limited intrinsic protections exist. Conventional means of submitting people to surveillance requires physical resources, specifically people to do the monitoring. It is accordingly expensive, and, in most societies, including Australia's, its use is restrained. Dataveillance, on the other hand, is automated and cheap. With the economic restraint removed, it could be expected to burgeon, and an empirical study of the use of computer matching ( Clarke 1995b) showed this to be the case.

Other possible protections include political factors (e.g. negative media exposure might cost the perpetrator dearly), and social factors (e.g. employees may feel discomfort in invading the privacy of their employers' clients; and professionals may be prevented by their Codes of Ethics from some kinds of behaviour). There is little evidence, however, that such factors act as a significant control on privacy invasions.

There are also a number of largely accidental protections in the common law, such as the torts of confidence and passing off. Studies during the last thirty years have shown that these protections are limited in scope, complex, and of negligible effect.

Commencing in about 1970, most nations in Australia's reference group recognised the need for action, and enacted substantial legislation establishing controls over privacy-intrusive practices. The first round of statutory initiatives created general controls, whereas the more recent 'second wave' is addressing specific industry sectors and particular practices. For reviews of existing privacy protection regimes, see Smith (1974-), Flaherty (1989), Madsen (1992) and Bennett (1992).

Inconsistencies among the various national schemes have given rise to concerns that international trade may be adversely affected. Several supra-national organisations such as the European Community and the Organisation for Economic Co-operation & Develoment have accordingly sought to encourage harmonisation of the regimes. The most commonly cited international document relating to the protection of information privacy is the OECD Guidelines (OECD 1980) and the associated OECD Principles.

Australia's response to the need, however, was very slow and very limited. One State has had a watchdog agency, the Privacy Committee of N.S.W., in place for 20 years, and some form of substantive legislation has seemed imminent on several occasions; but no Bill has ever been passed. Other States have examined the need for privacy protections, but no watchdog agencies currently exist, there is almost no legislation, and there are few sets of guidelines of any consequence. For reviews of the law in Australia, see Tucker (1992), Hughes (1991), the Australian Legal Information Institute (AustLII) generally, and Privacy Law & Policy Reporter's Australian Privacy Guide more specifically.

At federal level, the Commonwealth Privacy Act was passed only in 1988, and only then as a means of gaining the Senate's support for substantial and highly privacy-intrusive enhancements to the Tax File Number scheme. This author prepared a brief summary of the original statute (which has since been amended). The Privacy Commissioner publishes a loose-leaf, periodically updated compendium of privacy-related Statutes, Regulations, Guidelines, Determinations, Codes of Conduct and Compliance Notes (HREOC 1992-).

The Privacy Act effectively entrenched a great many existing practices within the Commonwealth public sector, but did establish a range of controls over agencies' practices, and has led to a greater degree of openness and confidence among agencies in their dealings with the public. Critically, it established a permanent 'watchdog', the Privacy Commissioner, who operates within the context of the Human Rights & Equal Opportunities Commission.

During 1995, the then Labor Government had committed to enacting privacy regulation in relation to the private sector. In September 1996, the new Coalition Attorney-General published a Discussion Paper embodying a similar proposal. An overview of the situation is available.

In addition, N.S.W. continues to deliberate over its intended statute to regulate its public sector; and during the second half of 1996, Victoria has in place a Data Protection Advisory Council, which is to recommend the form of legislation appropriate in that State.

The 1988 statute is merely a 1970s regime introduced later than in other countries in Australia's reference group. By the mid-1990s, new waves of IT were being introduced in a regulatory vacuum: very little framework exists, within which sophisticated privacy protections can be devised to cope with modern technology.

Particularly Exposed Organisations

Industry sectors and government agencies vary in the extent to which their operations involve privacy-intrusive acitivies. Some agencies in the public sector handle very sensitive data about people, some of it because this is intrinsic to their function, and some because they judge that they need to do so in order to perform their functions properly. Examples include:

With the exception of law enforcement and national security, which are exempt from all, or at least critical portions, of the existing privacy legislation, Commonwealth agencies are generally subject to the Privacy Act.

State government agencies are in general subject only to incidental privacy regulation, although some are nominally required to comply with vague policy documents. Some of the more serious abuses which have been subjected to public scrutiny have related to records of the Department of Social Security, N.S.W. motor driver licensing, and the Health Insurance Commission (ICAC 1992).

