Ambiguity All Around
So far we have observed several troubling phenomena in the U.S. corporate privacy domain: a reactive policy-making cycle that relies on an external threat for impetus to action, resulting in a set of inadequate policies and a troubling policy/practice gap, along with a clear break in argumentation between corporations and noncorporate stakeholders. But none of these problems exist in isolation; rather, they are symptoms of a more systemic disease: ambiguity in the U.S. corporate privacy domain. We cannot proceed to discuss solutions for the problems of the current environment without first considering the underlying drivers for those problems. Thus, in this chapter we examine the ambiguity from which the other problems originate.
The ambiguous corporate privacy domain fuels a poor policy-making dynamic -- the drift-external threat-reaction cycle. Because corporations are not forced to, they do not confront privacy issues in a proactive fashion. This passive approach provides ample opportunity for an ill-suited set of policies to develop and for a policy/practice gap to evolve. The ambiguity also provides the quicksand on which the corporate privacy arguments are crafted, and it offers little incentive for corporations to confront the differing stakeholders' arguments in a forthright fashion. Thus, either directly or indirectly, we can trace all the problems uncovered in this study to this single driver.
Despite some heroic efforts in the 1970s to chart an explicit set of principles for behavior -- witness the Fair Information Practices described in chapter 1 -- there has been a remarkable lack of clarity in translating those abstract principles into day-to-day corporate operations. Furthermore, as the focus on privacy ebbed and flowed during the 1980s, much of the momentum for increasing privacy protections diminished. Ironically, this slowdown happened during the same years