Obviously some kinds of data are felt by data-subjects or the public in general to be especially sensitive. A commonly cited example is that HIV–AIDS data are much more sensitive than, say, data about wrist fracture. Whether sensitivity is somehow justified will always be debatable within the context. But for purposes of ethical practices, policy, and law, widely held public concerns must be recognized and respected appropriately.
Among the categories often taken to be highly sensitive are data about:
- Mental health
- Aberrant behavior (child battering...)
- Alcohol or other chemical habituation
- Reproduction (infertility, pregnancy, ova and sperm donation, spontaneous or elective abortion...)
- Embarrassing problems (sexual impotence, urinary incontinence...)
- Sexual orientation, attitudes, practices, and functions
- Sexually transmitted diseases
But although these are among the more obviously delicate kinds of data, a person may just as well have anxieties about employers or others becoming aware of data regarding asthma, for instance, or epilepsy, cirrhosis of the liver, or a weak back.
Sensitivity may have to do with revelation of a past that a person has moved beyond and does not wish others to know about, or be reminded of himself. It may imply improper or socially marginal behavior. It may stem from resentment at ill fortune in the lottery of life, or from imputation of careless behavior, or implication of disfunctionality. And of course it may stem from fear of negative discrimination.
This raises serious questions for policy. Should distinctions be made among kinds of health data with respect to how they are protected? Should special sensitivities be recognized? Should protections be scaled relative to the potential for social or physical harm, or emotional offense, to data-subjects?
A U.S. Task Force on the Privacy of Private-Sector Health Records expressed this view (with which the author agrees):35
The Task Force believes that any file containing health information should be considered a candidate for protection since it is the information itself, and not the form in which it is maintained, which could result in an invasion of privacy if released. ... Although the Task Force agrees that it is appealing to classify information according to sensitivity, it questions whether this is the most effective approach to protecting data that may potentially cause harm to an individual. Disease-specific segregation of records necessitates complicated administrative arrangements.... In addition, the definition of what constitutes a sensitive medical record may differ from decade to decade and from individual to individual. ... Protecting all health records adequately is the issue that must be addressed.
(35) U.S. Department of Health and Human Services, Task Force on the Privacy of Private-Sector Records, Final Report, p. 4 (report prepared under HHS Contract # 100-91-0036 by Kunitz and Associates, Inc., 6001 Montrose Road, Suite 920, Rockville, Maryland 20852, September 1995).