Private sector corporations which are especially exposed to the risk of criticism about privacy-intrusive behaviour, variously by customers, the general public, advocacy groups, watchdog agencies and the media, include the following:

Moreover, many seemingly minor holdings of personal data can leap into the public eye, and be subjected to regulation; for example, the personal data records in the U.S.A. which are subject to the greatest degree of regulation are those of video-rental stores. (This was a result of the publication of the records of Justice Bork, when he was being considered by the U.S. Senate for elevation to the Supreme Court).

In general, little or no privacy protection exists in relation to corporate behaviour. A major exception is credit-granting which was subjected to the Privacy Act in 1989.

Harbingers of Change

Since the passage of the Privacy Act in 1988, several developments have occurred. Coverage has been extended to an additional industry sector ( credit reporting, through the Privacy Amendment Act 1990), to an additional class of data ( 'spent' criminal convictions - Crimes Act Part VIIC), and to a specific technique ( data matching - the Data-Matching Program (Assistance and Tax) Act 1990).

In addition to domestic demands for greater protections, another driver has been the international imperative. One important consideration is the covertly protectionist initiatives of the European Union. Others include the international nature of financial transactions, and the importance of software products having export potential.

There has been increasing recognition of the need for comprehensive privacy legislation affecting the entire private sector, within which specific sectors and activities can be considered. This is evident not only from the general punlic, the media and advocacy groups, but also from corporate executives and industrty associations, including the Australian Direct Marketing Association. Nor is this merely an Australian phenomenon: the conservative business magazine, 'The Economist', recently called for adoption of privacy laws affecting the private sector, arguing that "There is little reason to suppose that market-driven practices will by themselves be enough to protect privacy" (Editorial, 10 February 1996).

However, the regulation of advanced technologies in Australia is hamstrung at present by the lack of a generally applicable framework for protecting privacy. The Information Privacy Principles (IPPs) embodied within the Privacy Act were written to apply to public service practices, and are long, legalistic and defensive. Their appropriateness as a starting point for the regulation of private sector practices is accordingly very limited.

The then Labor Government made a firm commitment to proceed with regulation of the private sector during 1995, indicating a clear preference for aspects of the New Zealand legislation, and in particular the enactment of statutory general principles and the creation of subsidiary industry and activity codes. The platform of the new Government elected in March 1996 includes reform of privacy laws as "a matter of the utmost priority" (Greenleaf 1996).

The OECD Guidelines, promulgated in 1980, are fairly abstract, and have not been updated to take account of developments in technology generally and data surveillance in particular. For example, they fail to contemplate:

There is also a serious lack of clarity about some matters. One of these is the notion of 'public registers'. There are indeed databases such as the Telstra White Pages, the Electoral Roll, the Births, Deaths and Marriages Registers, and the Land Titles Register, to which members of the public generally have access. They have access, however, for a particular purpose (which may be explicit or merely well-understood). The OECD Guidelines, and virtually all other sets of Principles, restrict access to data on the basis of purpose. That Principle must be applied to these registers as well, and hence they are not unrestricted, as the term 'public registers' implies.

In addition, privacy-protective frameworks conceived in the context of 1970s technology have been undermined by significant subsequent technological change.

The OECD Guidelines therefore provide a reference point which continues to be used by governments, industry associations and corporations when they set out to establish legislation and codes of practice; and the IPPS embodied in the Privacy Act provides a set of pre-existing Australian law. But the significant deficiencies of those two sources need to be allowed for, through supplementing them, and interpreting them with the assistance of more recent sources. These include:

Strategic Management

'Strategic management' is a body of thought that expresses the orthodox understanding of the nature of competitive advantage, and how it can be achieved. Its application to information technology has been summarised by this author in Clarke (1994b).

The essence of the theory is that five key 'forces' make up the structure of any industry segment:

Enterprises, through their strategies, can influence the five forces and the industry structure, at least to some extent. Major competitive moves made by a corporation are referred to as strategic thrusts, and are classified into:

The most important of these, at least for the purposes of this analysis, are differentiation and innovation. Ways in which an organisation can stand out from its competitors are broadly classified into product differentiation (in particular quality, features, options, style, brand name, packaging, sizes, services, warranties and returns); price (i.e. list, discounts, allowances, payment period and credit terms); place (such as channels, coverage, locations, inventory and transport); and promotion (including advertising, personal selling, sales promotion and publicity).

A supplier that is able to achieve sufficient differentiation is able to gain customer loyalty, by raising the 'switching costs' of changing to another supplier. Switching costs may be real or psychic in nature. Successful differentiation measures also serve as an entry barrier against the emergence of new competitors.

