Events Calendar
APA 2007
APA 2006
APA 2005
Division 34 Newsletter
News Archive
More Information
Division 34 Secretary
Britain A. Scott, Ph.D.
University of St. Thomas
Phone: 651-962-5039
BAScott@stthomas.edu

Division 34 Webmaster
Sae Schatz, M.S.
University of Central Florida
Phone: 407-823-5164
sae@cs.ucf.edu
 

APA 2005

Division 34 Presidential Address: Privacy & Reproductive Behavior

An Information Model of Privacy Applied to Reproductive Behavior
Gregory H. Wilmoth, Ph.D.
Division 34 Presidential Address
American Psychological Association Convention,
Washington, D.C. August 18-21, 2005

Download this paper as a Word document

The views expressed here are those of the author and no endorsement by the U.S. Government Accountability Office is intended or should be inferred.

How important is privacy to use of reproductive-related facilities, services and technology? In one study of adolescent females using family planning clinics in Wisconsin, half reported that they would not use the clinics if their parents had to be notified when they requested prescriptions for contraceptives (Kline, J. et al, 1999).

U.S. History of Privacy

Although privacy as a legal issue in the U.S. can be traced to 1890 (Warren & Brandeis, 1890, Harvard Law Review) and earlier, one can argue that the 1960's were a pivotal point leading to the current concern about privacy.

Vance Packard in The Naked Society (1964) popularized the concern about privacy. He illustrated how governmental, business and technological changes were exposing more and more of citizens' private information to use and abuse.

The Supreme Court decision in Griswold v. Connecticut in 1965 established citizens' right to be free from government intrusion into their personal, marriage decisions about using contraceptives. Estelle Griswold was a physician for a Planned Parenthood Clinic who prescribed and provided contraceptives in violation of Connecticut law. The Supreme Court based its decision on a "right to privacy" within marriage.

An early scholarly study of privacy was published by Alan Westin in 1967-Privacy and Freedom. His study had a strong legal orientation and focused primarily on privacy as controlling access to personal information. Westin also set the stage by proposing four types of privacy: solitude, anonymity, reserve, and intimacy.

With the growth in environmental psychology in the early 1970's, interest in the psychology of privacy exploded. Although the research of numerous psychologists could be cited, the research and theorizing of Irvin Altman may be the most influential. In his 1975 book, The Environment and Social Behavior: Privacy, personal space, territory. crowding. Altman proposed a theory of privacy that explained key concepts in environmental and social psychology. While his theory is too complex to fully explain here, he theorized that privacy is a dialectical, transactional process that selectively controls access to the self. Thus privacy is an interpersonal boundary control process that regulates social behavior.

Also in the early 1970's, privacy and issues of reproduction again made legal history. In 1972, the U.S. Supreme Court in Eisenstadt v. Baird (405 U.S. 438) ruled that the Massachusetts law prohibiting the sale or distribution of contraceptives to unmarried individuals was unconstitutional. Although the case was decided primarily on equal protection arguments (married vs. unmarried defendants), the right to privacy was also an important consideration. These "right to privacy" arguments were subsequently the basis for the Supreme Court's ruling in Roe v. Wade in 1973 that the right to abortion derived from the right to privacy.

Information Privacy vs. Decisional Privacy

Thirty years after these court cases and the early research on the psychology of privacy, privacy, sexuality, and reproduction-separately and together-remain pressing, controversial issues. For example, critics of the USA Patriot Act of 2001 (set to be renewed this year) have raised numerous privacy concerns. Also, in Lawrence and Garner v. Texas (02-102), the Supreme Court ruled in 2003 that anti-sodomy laws were unconstitutional because they intruded on consensual, private sexual conduct. As a final example, numerous opponents of the nomination to the Supreme Court of John Roberts have raised concerns about his views on the right to privacy.

It is important to distinguish, however, between the types of privacy in the USA Patriot Act and those in Roe v. Wade and other reproductive cases. The Patriot Act addresses the privacy of personal information whereas Roe v. Wade and other reproductive cases address freedom from governmental intrusion into the privacy of sexual and reproductive decisions. Although I will discuss privacy in relation to sexual and reproductive behavior, I will limit my focus to the privacy of personal information rather than freedom from governmental intrusion into the privacy of sexual and reproductive decisions.

