At this year’s IAPP Global Privacy Summit, I repeatedly encountered references to and quasi-explanations of the “risk-based approach” to privacy. The risk-based approach is, apparently, the new black now that accountability is no longer quite so chic. With its focus on the privacy risks incurred by individuals, the risk-based approach is, I was informed, a bold new direction for the privacy profession.
Taken at face value, it’s rather difficult to imagine a more damning indictment of the privacy profession. It’s 2014 and we’ve only just started worrying about risks to individuals?