Corporations which innovate successfully achieve 'first-mover advantage' and force their competitors to seek to neutralise that advantage. If the innovation embodies a skilfully woven pattern of differentiation features, it may enable the first-mover to sustain the advantage. Differentiators are therefore at their most effective if they are aligned with the corporation's general strategy, and 'cross-leverage' existing advantages.

The theory is strongly oriented towards the private sector, and less obviously applicable to organisations that are not subject to powerful market-based competitive forces, such as not-for-profit enterprises, industry and professional associations, and, of course government agencies.

In the public sector, strategic thinking has much less to do with advantage over competitors, but instead needs to be expressed in terms of perceived performance against effectiveness, efficiency and evolutionary objectives, combined with the benefits delivered to stakeholders. Strategic thinking in 'low-competitive contexts' is examined further in Clarke (1996a).

Organisational Strategy and Privacy

Corporations can adopt several alternative approaches to privacy and dataveillance. One approach is to deny that these issues have any strategic significance for the organisation. That may be tenable for some companies, but certainly not for those identified earlier as having particular exposure to the risk of negative impacts of the privacy issue.

Another approach is to 'wait and see'. This is consistent with the assumption that there is unlikely to be a significant first-mover advantage available to the organisation's competitors. In such circumstances, it may be satisfactory to adopt a reactive approach to risk management. As and when problems arise (such as accusations of privacy-intrusive behaviour by the media, unions, privacy advocacy groups, privacy watchdog agencies, or influential individuals), the corporation can use conventional media management techniques to achieve damage control.

A slightly more proactive approach involves preparation for the more likely contingencies, and pre-planned damage control procedures. This might include an abstract statement of the organisation's commitment to protect the privacy of its stakeholders, perhaps included in the annual report, or posted on the wall in reception areas.

The most constructive approach that can be adopted is to implement privacy-protective innovations, as a means of differentiating the organisation from its competitors. The following section describes the many necessary elements of such an aggressive approach.

A similar set of alternatives is available to organisations in the public sector.

In the State public sectors, many agencies have successfully ignored the issue to date. However some State government agencies, and, following the passage of the Privacy Act and the educational campaigns conducted by the Privacy Commissioner during the early 1990s, most federal government agencies, have adopted a reactive approach. This involves measures to ensure conformance with the minimum requirements of the law.

In many cases, federal government agencies have gone beyond the merely reactive to the establishment of formal procedures for the handling of complaints from individual clients, and from regulatory authorities such as the Privacy Commissioner.

A few federal agencies have been much more aggressive in the manner in which they have addressed the issue. This approach involves the recognition of stakeholder interests as an integral part of the agency's mission and strategy, and balancing of the agency's fiscal and social control responsibilities against the interests of the affected individuals. The following section outlines the specific elements involved in such a strategic approach to privacy and dataveillance.

Elements of a Privacy Strategy

This section identifies the activities which need to be undertaken by a corporation or government agency that recognises privacy and dataveillance as being of strategic importance. It is based on the principles of:

The activities can be best appreciated through division into three phases:

Exhibit 1A: The Preparatory Phase

Exhibit 1B: The Establishment Phase

Exhibit 1C: The Maintenance Phase

These guidelines are necessarily expressed in fairly general language, in order to be applicable both to corporations and to government agencies at Commonwealth, State and local government levels. The guidelines lend themselves to much more specific expression in respect of particular sectors of industry and government. The author has already prepared a more detailed form of them specifically targeted at personal data security in federal government agencies, which is the subject of an as-yet unpublished report.

Anonymity and Pseudonymity

One generic strategy for reducing the privacy-intrusiveness of organisational activities requires particular attention. This section distinguishes between identified transactions on the one hand, and anonymous and psudonymous transactions, on the other.

An identified transaction is one in which the data can be readily related to a particular individual. This may be because it carries a direct identifier of the person concerned, or because it contains data which, in combination with other available data, links the data to a particular person.

Anonymity, on the other hand, refers to the complete absence of identification data in a transaction. The key characteristic of an anonymous transaction is that the specific identity of one or more of the parties to the transaction cannot be extracted from the data itself, nor by combining the transaction with other data.

Some examples of non-identified, anonymous transactions include:

People desire anonymity for a variety of reasons. Some of these are of dubious social value, such as avoiding detection of their whereabouts in order to escape responsibilities such as paying debts and supporting the children from a broken marriage; avoiding retribution for financial fraud; and obscuring the flow of funds arising from illegal activities such as theft, drug-trading and extortion (commonly referred to as 'money-laundering').