Most of the literature, laws and regulations on privacy today deal with personal information. Examples include HIPAA (the Health Insurance Portability and Accountability Act of 1996), FERPA (Family Educational Rights and Privacy Act of 1974), the Electronic Communications Privacy Act of 1986, the Children's Online Privacy Act of 1998, the Financial Modernization Act of 1999, the Cable TV Privacy Act of 1984, and the Video Privacy Protection Act of 1988. It is important to note that because there is not a explicit right to privacy of personal information in the Constitution, Congress has passed laws identifying the legal right to specific areas of personal privacy.

The Video Privacy Protection Act of 1988 is an interesting example because it was passed in response to media disclosure of Judge Robert Bork's video rentals. In 1987 when Judge Bork was nominated by President Reagan for a Supreme Court seat, I was the SPSSI Public Policy Fellow at APA. One of my activities was to help persuade APA's Board of Directors to oppose Bork's nomination. My arguments centered on Bork's belief that there was no right to privacy and that therefore Roe v. Wade was decided incorrectly. Judge Bork would not have found it ironic that a privacy protection law resulted from the invasion of his privacy, because Bork believed that the Constitutional way to protect privacy was through the legislative rather than the judicial process.

Definition of Privacy

This focus on protection versus disclosure of personal information brings us back to Alan Westin's conceptualization of privacy in the 1960's. He postulated that privacy is determining for ourselves when, how, and to what extent personal information about us is communicated to others; that is, privacy is control over the disclosure of personal information. Thus, privacy was limited to communication behaviors which are a subset of social behavior. Although one could argue that all behavior communicates, it is more difficult to argue that all behavior communications personal, sensitive information. As in the case of information about video rentals, personal information might be collected, stored and transmitted by other people.

Westin proposed four types of privacy: solitude, anonymity, reserve and intimacy. However, I think these are more appropriately characterized as means of controlling the disclosure of personal information. When solitude includes spatial, visual, and electronic solitude, the individual is unable to transmit information to others. When a person is anonymous, the critical nexus of privacy is not transmitted, namely, the person's identity. The recipient of any information does not know the identity of the person transmitting the information. Thus what makes information "personal" is missing. When a person is being reserved, the individual is selectively controlling what information is communicated to whom. The results are that the individual can have varying degrees of intimacy with different people and different individuals can have different personal information about the person communicating. However, there is a risk that these individuals could share personal information about the sender and both individuals discover personal knowledge that neither had before. Finally, intimacy is group seclusion where a group can be two people or more.

When I asked people to describe situations in which they felt private, all four of these means of privacy were offered (Wilmoth, 1981). However, people did not volunteer these situations in equal numbers. Just over half of all private situations involved solitude compared to 22 percent each for reserve and intimacy, and only 4 percent for anonymity.

Calibrating Perceived Privacy in Situations

I think most of you would intuitively say that some situations or information are more personal or private than others. In my study where subjects rated the amount of privacy perceived in different situations, the degree of privacy varied by the means of privacy (Wilmoth, 1981). On a scale of 0 to 8, situations of solitude ranged from 3.4 to 7.2 whereas situations of anonymity ranged from 1.9 to 4.6. The explanation for these findings is theorized to be based on the amount of personal information disclosed.

A person who is in solitude is transmitting no personal information except absence from others. For example, if the person is reading the newspaper in solitude, the amount of personal information in the situation is very low and thus the amount of perceived privacy is relatively low. If, however, the person is reading the Joy of Sex, then the amount of personal information is greater and the perceived privacy is relatively greater.

Being anonymous is in some ways the opposite of being in solitude. When a person is anonymous in a crowd, those around him or her can see everything he or she does but those in the crowd do not know the identity of the actor. If a person is a tourist in a foreign city visiting a museum, the person is anonymous and their behavior is not very personal. Thus the perceived privacy in this anonymous situation is viewed to be relatively low. However, the lowest perceived privacy for solitude (3.4) is almost twice that for the lowest perceived privacy for anonymity (1.9). If the person, however, is a woman from Kansas going into an abortion clinic in Chicago, then she is probably anonymous but is engaging in a very personal behavior. The perceived privacy of this anonymous situation will be relatively higher. Again, however, the highest perceived privacy for anonymity (4.6) is only about 65% as high as the highest perceived privacy for solitude (7.2). Alternatively, the lowest perceived privacy in solitude is about 75% of the highest perceived privacy in anonymity. With anonymity there is always the risk that one's identity might be recognized.

