David A. Hoffman
Intel’s Director of Security Policy and Global Privacy Officer
(The following are my remarks accepting the IAPP Privacy Vanguard Award delivered today in San Jose).
Thank you. I am honored and grateful to accept the IAAP Privacy Vanguard Award. It is humbling to be considered in the same category as Marty Abrams, Mary Ellen Callahan and Jennifer Stoddart, just to name a few of the former recipients who have been mentors and role models during my privacy career.
Many people make it possible for me to accept this award. Intel’s privacy accomplishments have come from visionary executive support, committed partners and the unfailing dedication of the best team in Privacy. I am blessed to be married to an incredible woman who has inspired and supported this long privacy journey. My two wonderful boys remind me on a daily basis why we are all working to foster a culture of liberty and freedom, where young people can test boundaries, take risks and develop into their best selves.
I have been working in Privacy for 20 years now, and I would like to briefly offer some observations on the evolution of the profession and then make a request of you.
I joined the IAPP Board in 2006, when the organization had approximately 2000 members. When I left the board in 2010 there were 7000 members . There now are 17000. The privacy profession continues to grow as data becomes more embedded into our daily lives.
There has also been a qualitative evolution of information privacy that has taken place in at least three phases.
First, in the 1970’s the US government and the OECD articulated the Fair Information Practice Principles (the FIPPs) that have served as the foundation for our profession. The FIPPs are both enduring and flexible. They continue, and should continue, to provide protection for individuals while guiding the innovative use of technology and data.
Second, in the 1980’s and 1990’s the profession promoted transparency by posting privacy policies based on the FIPPs. The process of writing privacy policies caused us to think about how our organizations manage personal data and how we will comply with those policies.
The privacy profession has now entered a third phase of “data ethics”. This third phase is marked by the recognition that complying with privacy policies is necessary but not sufficient. We all lead data creating and data influenced lives. The public will not accept innovative uses of data, unless it understands that our organizations can be trusted.
Technology and data innovation present opportunities to enrich the lives of everyone on earth. For example, we see the potential to improve disease management, education and urban development by better using the data of which our profession is the steward. The responsible and innovative use of data can drive both individual benefits and societal gain. Every company is now a data company, and we all have a role to play in the extent to which that data will be used to accelerate progress.
InBloom is one example from which we need to learn. The Gates and Carnegie Foundations spent $100 million to build an entity that would better use data to improve the efficiency and effectiveness of schools. Because of privacy concerns, that investment was lost, and even worse, so was that chance to provide new opportunities for children. The era of data ethics required InBloom to show why it should be trusted, and unfortunately it did not do so.
Innovators are right now applying data to solve the great challenges of our time. They need the privacy profession standing beside them, ready to show why this use of data is appropriate. It will be privacy done right that will allow society to embrace those innovative uses of data.
However, the privacy profession will only share in those accomplishments if we view our jobs as more than just managing compliance. Legislation and regulation always trail innovation, and are not sufficient to protect individuals. As one leading privacy officer told me recently, “It is not my role to define what we are legally allowed to do, it is my role to define what is right for us to do.”
It should be a point of pride for the privacy profession that individuals should never be forced into the false choice between Privacy and Progress. The pursuit of both goals must be the defining value of our work. Privacy AND Progress, not Privacy OR Progress.
I mentioned at the beginning of this speech that I would end by asking something of you. I have a call to action for the privacy profession.
On January 28th, we celebrate Data Privacy Day. Data Privacy Day falls just a few days after the newly formed Data Innovation Day. The close proximity of the events is a reminder that privacy and innovation must reinforce each other.
Right now on Twitter and here before you, I make the Data Innovation Pledge. I Will Promote the Ethical and Innovative Use of Data. You can also see on the screen behind me that many global privacy leaders have made the pledge, and are encouraging you to do so.
This pledge promises we will not approach our jobs as a checklist compliance exercise, but instead as a vehicle of social and economic progress. Doctors promise to do no harm. Lawyers commit to support the Constitution. Privacy professionals should commit themselves to the ethical use of data to improve people’s lives.
This year by January 28th, the privacy profession should reaffirm that while compliance is important, our profession is also focused on achieving the promise of data innovation. All people who believe in the power of progress should make the pledge. All people who demand to have their freedoms respected should make the pledge. By Data Privacy Day, 100,000 people should make that affirmation.
Receiving the Privacy Vanguard Award is a great honor. I accept the award less as a recognition of past accomplishments, but more as a call for future leadership. Please join me in that future activity by going to #datainnovationpledge on Twitter. Let’s make today the start of our profession achieving the great accomplishments of this century.