Other reasons for seeking anonymity are of arguably significant social value, such as to avoid being found by people who wish to inflict physical harm (such as ex-criminal associates, religious zealots, excessively enthusiastic fans, obsessive stalkers and overly protective fathers of one's partner); to obscure the source of information made available in the public interest (in particular, journalists' sources and 'whistle-blowing'); to avoid unjustified exposure of information about people's private lives; to keep personal data out of the hands of marketing organisations; and to prevent government agencies using irrelevant and oudated information, of varying meaning and quality.

There are many circumstances in which the interests of all parties to a transaction can be protected, despite the absence of a record of identity; for example, by authenticating the party's eligibility and/or capability to conduct that particular kind of transaction, rather than by authenticating the identity of the individual.

It is commonly assumed that a tension exists between the proponents of all transaction data being identified (typified by the presumption that "the only people who want privacy are the ones with something to hide"), and the adherents to the view that all data is private. In fact, another alternative exists which can be applied to address the desires of both sides.

A pseudonym is an identifier for a party to a transaction, which is not, in the normal course of events, sufficient to associate the transaction with a particular human being. Hence a transaction is pseudonymous in relation to a particular party if the transaction data contains no direct identifier for that party, and can only be related to them in the event that a very specific piece of additional data is associated with it. The data may, however, be indirectly associated with the person, if particular procedures are followed.

There are several ways in which the requirements of pseudonymity can be implemented. One is the storage of partial identifiers by two or more organisations, which must both provide their portions of the transaction trail in order that the identity of the party can be constructed.

A more common way is to:

Such mechanisms already exist in a variety of settings; for example, epidemiological research in the health-care and social-science arenas needs longitudinal data, including demographic data about the individuals concerned, but does not necessarily need to know their identities: a pseudo-identity is sufficient.

Another example is 'anonymous re-mailers', which enable individuals to obscure their identities when they send email messages, by filtering them through a service which undertakes to protect the linkage between real and nominal identity. Such undertakings might provide an iron-clad guarantee of anonymity, provided that the service-operator and its clients forego a transaction trail, and thereby any form of traceability. In many cases, however, a transaction trail is likely to be maintained, and be subject to, for example, court orders, search warrants and sub poenas; and the messages are therefore pseudonymous rather than anonymous.

There are also applications in the area of financial services, whereby some financial institutions in some countries protect the identities of companies and individuals which have deposits with them, or undertake transactions through them. Similarly, buyers and sellers on exchanges which deal in stocks, shares, financial derivatives and foreign currencies do not, and do not need to, know the identity of the other party to the transaction. Innovative mechanisms which have been developed to serve the interests of the wealthy are capable of adaptation to the needs of people generally.


Dataveillance technologies are radically altering the balance between individuals and the organisations with whom they deal. Public disquiet is increasing, and a new round of public policy measures to address the difficulties is imminent.

Some companies and government agencies may be able to ignore these developments, or wait until they are forced to react. On the other hand, those organisations for whom personal data, dataveillance technologies and/or relationships with the public are important, will be well-advised to be proactive.

A strategic approach to privacy and dataveillance is no longer unusual. Public sector agencies are increasingly recognising the need to examine their operations from the perspective of their clients' privacy interests. A variety of corporations have undertaken strategic reviews of their relationships with their customers and/or employees. At least one very large private sector corporation has already had a special external audit performed.

This paper has argued the merits of reactionary versus constructive stances; crisis management versus risk management; and image versus substance. It has also provided general and specific guidance as to how a strategic approach to privacy and dataveillance can be adopted.

Bibliography of Major Electronic Reseources

The Privacy Law & Policy Reporter's Australian Privacy Guide, at

The Privacy Law & Policy Reporter's Worldwide Guide to Privacy Resources, at

The Electronic Frontier Foundation's Anonymity/Pseudonymity Archive, at

A list of my own main papers on privacy and dataveillance, at

EPIC's Online Guide to Privacy Resources, at

The archives of the bi-weekly EPIC Alert, at

The archives of the Privacy Law and Policy Report, at

The archives of the Computer Privacy Digest, aka the newsgroup comp.society.privacy, at gopher://