It is possible that subjects given scenarios of invasions of privacy might rate the perceived violation of anonymity and solitude differently such that the large differences seen above don't occur. However, I hypothesize that the perceived violation of privacy will also be a function of the lengths taken to violate another's privacy. For example, it is one thing to read someone's diary when it is left out unlocked versus reading a diary that was hidden and locked. There was a recent story in which Maryland motorists vehemently objected to police using night vision goggles to detect motorists not wearing a seat belt.

Anonymous and solitary behaviors

New technologies are making more and more reproductive-related behaviors possible without involvement of professionals. Since 1978, women have been able to do a pregnancy test in seclusion. If the woman wants to share the results of the test with anyone, then she can selectively communicate that personal information (reserve). If the woman wants to view the test results as they materialize with her significant other, they can do so (intimacy).

More recently, a number of tests have come on the market for home testing when ovulation occurs. Such tests can be used to determine either when to increase the chances of not becoming pregnant or to increase the chances of becoming pregnant. If the so-called "morning after pill" is made available as a nonprescription, over-the-counter product, then it too could be used in solitude.

By buying these over-the-counter products in stores where you are unlikely to encounter someone you know, and by paying in cash, these products can be bought anonymously. The same would be similarly true for buying male and female condoms or spermicides; and maybe someday, the morning-after pill.

If desired, any of these products could be used with a partner present creating situations of intimacy or group privacy. Intimacy requires two conditions to be considered a form of privacy: two or more persons alone together and exchange of personal information that need not be anything more than carnal knowledge. Most people would consider using such products as being highly personal. In the U.S., most reproductive behavior probably occurs in the privacy of the bedroom (intimacy). In earlier times, the role of the chaperone was to minimize the opportunity for physical privacy.

Some proponents of RU-486 (mifepristone: MIFEPREX and EARLY OPTION) hoped that its entrance into the U.S. market would allow women to have abortions more anonymously. The locations of abortion clinics are well-known to anti-abortion activists and thus they are often able to "harass," "educate," or see women going into the clinic. Proponents of RU-486 hoped that family physicians and gynecologists who did not have abortion clinics would prescribe it. This would allow women to avoid the public spectacle of going to abortion clinics.

Although anonymity is the least frequently cited means of privacy, these examples show that it can be a major means for women and couples to protect their privacy as it involves contraception and abortion.

Confidentiality

The vast majority of contraceptive and abortion technologies require health care professionals either to perform the procedure or to provide a prescription for a product. By tradition and U.S. law, interactions with health care professionals for birth control and abortion products and procedures are protected by confidentiality. Confidentiality is a special means of privacy that exists when special types of communication occur between legally designated actors. Three of the most common instances of confidentiality are legal communications between a client and an attorney, personal health communications with a health care provider, and personal religious communications with a priest or equivalent. The International Standards Organization defines confidentiality as ensuring that information is accessible only to those authorized to have access.

Most reproductive health care interactions occur in group privacy (intimacy) in a room. The patient discloses personal information to the health care provider who is then legally forbidden to disclose that information to others except in special legally defined circumstances. In the case of minors seeking birth control or an abortion, who are pregnant or fear they might be, or who have a sexually transmitted disease, most states forbid health care providers from providing this information to the minor's parents. Health care for virtually all non-reproductive conditions given to minors are not confidential from parents and may even require parental consent. This is one example of how one person's need for privacy might conflict with another person's need for information. Minor's rights in this situation are not based on information privacy, however, but on the right to privacy in making reproductive-related decisions. But recall my opening question and the data that show that half of minors would not seek reproductive health care if their parents had to be informed.

At least one prosecutor, Attorney General Phill Kline of Kansas, has demanded access to such confidential information for about 90 abortion patients where either the patient was 16 or younger or the abortion was after the 22nd week of pregnancy. Sex involving someone under 16 is illegal in Kansas, and it is illegal in the state for doctors to perform an abortion after 22 weeks unless there is reason to believe it is needed to protect the mother's health. He says he is merely trying to enforce these two laws. He is seeking information from medical records including the patient's name, physician's name, medical history, details of the patient's sex life, birth control practices and psychological profile.

The involved clinics have offered to provide some medical information without the patient's name. In effect, the clinics are making the information anonymous to protect the identity of the patients. They argue that this would allow the Attorney General to determine whether a crime had been committed without exposing the identities of patients where no crime was determined to have occurred. He rejected this offer.

