IAF Takes Education to the Enforcement Agencies

The Information Accountability Foundation (IAF) held a seminar with and for the Colombia Superintendent of Industry and Commerce (SIC) on March 7, 2018 that was attended by 35 members of the SIC data protection staff. The seminar is a continuation of the IAF’s Digital University that takes the IAF’s research directly to policymakers and implementers. The SIC is the data protection enforcement agency in Colombia.

Maria Claudia Caviedes Mejia, SIC Deputy Superintendent, and Martin Abrams

The seminar focused on accountability as a guiding principle for effective data protection in an observational age. SIC published a guidance circular in 2015 on accountability that emphasized the role of accountability in a data protection program. The seminar purpose was to provide additional substance on how the accountability principle works in effect.

The IAF team included Martin Abrams, IAF executive director, Scott Taylor from Merck, Victoria Anzola from Segge, and Jose Alejandro Bermudez from Bermudez Legal.

Abrams presented on the Essential Elements of Accountability and their meaning in a data era where observation and analytics play a prominent role. He was followed by Taylor who spoke on governance and the questions a regulator might ask to measure the presence of an accountability based program. Victoria Anzola, who runs a Colombia based consultancy for SMEs, discussed how accountability is implemented in smaller enterprises. Bermudez discussed accountability in a South American context. The program closed with a second Abrams presentation on the key role accountability plays when data is available across borders.

The IAF is a non-profit whose charitable purpose is research and education. It is the incorporation of the Global Accountability Dialogue that facilitated the Essential Elements of Accountability. The Digital University is a proactive initiative to take IAF research and objective content of how digital processes actually work for the sole purpose of informing policymaker and implementer audiences. It is predicated on the notion that government and regulatory agencies often do not have the budget to attend educational conferences and that knowledge needs to be taken to them. The IAF and Digital University operate in all regions and actively collaborate with other organisations interested in informed information policy. For more information about IAF and Digital University, contact Martin Abrams at mabrams@informationaccountability.org.

Are GDPR Guidelines Becoming So Complex They May Overwhelm Businesses Ability to Meet Them?

Authored by Lynn Goldstein and Peter Cullen Last December the European Union’s Article 29 Data Protection Working Party (Working Party) issued draft guidance relating to two key aspects of the General Data Protection Regulation (GDPR) addressing Consent and Transparency, both essential to the effective operation of the GDPR. The Working Party invited comments, and the… Continue Reading

Guidance and Un-Legislated Law

In 2016 and 2017, the Article 29 Data Protection Working Party (WP29) adopted Action Plans which set forth its global implementation strategy related to the General Data Protection Regulation (GDPR).  Pursuant to these Action Plans, the WP29 has produced seven Guidelines and has indicated it will produce at least eight more.  As the data protection… Continue Reading

Martin Abrams’ Remarks — 39th International Conference of Data Protection and Privacy Commissioners

My thanks to the International Conference of Data Protection and Privacy Commissioners and to our colleagues at the Hong Kong Commission for this opportunity to discuss data ethics. I would also like to dedicate this session to Joe Alhadeff who recently passed after a long battle with cancer. Joe was a wise friend to us… Continue Reading

Accountability Does Work

143,000,000 people were the victims of a recent data breach when their data was stolen from Equifax, a company that has an obligation to keep their data safe. Data security is tough. The bad guys only need to be successful once, while companies need to win every time. However, from the perspective of many consumers,… Continue Reading

IAF Releases Ethical Guidance for Artificial Intelligence at Commissioners’ Conference

The terms ethics and ethical data processing are in vogue. With the rapid growth of innovative data-driven technologies and the application of these innovations to areas that can have a material impact on people’s daily lives, enhanced corporate governance focused on ethical objectives is needed. Particularly where data enabled decisions are made without the intervention… Continue Reading

Demonstrating Responsible Use for Legitimate Interests Is Necessary Now

Elizabeth Denham, the United Kingdom’s Information Commissioner published a blog 16 August, busting the myth that consent would be required for all processing under the General Data Protection Regulation (GDPR). In addition to the GDPR-consent myth, over the years, many businesses have actually relied predominantly on consent as a means to achieve the lawful processing… Continue Reading

A Data Protection Risk Assessment Is About Ethics – Join IAF Webinar

A Data Protection Risk Assessment Is About Ethics —- Join IAF Webinar Webinar September 6, 2017 We have never read a privacy or data protection law that requires controllers be ethical. Yet implicitly new laws are driving expectations that organizations using data robustly do so in an ethical fashion. What does that mean? The European… Continue Reading

Latin American Data Export Governance

Data flows are global, but privacy laws are local. I first uttered that statement in the last century during initial discussions on whether the United States had adequate privacy protection as defined by the 1995 European Union Data Protection Directive. At the time, I argued that privacy protections in the United States were a mosaic… Continue Reading

Europe Sets the Standard – Other Regions Follow

Europe Sets the Standard – Other Regions Follow The Ibero-American Data Protection Network (“network”) adopted “Standards for Personal Data Protection for Ibero-American States“ (“SPDP”) on June 20, 2017 at its meeting in Santiago, Chile, with the official English translation now available. Most data protection experts have predicted that the adequacy provisions of the European General… Continue Reading