The archives of the (moderated) Privacy Forum, at

The archives of the (moderated) Risks Forum, at

Reference List

ANAO (1994) 'Department of Social Security: Protection of Confidential Client Information from Unauthorised Disclosure' Audit Report No. 23 of 1993/94, Australian National Audit Office, Canberra, 1994

APC (1994) 'The Australian Privacy Charter', at

Bennett C. (1992) 'Regulating Privacy: Data Protection and Public Policy in Europe and the United States' Cornell University Press, New York, 1992

Burnham D. (1983) 'The Rise of the Computer State' Random House, 1983

Clarke R.A. (1988) 'Information Technology and Dataveillance' Commun. ACM 31,5 (May 1988) 498-512. Abstract at

Clarke R.A. (1993a) 'Why the Public Is Scared of the Public Sector' Working Paper (February 1993). Abstract at

Clarke R.A. (1993b) 'Profiling: A Hidden Challenge to the Regulation of Dataveillance' Int'l J. L. & Inf. Sc. 4,2 (December 1993). At A shorter version was published as 'Profiling and Its Privacy Implications' Australasian Privacy Law & Policy Reporter 1,6 (November 1994). At

Clarke R.A. (1994a) 'The Digital Persona and Its Application to Data Surveillance' The Information Society 10,2 (June 1994). Abstract at

Clarke R.A. (1994b) 'The Path of Development of Strategic Information Systems Theory', Working Paper, 14 July 1994 , at

Clarke R.A. (1994c) 'Dataveillance by Governments: The Technique of Computer Matching' Information Technology & People 7,2 (December 1994). Abstract at

Clarke R.A. (1995a) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (March 1995). At

Clarke R.A. (1995b) 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism' Informatization and the Public Sector (March 1995). Abstract at

Clarke R.A. (1996a) 'Beyond the Jungle: Strategic Information Systems Theory in 'Low-Competitive' Contexts' Working Paper, at

Clarke R.A. (1996b) 'Crypto-Confusion: Mutual Non-Comprehension Threatens Exploitation of the GII' Privacy Law & Policy Reporter 3, 4 (May 1996). At

Clarke R.A. (1997) 'What Do People Really Think? MasterCard's Survey of the Australian Public's Attitudes to Privacy', Privacy Law & Policy Reporter 3, 9 (January 1997). At

Cowen Z. (1969) 'The Private Man' The Boyer Lectures, Australian Broadcasting Commission, Sydney, 1969

CSA (1995) 'Model Code for the Protection of Personal Information' Canadian Standards Association, CAN/CSA-Q830-1995 (September 1995)

Culnan M. (1993) '"How Did They Get My Name?': An Exploratory Investigation of Consumer Attitudes Toward Secondary Information Use' MIS Quarterly 17,3 (September 1993) 341-363

Davies S. (1992) 'Big Brother: Australia's Growing Web of Surveillance' Simon & Schuster, Sydney, 1992

EC (1995) 'The Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data' (The EC Directive), European Commission, Brussels, 25 July 1995

Equifax (1992) 'Harris-Equifax Consumer Privacy Survey 1992', Louis Harris & Associates & Weston A., Equifax Inc., Atlanta GA, 1992

Equifax (1995) 'The Equifax Canada Report on Consumers and Privacy in the Information Age - 1995', Louis Harris & Associates & Weston A., Equifax Canada Inc., Ville d'Anjou, 1995

Flaherty D.H. (1989) 'Protecting Privacy in Surveillance Societies' Uni. of North Carolina Press, 1989

Foucault M. (1977) 'Discipline and Punish: The Birth of the Prison' Peregrine, London, 1975, trans. 1977

Gandy O.H. (1993) 'The Panoptic Sort: Critical Studies in Communication and in the Cultural Industries' Westview, Boulder CO, 1993

Greenleaf G.W. (1996) 'Privacy and Australia's New Federal Government' Australasian Privacy Law & Policy Reporter 3, 1 (March/April 1996) pp.1-3 and 4-7

HREOC (1989-) 'Annual Report of the Privacy Commissioner' Privacy Branch, Human Rights and Equal Opportunities Commission, G.P.O. Box 5218, Sydney

HREOC (1991) 'Privacy Audit Manual - Volume 1' Available from the Compliance Section, Privacy Branch, Human Rights and Equal Opportunities Commission, G.P.O. Box 5218, Sydney NSW 2001

HREOC (1992-) 'Federal Privacy Handbook: A Guide to Federal Privacy Law and Practice' Redfern Legal Centre Publishing Ltd, 13A Meagher St, Chippendale NSW 2008

HREOC (1995a) 'Community Attitudes to Privacy', Information Paper No. 3, Human Rights Australia - Privacy Commissioner, Sydney (August 1995)

HREOC (1995b) 'Smart Cards: Implications for Privacy', Information Paper No. 4, Human Rights Australia - Privacy Commissioner, Sydney (December 1995)

Hughes G. (1991) 'Data Protection Law in Australia', Law Book Company, 1991

ICAC (1992) 'Report on Unauthorised Release of Government Information' Independent Commission Against Corruption (N.S.W.), Sydney, August 1992 (3 vols.)

