It is commonly accepted that the use of personal information in busine
ss and government puts individual privacy at risk. However, little is
known about these risks-for instance, whether and how they can be meas
ured, and how they vary across social groups and the sectors in which
personal data are used. Unless we can gain a purchase on such issues,
our knowledge of the societal effects of information technology and sy
stems will remain deficient, and the ability to make and implement bet
ter policies for privacy protection, and perhaps for a more equitable
distribution of risk and protection, will remain impaired. The article
explores this topic, examining conventional paradigms in data protect
ion, including the one-dimensional view of the ''data subject,'' that
inhibit better conceptualizations and practices. It looks at some comp
arative survey evidence that casts light on the question of the distri
bution of privacy risks and concerns. It examines theoretical issues i
n the literature on risk, raising questions about the objectivity and
perception of the risk of privacy invasion.