Category Archives: Uncategorized

Bermuda Report on Information Accountability

Privacy and data protection laws are filled with concepts that are notoriously difficult to put into tangible effect.

Privacy itself is often defined, somewhat amorphously, as “Protection against intrusion” or “respect for private life.” Laws and regulations draw on principled statements and evoke laudable goals such as fairness or accountability. But what does all this mean in practice? How does a person sitting at her desk respect one’s private life or show fairness? She has a piece of paper with information on it, and has to do something with it. What actions should she take, and how does she evaluate her success meeting the principles of privacy?

Of course her lawyer would tell her, “It depends,” and fair play to that. It does depend, on factors like the type of information or the way she hopes to process the data. Regardless of the specific actions she chooses, she needs a programmatic way to demonstrate her good accountability.

Accountability is a concept that many of us have a common sense understanding of: the idea that actions have consequences or that someone will have to answer for why they chose to take any given course. Like its sibling privacy principles, that idea may be less intuitive to understand from an action-oriented perspective. When you break accountability down into its constituent parts, it becomes a road map not only for how to respect privacy, but how to structure a successful, ethical program:

  • When many organisations access data, which one is in charge of what happens to the data?
  • Who within an organisation ultimately makes decisions about what is done? Who executes those decisions?
  • Who answers to the public? Who would the subject of that data call or email if they had questions?
  • How does an organisation make these decisions? How does it ensure its staff or partners follow standards or receive the training they need?
  • How does an organisation show its work–both to those who trusted it with their data, and to the supervisory entities responsible for monitoring their performance?

Luckily for us all, regulators and policy-makers have been posing these questions about as long as the field of data protection has existed. The Bermuda Report on Information Accountability surveys the history of accountability from its origins and from (almost quite literally) the four corners of the globe. It describes the evolution and formalisation of accountability as a core privacy principle, essential to the success of private organisations as well as their regulatory environments.

For all those people sitting at desks with pieces of paper in front of them, the Report provides tangible examples of both “building block” and ongoing steps to ensure a successful privacy program. Organisations engaged in cutting-edge, advanced data processing through machine learning or artificial intelligence should pay special attention to the “Enhanced Data Stewardship Accountability Elements,” which provide a framework for building and maintaining strong ethical standards for decision-making even in environments where the processing is unthinkably quick or comprehensive.

I offer my thanks to the team of the Information Accountability Foundation, particularly lead writer Lynn Goldstein, and look forward to continuing this vital conversation.

Alexander McD White
Privacy Commissioner

IAF Releases “Advanced Data Analytic Processing – 2019 Update”

Central to the work of the Information Accountability Foundation is the concept that using data to discover new insights about people raises a different set of risks than using data to make decisions about people.  That foundational idea was first explored in a paper published by the Centre for Information Policy Leadership entitled “Big Data… Continue Reading

Trust Deficit Acceleration Means Trust but Verify

Dirty diesel cars, opiates, income disparities, and institutional failures.  The trust deficit caused by these abuses or plain mistakes seems to be accelerating beyond red to bright red.  This acceleration has huge ramifications for new privacy laws and for interpretations of existing laws. The IAF staff recently visited a privacy regulatory agency to discuss how… Continue Reading

Fair and Just Analytics and AI, The Hong Kong Ethical Data Stewardship and Assessment Framework, Ethics Truly by Design

To meet the challenges presented by the proliferation of advanced data processing activities to personal data protection, the Privacy Commissioner for Personal Data, Hong Kong (PCPD) has commissioned the Information Accountability Foundation (IAF) to find the way out for both data users and data subjects in the digital economy. PCPD and IAF will present a… Continue Reading

IAF Takes Education to the Enforcement Agencies

The Information Accountability Foundation (IAF) held a seminar with and for the Colombia Superintendent of Industry and Commerce (SIC) on March 7, 2018 that was attended by 35 members of the SIC data protection staff. The seminar is a continuation of the IAF’s Digital University that takes the IAF’s research directly to policymakers and implementers.… Continue Reading

We lost A True Mensch – Joe May You Rest In Peace

This weekend Joe Alhadeff passed away after a long bout with cancer. Joe is a founder of the Information Accountability Foundation, just one of a number of organizations that he saw as providing solutions to an increasing complex set of eco-systems.  He has been a colleague of mine for well over a decade.  He was… Continue Reading

The Need for An Ethical Framework

The vast amount of data made possible and accessible through today’s information technologies, and the ever-increasing analytical capabilities of this data, are unlocking tremendous insights that are enabling new solutions to health challenges, business models, personalization and benefits to individuals and society. At the same time, new risks to individuals can be created. Against this… Continue Reading

Alexa, Observation and Practical Solutions

Sitting in our family room is a little disk that answers to Alexa that joined us on Christmas day.  She (it?) sits there quietly asleep until someone calls her name.  Then she wakes up and does our bidding.  It is typically mundane things such as turning on the lights or finding music.  One might argue… Continue Reading

Defining the Privacy Right and the FCC Rulemaking

If you cannot define a problem, you cannot solve it. The term “privacy” has always been hard to define. Bring ten experts into a room, and the definition of privacy will be different depending on with whom you are talking. However, we can begin to give it structure. The term “privacy” in an information age… Continue Reading

Key Documents for IAF Workshop at IAPP-GPS

Key Documents for IAF Workshop at IAPP-GPS: “Big Data Project Vetting to Assure Fair and Innovative Data Use” 4 April 2016 Washington, DC The material includes: IAF Big Data Ethics Initiative Overview Workshop Agenda Workshop Hypothetical A Unified Ethical Frame for Big Data Analysis (Part A) Enforcing Big Data Assessment Processes (Part C) Contextual Assessment… Continue Reading