IPCO (1995) 'Privacy-Enhancing Technologies: The Path to Anonymity' Information and Privacy Commissioner for Ontario and Registriekammer, The Netherlands (August 1995)

Katz J.E. & Tassone A.R. (1990) 'Public Opinion Trends: Privacy and Information Technology' Public Opinion Quarterly 54,1 (Spring 1990) 125-143

Kling R. (1978) 'Automated Welfare Client Tracking and Welfare Service Integration: The Political Economy of Computing' Comm ACM 21,6 (June 1978) 484-93

Larsen E. (1992) 'The Naked Consumer: How Our Private Lives Become Public Commodities' Henry Holt, New York, 1992

Laudon K.C. (1986) 'Dossier Society: Value Choices in the Design of National Information Systems' Columbia U.P., 1986

Madsen W. (1992) 'Handbook of Personal Data Protection' Macmillan, London, 1992

Marx G.T. & Reichman N. (1984) 'Routinising the Discovery of Secrets' Am. Behav. Scientist 27,4 (Mar/Apr 1984) 423-452

NSWPC (1975-) 'Annual Report' Privacy Committee of N.S.W., Sydney

NSWPC (1995) 'Invisible Eyes: Report on Video Surveillance in the Workplace' Privacy Committee of N.S.W., Sydney, September 1995

OECD (1980) ' Guidelines on the Protection of Privacy and Transborder Flows of Personal Data' OECD, Paris, 1980

OTA (1985) 'Electronic Surveillance and Civil Liberties' OTA-CIT-293, U.S. Govt Printing Office, Washington DC, October 1985

OTA (1986) 'Federal Government Information Technology: Electronic Record Systems and Individual Privacy' OTA-CIT-296, U.S. Govt Printing Office, Washington DC, June 1985

Packard V. (1957) 'The Hidden Persuaders' Penguin, London, 1957

Packard V. (1964) 'The Naked Society' McKay, New York, 1964

PIAC (1995) 'Surveying Boundaries: Canadians and Their Personal Information'Public Interest Advocacy Centre / Federation nationale des associations de consommateurs du Quebec, 1 Nicholas St, Suite 1204, Ottawa Ontario, 1995 Tel: +1 613 562 4002

PLPR (1994-) 'The Privacy Law & Policy Reporter', Prospect Publishing, Sydney, 1994-, ISSN 1321-3563

PW (1996) 'Privacy Survey - 1996', Price Waterhouse, Melbourne, June 1996

Roszak T. (1986) 'The Cult of Information' Pantheon 1986

Rule J.B. (1974) 'Private Lives and Public Surveillance: Social Control in the Computer Age' Schocken Books, 1974

Rule J.B., McAdam D., Stearns L. & Uglow D. (1980) 'The Politics of Privacy' New American Library, 1980

Smith R.E. (ed.) (1974-) ' Privacy Journal', monthly since November 1974

Telstra (1996) 'Privacy Review Report' Telstra, Melbourne (June 1996)

Tolchinsky P.D., McCuddy M.K., Adams J., Ganster D.C., Woodman R.W. & Fromkin H.L. (1981) 'Employee Perceptions of Invasion of Privacy: A Field Simulation Experiment' J. of Applied Psychology 66, 3 (June 1981) 308-313

Tucker G. (1992) 'Information Privacy Law in Australia' Longman Cheshire, Melbourne, 1992

Whittle R. (1996) 'Calling number display: AUSTEL's PAC report' Australasian Privacy Law & Policy Reporter 3, 1 (March/April 1996) pp.8-11

Woodman R.W., Ganster D.C., Adams J., McCuddy M.K., Tolchinsky P.D. & Fromkin H. (1982) 'A Survey of Employee Perceptions of Information Privacy in Organisations' Academy of Management J. 25,3 (October 1982) 647-663

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 2 May 1996 - Last Amended: 27 January 1998 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy