Category Archives: Privacy

Assessment Oversight Is Necessary For Trust

Why should a privacy or data protection assessment conducted by a company be trusted?  That question was asked by some Canadian stakeholders when the IAF held a meeting in 2017 to review the big data assessment developed by the IAF based on grant from the Federal Office of the Privacy Commissioner.  That question motivated the IAF to apply for a grant from the OPC to see if the attributes that make Research Ethics Boards (similar to U.S. Independent Review Boards) trustworthy could be applied to comprehensive impact assessments to make them trustworthy.  IAF received that grant from the IAF, and that research was conducted in late 2017 and in the first quarter of 2018.  The project included two discussions, one with business and the other with a multi-stakeholder group very similar to the one that raised the question.  The project report may be found here.

IAF’s findings include the following:

  • REBs are independent of the researcher but not the organization.  They are credible in part because they have common rules and processes that link to a public external criterion.
  • A similar criterion could be developed in Canada by the private sector or a regulatory body as a code of best practice.
  • At the Canadian multi-stakeholder session, it was suggested a good place to start would be a set of principles.  So, the paper includes straw-person principles as a starting point for future discussion.

This was a Canadian project.  However, the paper informs discussions in other regions where comprehensive data impact assessments are necessary to create the authority for thinking with data.

Please share your comments with us.


Assessments are the Hub of a Forward-Looking Data Protection Program

The term assessments appear a great deal in IAF work. We have written about comprehensive data impact assessments, ethical assessments, digital marketing assessments, Canadian assessments and legitimate interests assessments. All these references are part of the same theme; a family of comprehensive assessments of how data is used and how it impacts individuals is necessary… Continue Reading

Defining the Privacy Right and the FCC Rulemaking

If you cannot define a problem, you cannot solve it. The term “privacy” has always been hard to define. Bring ten experts into a room, and the definition of privacy will be different depending on with whom you are talking. However, we can begin to give it structure. The term “privacy” in an information age… Continue Reading

Restoring Privacy Functionality Through Data Protection Processes

Can data protection, the fair processing of personal data, protect the key values associated with privacy? While many privacy professionals use the terms privacy and data protection interchangeably, European law differentiates the two terms. The Working Party 29 Legitimate Interests opinion from 2014 does an excellent job of explaining the differences. Privacy is a value… Continue Reading

Abrams to Speak at Data Protection Seminar in Brazil on 9 April

IAF’s Martin Abrams has been invited to be the keynote speaker at a seminar on compliance privacy and personal data protection during 9 April in Sao Paulo, Brazil. The event will cover Brazil’s proposed data protection law (Marco Civil). To read Marty’s related paper, click here for the English version. For the version of the… Continue Reading

IAF will Convene DDO Discussion in 2015

The Information Accountability Foundation will hold a framing discussion about Dynamic Data Obscurity (“DDO”) in Washington, DC, during January 2015. Background Data management, particularly in an age of observational data and big data analysis, requires both effective polices for data application and controls to implement the policies. The Foundation’s past work has focused on accountability-based… Continue Reading

Personality, Culture and Japan’s Pursuit of Balanced Information Policy

Last week, I visited Japan to learn about the country’s coming privacy reforms and to speak about next generation information policy. I left Japan with great respect and admiration for the Japanese government’s clear information policy objectives. However, I also left Japan with real concern that the remedies on the table will not yield the… Continue Reading