Electronic records

Sometimes common business practices expose personal information. Unintentional exposures are sometimes called privacy leaks. For example, this could occur when a pharmacy shares the prescription information of its customers with health insurers or marketers. This could result in a patient who had filled a prescription for the morning after pill getting a letter or postcard by U.S. mail that advertises its competing product on the outside of the envelope. If the patient lives with her parents or roommates who saw the letter or postcard before the patient saw it, then they might assume certain personal information about the patient. The Health Insurance Portability and Accountability Act (HIPAA) is supposed to prevent intentional and unintentional disclosure of patients' medical information.

The increasing use of electronic medical records raises numerous privacy concerns. These concerns arise from two features of electronic records: the ease of copying/transmitting the information and the ease of electronically matching records from different sources. Anyone who does genealogy, or for other reasons has searched for records in court houses, knows the limitations of searching and matching paper records. First, you have to be in the same physical location as the record to view it; second, you have to locate and retrieve the record; and third, you have to copy the record. With electronic records, you do not have to be located where the record is nor do you have to do much work to locate it and retrieve it; and making a copy is as quick and easy as copying and pasting on the computer. You can then transmit it to everyone for whom you have an email address or post the information on a webpage for all the world to see.

Linking records from different sources creates the potential to generate more detailed, personal information on an individual than is possible from any single source (GAO-01-126SP). For example, most websites collect data on those who visit the website. If a health insurance plan has a website where it offers medical information and it has its patients' email address as part of medical records it could link the data from these two sources. If a teenager covered by the plan visited the website to get information about pregnancy prevention and the information from the website cookie is matched with its medical records, the plan could link the teenagers' name with an interest in pregnancy prevention. In fact, it is possible to disclose highly private information by linking records from sources that have no personal information other than a person's identifier.

Social security numbers are commonly used as identifiers on records. Because it is a unique identifier, SSNs are treated as private information. Unlike other information, however, that people wish to keep private, most people do not keep their SSN private because they have an emotional connection with it or fear that it would disclose something "personal" about them. SSNs are treated as private information solely because they act as identifiers that enable linking all kinds of information about us and allow others to misappropriate our identity, credit and assets.

Privacy and Surveillance

Surveillance cameras are becoming more and more common on highways and streets, in public places such as airports, in businesses, and in our cities. The Wall Street Journal reported that London has almost 500,000 city-operated surveillance cameras. It is increasingly likely that although you might be anonymous to those around you, you might be captured on a surveillance camera. For me, the privacy issue becomes how the pictures captured by the surveillance camera are used and who can see them. Depending on the city and the location of the abortion clinic, the woman from Kansas in the earlier example might well have been captured on video going into the clinic.

If there are clear laws that pictures on surveillance cameras can only be disclosed to appropriate law enforcement officials when the commission of a crime is seriously suspected, then pictures of people not committing crimes should not be disclosed to the public. However, care must be taken to prevent privacy leaks. An innocent person could be in the same picture as a suspected criminal, and if the unedited picture was shown in the news, the anonymity of the innocent person could be violated.

In addition to surveillance cameras, the ever-increasing popularity and presence of camera phones creates additional threats to privacy. Some states have enacted laws to prohibit using camera phones in restrooms and places where people change clothes. These phones make it very easy for anyone to surreptitiously take pictures of women entering abortion clinics. Although I am not aware of a specific example, it would be possible for this person to then post the picture on a website as a way of publicly shaming the woman. Even if the name of the woman was unknown when her picture was posted, anyone who recognized the picture could submit the woman's name to the website. Because the behavior took place in a public space, posting such a picture would not be illegal unless there was a law specifically covering pictures of access or egress from abortion clinics. Once the picture, name and action are posted on the web, it becomes public information.

Hidden cameras in motels, changing rooms, and other places have resulted in numerous arrests. Hidden cameras are sold in a wide variety products designed to conceal the camera's presence. The cameras are readily available to anyone with the modest amount of money for the price. However, in states where there is not a right to privacy in the constitution or there is not a law against hidden cameras, no crime has occurred. In 1996 in Maryland, a man placed a hidden camera in the bedroom of his neighbor's house. At that time in Maryland, videotaping someone without their permission in the privacy of their residence was not a crime of invasion of privacy. However, recording conversations whether by phone or directly, was (and is) against Maryland law. All providers of reproductive-related services should have their facilities periodically swept for audio and video electronic bugs.

