Posted in Accountability

Opinion

The Risk of the “Risk-Based Approach”

By Stuart S. Shapiro, CIPP/US, CIPP/G

At this year’s IAPP Global Privacy Summit, I repeatedly encountered references to and quasi-explanations of the “risk-based approach” to privacy. The risk-based approach is, apparently, the new black now that accountability is no longer quite so chic. With its focus on the privacy risks incurred by individuals, the risk-based approach is, I was informed, a bold new direction for the privacy profession.

Taken at face value, it’s rather difficult to imagine a more damning indictment of the privacy profession. It’s 2014 and we’ve only just started worrying about risks to individuals?

More from Stuart S. Shapiro

Practical Privacy

Privacy 101 for SMEs: The Best Defense is a Good Offense

By Omer Tene
and Marc Groman, CIPP/US

Imagine you are a major retailer and have to disclose a few days before Christmas that hackers stole credit card details and personal data on about –oh, 110 million shoppers –from your secure safe. Or that just as your app is experiencing hockey stick growth, leading tech blogs and media blast you for uploading users’ contact lists to your servers without permission.

Hearing news like this, you probably cringe at the thought that this might happen to you. But, of course, you are not a major retailer or global corporation, or even an app with tens of millions of users commanding media attention; you are a small or medium enterprise (SME), so you don’t have to worry, right? Wrong! Privacy and data security must be strategic considerations for every business, including garage entrepreneurs developing cool apps or analytics companies with half a dozen employees.

More from Omer Tene

Point-Counterpoint

So Glad You Didn’t Say That! A Response to Viktor Mayer-Schönberger

In response to my comments on an IAPP story, “Forget Notice and Choice, Let’s Regulate Use,” Viktor Mayer-Schönberger distances himself from views attributed to him by the IAPP, and positions taken in an earlier whitepaper.

My first thought when reading Mayer-Schönberger’s response was, “I’m so glad he didn’t mean that!” In sum, Mayer-Schönberger assures me that our views are aligned as follows: The belief that individuals have an interest in privacy protection; privacy should be anchored in the OECD Fair Information Practice Principles; the public should have control over their personal information, and privacy does not impede innovation. Allow me to assure all of you that in addition to the IAPP story, I have indeed viewed the video of Mayer-Schönberger’s Brussels keynote and have read the two papers he referenced.

More from Ann Cavoukian

Opinion

Eroding Trust: How New Smart TV Lacks Privacy by Design and Transparency

A year ago I got a new Samsung DVD player for Christmas. It’s a lovely device that I use most every day—mostly for streaming video from Netflix and Amazon. I apparently can also make Skype calls from it, though I haven’t tried — I’m told there are hundreds of other applications out there, so I’m probably underutilizing the device. But I’ve recently wondered—does Samsung log what I do on the player? Does it send information about my viewing back to Samsung. I . . . I guess I have no idea.

More from Justin Brookman

Transparency

What Acxiom Can Teach the NSA About Transparency

By Jedidiah Bracy, CIPP/US, CIPP/E

At last month’s IAPP Privacy Academy, I attended a session on “taming Big Data.” Much of the discussion involved the difficulties of conveying Big Data collection and use practices to consumers. As IAPP VP of Research Omer Tene has said, explaining the online tracking landscape would be equal to placing an average person in the cockpit of a fighter jet and asking him or her to fly it. Good luck with that.

Being transparent about such complex processes is understandably challenging for Big Data businesses and the privacy pros fully immersed in the weeds. We also hear folks talk about fostering consumer trust through corporate accountability. Good companies will be as transparent as possible, but must continuously demonstrate to their customers that they are trustworthy. Transparency is but one step toward a truly accountable organization and it’s a process that never really ends. 

More from Jedidiah Bracy

Trending

When Embarrassing Photos Metastasize Online and How One Person Took Control of It

By Jedidiah Bracy, CIPP/US, CIPP/E

What are you going to be for Halloween? If you do plan on dressing up, what are the chances photos of you in your glorious costume will be taken and posted online? Well, we’ll come back to this…

A few months back, I wrote about the nightmare of having an ex-spouse post embarrassing and vengeful photos of Lee David Clayworth online. The generativity of the Internet allows information to flow and metastasize so quickly, such disturbing posts can be almost impossible to take down or control.

More from Jedidiah Bracy

Trending

Reelection Statistics, Predictability, Big Data Drinking Games and Other Things I Learned This Week

By Jedidiah Bracy, CIPP/US, CIPP/E

Today, Forbes’ Kashmir Hill reported on the work of a man going by the name of “Puking Monkey.” This creative electronics tinkerer hacked into his RFID-enabled toll booth pass—a great feature for travelers, especially for us up here in the Northeast who regularly must pass through countless toll booths—and configured it to alert him whenever it was being read. What he discovered was that all over New York City, his E-Z Pass was being tracked—and not just by toll booths.

Of course, the surveillance capabilities are concerning, but this also stuck out to me:

More from Jedidiah Bracy

Accountability

Accountability Is About Values

Over the past year, I reflected on why I have been doing privacy for nearly a quarter of a century. As privacy professionals, you and I do privacy because we believe people shouldn’t be afraid of being harmed by the digitization of their pathways through life. We do privacy so young adults may evolve into the people they will be, rather than be predestined by mathematics. We do privacy so individuals may think new thoughts, explore new concepts and converse with others without painting a black-and-white picture of themselves rather than one that reflects a thousand shades of grey or a rainbow of color. We do privacy because we believe privacy is fundamental to human dignity and freedom. After reflection, I decided it is time for me to focus on the role of values in privacy. So today I begin a new journey leading the Information Accountability Foundation.

Posted in Accountability
More from Martin Abrams