IAPP Hosts Privacy and Accountability Forum
Jun 27, 2013 7:05am
The International Association of Privacy Professionals (IAPP) hosted a KnowledgeNet forum, The Components of an Accountable Company Privacy Program and How to Implement It, in Washington, D.C. on Wednesday, June 26.
The discussion was led by National Cyber Security Alliance board member David Hoffman (CIPP/US), director of security policy and global privacy officer for Intel Corporation, and Chair of Data Privacy Day Dan Caprio, senior strategic advisor at McKenna Long & Aldridge LLP, which hosted the event.
“This is really about protecting privacy and enabling innovation,” said Caprio, who noted the two goals are not mutually exclusive. He named public/consumer awareness and greater transparency about the uses of collected data as two accountability challenges that organizations must address.
Caprio, a former acting assistant secretary for technology and policy at the U.S. Department of Commerce, also noted that accountability should not be synonymous with compliance, because there is no guarantee current rules will be adequate safeguards as new ways to utilize collected data emerge.
“As a part of accountability, privacy-by-design asserts that the future of privacy can not be assured solely by compliance within a regulatory framework,” Caprio said. “Rather, privacy assurance must become an organization’s default mode of operation. The privacy-by-design principle should encourage the implementation of accountability processes in the development of technologies and services.”
Hoffman stressed the importance of developing accountability programs that engender public trust.
“The question is, ‘What’s the right model to provide appropriate protections so that individuals are going to have trust and confidence in the way they participate in society?’” Hoffman said. “And I think that’s where accountability is trying to play a role.”
Asked by a number of privacy officers from the public sector how to conduct viable accountability practices with limited resources, Hoffman responded that every privacy officer can set a tone for accountability, regardless of the resources at his or her disposal.
“That decision is,” he said, “whether you decide to talk about privacy to everyone who you talk with as a compliance obligation, or as a fundamental issue of trust and confidence in how individuals relate to your organization.”
IAPP members in attendance received the Self-Assessment of a Comprehensive Privacy Programme: A Tool for Practitioners. The Centre for Information Policy Leadership developed this assessment tool to help organizations implement and evaluate the necessary steps to establish accountability for responsible data protection.