I do not think there is not a necessary link between modesty and privacy. There have been several cases of tanning salon operators using hidden cameras to take pictures of undressed customers. When discovered, the customers expressed outrage at having their privacy invaded. Hypothetically, such a customer might also frequent a nude beach. This example highlights the importance for privacy of selective transmission of personal information. Visiting a nude beach is a decision under the control of the individual; being spied on is an unchosen invasion of privacy. In another example, as recently as the mid-1980's when I lived in German farming villages, just before a woman's pregnancy would be visibly noticeable, women stopped going into public until after giving birth. Because these are small villages, such a measure does not protect the information that the woman is pregnant. This custom which might be related to modesty, but is not, I think, an example of privacy.

New technologies designed to make us safer can also be used to invade our privacy. The federal mandate requiring cell phone providers to implement a 911 locator system for cell phones has this potential. Many people today have only a cell phone. Many more people have a cell phone with them when they are in an unexpected emergency. Many cell phones and provider systems cannot automatically tell a 911 dispatcher from where the call is originating. Land-line phones do. Once this technology is fully implemented, the government or others could monitor a person's location through their cell phone. With geographic information systems (GIS), the government could determine when a cell phone user visited an abortion clinic or other reproductive-related facility.

I believe three safeguards are needed to prevent disclosure of private, non-criminal information. First, there must be a law prohibiting disclosure of private, non-criminal information except under narrow, special circumstances. Second, the law needs to provide severe punishments to deter privacy invasion beyond employment termination for violations of the law. Third, the victim must be given the right to sue for damages from the entity that leaked access to the disclosed data.

Getting back to my main theme, we have seen with solitude and anonymity two means of privacy that both have a restricted range of perceived privacy. Solitude did not have a perceived privacy score below 3.4 on a 0 to 8 scale and anonymity did not have a perceived privacy score above 4.6 on a 0 to 8 scale. Reserve and intimacy, however, have fuller ranges of perceived privacy scores. Privacy scores for reserve ranged from 1.6 to 6.4 whereas privacy scores for intimacy ranged from 2.8 to 7 on a O-to-8 scale.

Intimacy and Reserve

Because reserve is the selective transmission of personal information to others, reserve and self-disclosure are intertwined. The amount of privacy in reserve should be a function of the combination of how personal is the information transmitted, to how many people it is transmitted, and how emotionally close the sender is to the recipients. Telling an acquaintance how much you dislike horror movies would have a relatively low perceived privacy score. However, the perceived privacy would be very high of Monica Lewinsky confiding in Lindra Tripp her sexual relations with President Clinton. I give this as an example of reserve because Monica Lewinsky said she was not bragging about her behavior but seeking a sympathetic listener. Linda Tripp, however, felt she had a legal duty to disclose this confidence. This is an example of the ever-present risk that what we disclose to others with an expectation that they will not further transmit the information will, in fact, be "leaked" to others.

Recall that intimacy is group solitude. How private this feels depends on how much personal information is shared. Maybe not surprisingly, many of the volunteered situations in which people felt private as intimacy involved sexual behavior. A couple having sex would have a relatively high perceived privacy score while a couple having breakfast alone together would have a relatively low perceived privacy score.

Information can be transmitted via any of the senses. Therefore, the design of places needing privacy should address the two most prevalent media-sight and sound. Privacy barriers have broad implications for the design and construction of examining and counseling rooms in school health clinics, family planning clinics, abortion clinics, adoption centers, genetic testing clinics, fertility clinics, etc.

While we in the U.S. tend to take privacy in health care settings for granted, that is often not the case in the developing world. A study of health clinics in Zimbabwe found that almost a quarter of health interviews could be overheard by waiting patients. Holahan and Slaikeu (1977) showed that counseling rooms with poorer sound barriers resulted in reduced self-disclosure in counseling sessions.

Also in Zimbabwe, visual privacy was lacking in almost a third of client interviews. Some clinics in the Philippines did exams and took vaginal samples in front of other women waiting for services. Although visual barriers (walls, closed doors, etc.) are almost always considered in the U.S., the entrance to a clinic is less often considered. Teenagers and others are often hesitant to enter family planning clinics if they have to enter through a publicly visible door with a sign disclosing the purpose of the facility, such as "abortion clinic." Reproductive-related facilities in multiple occupant buildings where all occupants share the same entrance to the main building provides better privacy. A person can be seen entering a generic building without the observer knowing which facility inside is actually visited. A privacy barrier is anything that blocks the transmission of information about a person and his/her behavior.

