Chair: Marty Abrams, Information Accountability Foundation (US)pror
Moderator: Colin Bennett, Victoria University (CA)
Panel: Christopher Docksey, EDPS (EU), Terry McQuay, Nymity (BE), Michael Scuvée, Johnson Controls (BE), Scott Taylor, Hewlett Packard (US)
Several interrelated forces have emerged making the conditions perfect for an accountability approach to demonstrating compliance and moving beyond the compliance checklist. Accountable organisations have effective privacy management and are compliant with privacy laws. Research has shown that organisations can be compliant without an effective privacy management programme, but organisations cannot be accountable without an effective privacy management programme. Join the panellists as they discuss the merits of this approach and address the following questions:
- Could regulators create a policy that provides accountable organisations with benefits if they volunteer to stand ready to demonstrate compliance and demonstrate an effective privacy management programme (demonstrate accountability) to the Regulator through an onsite inspection?
- Could an onsite inspection and incentive based approach use existing laws as the framework for demonstrating accountability?
- Could this then empower the privacy office in an accountable organisation to contextualise evidence of compliance to the Regulator?
- If accountable organisations can stand ready to demonstrate compliance with privacy laws and demonstrate an effective privacy management programme, do these organisations deserve benefits?