Category Archives: Canada Project

Assessment Oversight Is Necessary For Trust

Why should a privacy or data protection assessment conducted by a company be trusted?  That question was asked by some Canadian stakeholders when the IAF held a meeting in 2017 to review the big data assessment developed by the IAF based on grant from the Federal Office of the Privacy Commissioner.  That question motivated the IAF to apply for a grant from the OPC to see if the attributes that make Research Ethics Boards (similar to U.S. Independent Review Boards) trustworthy could be applied to comprehensive impact assessments to make them trustworthy.  IAF received that grant from the IAF, and that research was conducted in late 2017 and in the first quarter of 2018.  The project included two discussions, one with business and the other with a multi-stakeholder group very similar to the one that raised the question.  The project report may be found here.

IAF’s findings include the following:

  • REBs are independent of the researcher but not the organization.  They are credible in part because they have common rules and processes that link to a public external criterion.
  • A similar criterion could be developed in Canada by the private sector or a regulatory body as a code of best practice.
  • At the Canadian multi-stakeholder session, it was suggested a good place to start would be a set of principles.  So, the paper includes straw-person principles as a starting point for future discussion.

This was a Canadian project.  However, the paper informs discussions in other regions where comprehensive data impact assessments are necessary to create the authority for thinking with data.

Please share your comments with us.


Comprehensive Data Impact Assessments Set the Stage for Accountability 2.0

There is no disagreement, whether in Europe, the Americas or Asia, that a fully connected world requires those that think and act with data to demonstrate that their processing of data is legal, fair and just.  Demonstration requires comprehensive data impact assessments that help organizations discover the issues for all stakeholders. Discovery of issues helps… Continue Reading

Autonomy and Fair Processing: Proportioning the Governance

The free flow of data to facilitate individual, business and societal needs as well as to facilitate the protection of individuals to whom the data pertains has always required proportionality. That proportionality is demonstrated in privacy law that protects both individual autonomy and fair processing. The constant evolution of information and communications technologies further emphasises… Continue Reading

IAF Briefing on Legitimate Data Use at FPF – May 12

OVERVIEW IAF will present a “Briefing On Assessment Processes to Achieve Assurance That Data Use is Legitimate and Not Unfair” at the Future of Privacy Forum (FPF) in Washington, DC, during the morning of May 12. Session speakers will include FTC Commissioner Maureen Ohlhausen, Jenner & Block Partner Mary Ellen Callahan, and IAF Executive Director… Continue Reading

Information Impact Assessments Key to Protection with Innovation

Data must be used to improve global healthcare, economic opportunity, freedom of choice and expression, and functionality of markets. Data must be governed to assure the full range of interests and rights that are the basis of free democracies in the 21st century. Among those interests is the freedom from digital predestination–where probability alone determines… Continue Reading