Privacy and Assisted-Reproductive Technology

So far, all the reproductive examples have dealt with birth control, pregnancy testing and abortions. Next I will discuss some selected privacy issues related to fertility enhancement, genetic testing and adoption.

Some couples are unable to have children. Some of these couples will seek out and use assisted-human-reproduction services and technologies including the use of donor sperm or eggs (gametes) to create a pregnancy. The privacy issues involved with such services are compounded by the number of individuals involved: the donor, the recipient(s), and any resultant children.

Assisted-human-reproduction services almost universally require potential donors to complete extensive medical history forms. These include questions about mental health. For donors to participate, they sacrifice their privacy and that of their family members including parents and other relatives. They do this, however, with the knowledge that this personal information is protected by confidentiality. Donors might be given the option to consent to allowing the disclosure of some of this private information to the recipients, the donor children, researchers, and government entities. The consent document should be specific as to which information is shared with whom and under what circumstances. This is almost universally considered necessary to comply with generally accepted privacy principles.

Some have argued that donors should have the right to be anonymous so they can avoid being contacted by the recipients, any resultant children or authorities. Others, however, argue that information about donors should be protected by confidentiality but not be anonymous. Another opinion is that donor information should be private from the recipients but not the children when they reach a certain age (16, 18, etc.). The belief is that the children have a higher right to know their genetic origins. Yet, others believe donor information should be disclosed to the medical providers of the child but not to the child or recipients. If the donor develops genetically-based medical problems (the donor's records would have to be updated), the child's medical providers would have the donor's information to assist in diagnosis and treatment of the child. Finally, to evaluate the risks of assisted-human reproduction services and technologies, some believe that donor and child information should be collected and updated by a government entity with the responsibility to monitor their effects.

On the flip side, what rights to information should the donor have? Some policy analysts believe donors have no rights to information about donor children. Others believe that donors should have the right to find out how many, if any, children were born from their sperm or eggs, the sex of the children, and any genetic conditions. New Zealand is considering whether donors have the right to information about a child who is over 25, including information to contact the child without the child's consent. New Zealand is also considering notifying donor children at age 18 that they are donor children and allowing them to consent to having the donor contact them before age 25. Donors would be notified of children who had consented. Notice how some of these proposals ensure privacy for a certain period of time but them remove the barriers protecting privacy. In rare instances (Connelly v. Rice v. Flynn, 2005), donors have sued for custody of their donor children. In such cases, the lack of privacy of the recipients' and child's identities can have serious consequences.

What information should potential recipients have about donors? Most experts think the identity of the donor should be kept private from the recipients but that information that could affect the health of the donor child should be disclosed. Health information might be limited to what genetic tests had been done and the results of those tests. There is debate about whether other information such as height, morphology (that is, a person's build: lean, average, stout-muscular, overweight), athletic and other abilities/aptitudes, intelligence, etc. should be disclosed to recipients. It is generally agreed that so-called "sensitive" information about the donor such as religion and political beliefs should be neither collected nor shared.

When human-assisted reproduction includes using a surrogate mother, another actor with privacy considerations is involved. To protect the privacy of the surrogate mother, special legal arrangements may need to be made so that the birth certificate does not show the surrogate mother as the birth mother.

Genetic Testing and Privacy

More and more couples are using genetic testing either before deciding to become pregnant or during pregnancy (amniocentesis). One of the concerns about genetic testing is privacy. Insurers and employers could use genetic test information to either reject applicants or charge them higher premiums. Siblings and adult children could also make a compelling claim to seeing the genetic test results of their siblings or parents. They could argue that such information would either help them avoid a condition, start early treatment, or avoid passing the trait to their children. This illustrates that others can and do claim legitimate reasons for access to others private information. In general, most authorities agree that genetic testing information should only be disclosed with the patient's consent.

As mentioned earlier in another context, one of the critical challenges to genetic information collection and storage is inappropriate disclosure. One strategy is to implement generally accepted privacy principles. Another strategy is to anonymize the information by destroying the name or other identifier of the person on the record after collection. A newer strategy is to "alias" the information. In essence, the person requesting genetic testing is asked to pick an alias. The alias is placed on all records associated with the genetic sample and testing. The facility or staff keep no identifying information on the patient. The patient can request the test results by providing the alias. If the results were to be "leaked" (accidentally or intentionally disclosed), there would be no way to link the test results to an individual. Even if authorities had a search warrant or subpoenaed the results, they would not be able to identify the individual. Aliasing is a means of providing anonymity. (More Information)

In Australia, and in many situations in the U.S., this would not be possible because of legal requirements. In Australia, medical personnel have a legal obligation to contact any and all patients discovered to have a condition needing medical treatment. Failure to do so can result in legal liability. Aliasing would interfere with this legal requirement.

