By Laini Byfield
Theory
Foundations you can cite and teach — then operationalize through governance and practice.
Foundational anchors
Contextual integrity
Privacy is about appropriate information flows within a context, shaped by norms: who shares what, with whom, and for what purpose. The same data can be harmful when moved to a new context — even if it was collected appropriately in the first one. This is the canonical framework for explaining why "we already have the data" is not an ethical justification for using it differently.
Suggested citation: Helen Nissenbaum, Privacy in Context (Stanford University Press, 2010).
Power and proximity
Small systems create relational exposure. The system operator often knows the data subject — a supervisor, a benefits administrator, a program coordinator. That proximity changes incentives and raises the accountability bar in ways that large-scale anonymous systems do not face. Fairness is not just a statistical property; it is a relationship.
Fairness under small-n
Small cohorts make subgroup analysis and reporting risky. When a department has five people, a breakdown by role or tenure may effectively name individuals even without using names. Suppression, aggregation, and careful narrative framing are not optional politeness — they are ethical design choices with real stakes.
Contestability as a design requirement
Systems that produce consequential outcomes without an appeals path are not neutral — they are authoritative by default. The absence of a challenge mechanism is itself a design choice that concentrates power. ETHICMAP treats contestability as infrastructure, not a feature.
From theory to practice
Theory matters only if it shapes system choices:
- Policy translates principles into rules and standards
- Governance assigns responsibility, review, and authority
- Practice embeds controls into day-to-day operations
- ETHICMAP makes the whole thing repeatable across cycles