Rethink Privacy

Last week, the privacy community gathered in Warsaw, Poland, for the 35th International Conference of Data Protection and Privacy Commissioners. I delivered a speech (view the text and the slides at the links below) at one of the plenary sessions, titled Privacy and Technology, and had the honor of showing a video from Intel’s privacy-by-design training program. As Intel integrates privacy into all of our products, services and business processes, we recognize the need to “Rethink” how we apply the traditional Fair Information Practice Principles. Our experience over the past few years of designing in privacy convinces us that the principles are enduring and as important as they were forty years ago.

Our challenge is to understand how to apply these timeless principles to new innovative technologies and business practices so that they are workable and effective, and serve the individual in the new world of technology and data use that we are creating. My speech highlighted the need to Rethink in particular our approach to applying the principles of Transparency, Security Safeguards and Accountability.

The conference panel then discussed the need to Rethink approaches to applying other Fair Information Practice Principles, including Individual Participation. People are expressing their concerns about how their information is processed, and how they can exercise control over their online reputations. Greater focus on Accountability and Security Safeguards can help make privacy commitments real, by ensuring the right technology, people and processes are deployed to protect individuals. We have the opportunity to use current technology to provide better access to information, and in some situations to delete the information that is either wrong or disproportionate in its impact on the individual. While the complete “forgetting” of information may be impossible and undesirable, the reasonable and practical “obscuring” of information can provide protection for at-risk groups such as the victims of domestic violence.

There was a collective sense of urgency and opportunity at the conference. We know the current models are not working. We have the enduring principles. Now we just need to make them effective so their implementation endures. Who will join me in the Rethink?

PolandSpeech

DPAConference2014DavidHoffman

One Response to Rethink Privacy

  1. James Elam says:

    When I was at “megacorp” we spent a lot of time worrying about PII (Personally Identifying Information) which was a good thing.

    We’d occasionally buy other companies, sometimes quite large ($B+) and find out … they didn’t have anything going on with policy, process, procedure, or audit. So we ended up having to make broad assumptions about the ways we could use their data in marketing/sales.

    It’s certainly a tricky issue.

    _Cliff