Some authors, such as Sheri Alpert of Notre Dame (JSI, 2003, vol. 59, 2, 301-322), have proposed an extension of the concept of privacy in genetic testing to groups. She argues that medical research, including genetic testing, that collects and reports information on group identity, usually ethnicity, invades the privacy of that group by creating the opportunity for others to stigmatize the group based on that knowledge. She uses Ashkenazi Jews as an example. Because of their long history of in-group marriage, they are ideal candidates for studying the genetics of diseases such as Tay-Sachs, Canavan's disease, Fanconi anemia, etc. In such group research, the identity of individuals is anonymous. Shi argues that when research is reported by ethnicity, personal information about individuals of that group is disclosed-namely, that individuals of this group have a higher likelihood of having a certain genetic disease. For several reasons that I don't have time to present, I don't believe the construct of privacy fits and I believe it would cause more harm than good.

Adoption and Privacy

Adoption is generally a confidential procedure. Until recently, adoption records were sealed (not accessible by the public) in most states. Oregon passed a law in 1997 that took effect in 2000 that opens these sealed records. A group of birthmothers has filed a lawsuit to keep the records sealed. They say their privacy is being violated and that the guarantee of privacy they were given when they consented to relinquish their children for adoption is being violated. An ironic aspect of this lawsuit as well as the one filed by Lawrence and Garner that resulted in the Supreme Court's decision deciding anti-sodomy laws are unconstitutional is that those whose privacy was being violated had to go public to protect the privacy of others. The Oregon law also makes all future adoption records open to the adoptee at age 21. Because the law requires that the birthmother be informed of this possible disclosure in the future, it is not considered a breach of privacy because the birthmother has consented to the disclosure.

As many birthmothers have discovered, confidentiality and sealed adoption records do not guarantee privacy. There are many other ways to discover the identity of birthmothers and the Internet has many sites devoted to this disclosure.

Do adoptees have a right to learn who their biological (pre-adoptive) siblings are? This is particularly an issue for siblings in the foster care system who are placed in different homes. The privacy issue involves whether finding out who ones biological siblings is violates the privacy of the siblings. The siblings might not know they are adopted or might not want to be contacted. Kentucky and a few other states have created a system to help insure privacy. Adoptees 18 years old or older can have their name placed on a "sibling reunion" registry indicating they want contact. If a pre-adoption sibling also places his or her name on the list, then the state will notify the siblings.

Privacy Impact Assessment

Because new laws, regulations, technologies and data collection requirements can impact privacy, more and more governments are developing and requiring privacy impact assessments (PIA). In the U.S., the E-Government Act requires agencies to do privacy impact assessments and to make the results available to the public. The U.S. Census Bureau has released at least 24 PIAs (http://www.census.gov/po/pia). The Internal Revenue Service has also made public numerous PIAs (http://www.irs.gov/privacy/article/0,,id=122989,00.html).

After 9/11, the U.S. developed a number of new technologies to increase the security of air transportation and borders. For example, US VISIT is a system to verify the identity of people entering the country and recording their entry and exit. Another system is SECURE FLIGHT that is a prescreening system for domestic air travelers to help insure that terrorists do not board commercial flights. The Department of Homeland Security has issued PIAs on both programs (www.epic.org/privacy/us-visit/us-visit_pia.pdf and www.eff.org/Privacy/Secure_Flight_PIA_Notice.pdf). Whether you think these PIAs are adequate is a different matter. Unlike the U.S., Canada has a Privacy Commissioner responsible for providing leadership and setting policies for privacy practices in Canada. This office also provides a web-based training program: www.tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/index_e.asp.

What I hope I have made more obvious is that new reproductive technologies and practices create new privacy concerns and risks. In addition, new communication and surveillance technologies create new privacy concerns and risks related to reproductive technologies and services. I think there is an important role for psychologists to play in assessing how these facilitate behaviors users desire, how they inhibit desired behaviors, and assessing the behavioral, cognitive and emotional side-effects of these technologies.