Category Archives: Information Accountability Foundation

Assessment Oversight Is Necessary For Trust

Why should a privacy or data protection assessment conducted by a company be trusted?  That question was asked by some Canadian stakeholders when the IAF held a meeting in 2017 to review the big data assessment developed by the IAF based on grant from the Federal Office of the Privacy Commissioner.  That question motivated the IAF to apply for a grant from the OPC to see if the attributes that make Research Ethics Boards (similar to U.S. Independent Review Boards) trustworthy could be applied to comprehensive impact assessments to make them trustworthy.  IAF received that grant from the IAF, and that research was conducted in late 2017 and in the first quarter of 2018.  The project included two discussions, one with business and the other with a multi-stakeholder group very similar to the one that raised the question.  The project report may be found here.

IAF’s findings include the following:

  • REBs are independent of the researcher but not the organization.  They are credible in part because they have common rules and processes that link to a public external criterion.
  • A similar criterion could be developed in Canada by the private sector or a regulatory body as a code of best practice.
  • At the Canadian multi-stakeholder session, it was suggested a good place to start would be a set of principles.  So, the paper includes straw-person principles as a starting point for future discussion.

This was a Canadian project.  However, the paper informs discussions in other regions where comprehensive data impact assessments are necessary to create the authority for thinking with data.

Please share your comments with us.


Thinking With Data Still Creates Knowledge That Benefits Mankind — That Hasn’t Changed

As information policy experts, we have always known that data can be misused to create misery.  The direct marketing industry began when snake oil salesman sold sucker lists.  Yet the ability to think with data has contributed to drug discoveries, safer cars, lighter airplanes, and greater opportunities.  We have always known that observational technologies combined… Continue Reading

IAF Takes Education to the Enforcement Agencies

The Information Accountability Foundation (IAF) held a seminar with and for the Colombia Superintendent of Industry and Commerce (SIC) on March 7, 2018 that was attended by 35 members of the SIC data protection staff. The seminar is a continuation of the IAF’s Digital University that takes the IAF’s research directly to policymakers and implementers.… Continue Reading

Are GDPR Guidelines Becoming So Complex They May Overwhelm Businesses Ability to Meet Them?

Authored by Lynn Goldstein and Peter Cullen Last December the European Union’s Article 29 Data Protection Working Party (Working Party) issued draft guidance relating to two key aspects of the General Data Protection Regulation (GDPR) addressing Consent and Transparency, both essential to the effective operation of the GDPR. The Working Party invited comments, and the… Continue Reading