1 / 9

Accountability, trust, & verification mArtin abrams January 2014

Accountability, trust, & verification mArtin abrams January 2014. Accountability, privacy, & data protection. OECD Guideline Established by Canadian Law APEC Guideline Operationalised by BCRs and CBPRs Further refinement came with Global Accountability Project and WP29 White Paper

arion
Download Presentation

Accountability, trust, & verification mArtin abrams January 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Accountability, trust, & verificationmArtinabramsJanuary 2014

  2. Accountability, privacy, & data protection • OECD Guideline • Established by Canadian Law • APEC Guideline • Operationalised by BCRs and CBPRs • Further refinement came with Global Accountability Project and WP29 White Paper • Expectation defined by Canadian guidance on comprehensive programs

  3. Essential elements of accountability • Policies that link to the external criteria and are supported by senior management • Mechanisms, including risk assessment tools, to put policies in place • Internal review to assure mechanisms are working and are improved over time • Means to make big data uses transparent to individuals and assure their rights are respected • Openness to enforcement agency oversight and remedies if the goals of data protection are abused in a harmful fashion

  4. Simple summary • Organisations must be: • Responsible (policies, mechanisms, internal oversight) • Answerable (stand ready to demonstrate)

  5. When must organisations stand ready to demonstrate? • Before any processing? Must all organisations have third-party assurance reviews? • When processing is particularly risky? • When organisations want flexibility, such as BCRs? • When organisations have had a data protection breach? • When regulators conduct a spot check? A continuing question for the Global Dialogue

  6. What is clear • Trust and an environment of market compliance requires some level of verification • If levels of verification are seen as low there will be trust issues (Safe Harbor?) • Risk based compliance requires the risk of an “organisation” getting caught • If an organisation will never be caught why pay the high cost of implementing the essential elements

  7. Range for verification • At minimum there must be spot checking for comprehensive programs to meet the objectives of data protection • Authority and resources to conduct spot checking necessary • Consensus that greater flexibility may require certification based on verification • Who does the verification, what are the expectations of the verifiers • Less clarity on verification related to new types of processing • Verification for all users of data is probably a step too far

  8. Global Accountability Dialogue • Secretariat is now non-profit Information Accountability Foundation • Annual dialogue will be in London in May • Among other issues Dialogue will look at expectations of accountability agents

  9. Reaching marty abrams • mabrams@informationaccountability.org

More Related