Category Archives: Lynn Goldstein

Assessment Oversight Is Necessary For Trust

Why should a privacy or data protection assessment conducted by a company be trusted?  That question was asked by some Canadian stakeholders when the IAF held a meeting in 2017 to review the big data assessment developed by the IAF based on grant from the Federal Office of the Privacy Commissioner.  That question motivated the IAF to apply for a grant from the OPC to see if the attributes that make Research Ethics Boards (similar to U.S. Independent Review Boards) trustworthy could be applied to comprehensive impact assessments to make them trustworthy.  IAF received that grant from the IAF, and that research was conducted in late 2017 and in the first quarter of 2018.  The project included two discussions, one with business and the other with a multi-stakeholder group very similar to the one that raised the question.  The project report may be found here.

IAF’s findings include the following:

  • REBs are independent of the researcher but not the organization.  They are credible in part because they have common rules and processes that link to a public external criterion.
  • A similar criterion could be developed in Canada by the private sector or a regulatory body as a code of best practice.
  • At the Canadian multi-stakeholder session, it was suggested a good place to start would be a set of principles.  So, the paper includes straw-person principles as a starting point for future discussion.

This was a Canadian project.  However, the paper informs discussions in other regions where comprehensive data impact assessments are necessary to create the authority for thinking with data.

Please share your comments with us.


Are GDPR Guidelines Becoming So Complex They May Overwhelm Businesses Ability to Meet Them?

Authored by Lynn Goldstein and Peter Cullen Last December the European Union’s Article 29 Data Protection Working Party (Working Party) issued draft guidance relating to two key aspects of the General Data Protection Regulation (GDPR) addressing Consent and Transparency, both essential to the effective operation of the GDPR. The Working Party invited comments, and the… Continue Reading

Comprehensive Data Impact Assessments Set the Stage for Accountability 2.0

There is no disagreement, whether in Europe, the Americas or Asia, that a fully connected world requires those that think and act with data to demonstrate that their processing of data is legal, fair and just.  Demonstration requires comprehensive data impact assessments that help organizations discover the issues for all stakeholders. Discovery of issues helps… Continue Reading

IAF Briefing on Legitimate Data Use at FPF – May 12

OVERVIEW IAF will present a “Briefing On Assessment Processes to Achieve Assurance That Data Use is Legitimate and Not Unfair” at the Future of Privacy Forum (FPF) in Washington, DC, during the morning of May 12. Session speakers will include FTC Commissioner Maureen Ohlhausen, Jenner & Block Partner Mary Ellen Callahan, and IAF Executive Director… Continue Reading