What’s One Way Organizations Can Be More Accountable? Privacy Education
Over the past ten years, the components of an accountable privacy program have evolved through a combination of privacy professional best practices (e.g. IAPP materials), scholarship (e.g. the Center for Information Policy Leadership Accountability effort) and regulator action (e.g. FTC consent orders). During the same period, the notice and consent model of privacy regulation has become insufficient and outdated.
As Victor Mayer-Schonberger and Kenneth Cukier observe in their excellent book, Big Data: A Revolution That Will Transform How We Live, Work and Think, “We must protect privacy by shifting responsibility away from individuals and toward the data users—that is, to accountable use.” We must couple this increased focus on accountability with efforts to educate individuals on how technology may impact their privacy. We—government, advocacy organizations and corporations—all share responsibility for this education and awareness. However, those companies profiting from this new data rich environment have a special obligation. This is why Intel has been a proud sponsor of Data Privacy Day for the past six years. Data Privacy Day provides an annual reminder of the importance of privacy in our lives.
Regulators now recognize the importance of education and awareness as a critical component of an accountable privacy program and the importance of regular celebrations of privacy, such as Data Privacy Day. The recent settlement Google (PDF) made with 38 states calls for the company to conduct an awareness campaign for a “Privacy Week.” This settlement serves as a useful model for future regulatory action. Such education and awareness programs can have significant effects, as the best way to understand something is to teach it.
There is no better network poised to navigate privacy cultures and raise the collective consciousness of privacy than privacy professionals.
Organizations should not wait for regulator enforcement actions to conduct privacy outreach. Now is the time to empower and educate about privacy. Our customers, communities and the networks we interact with all are in need of information about privacy and safeguarding data. Quality, actionable information and advice is always best received when it comes from a trusted source.
Privacy professionals should be that trusted source.
As privacy professionals, we have the advantage of knowing the privacy landscape and can explain in practical terms how individuals can protect themselves. Schools currently only provide minimal privacy instruction. Privacy professionals can help fill that gap by engaging with schools, smaller businesses and others in the community at large.
Getting involved doesn’t have to be complicated. Here are a few suggestions:
- Engage now to participate in Data Privacy Day 2014.
- Build in the Stop. Think. Connect. messaging and materials into your corporate privacy outreach.
- Organize employees to conduct privacy outreach in schools, community centers and senior centers.
- Write articles for the local newspaper or community newsletter.
- Provide tips and advice on community listservs.
- Leverage personal and social media networks to get the word out. For example, ask teachers to speak with their class about online reputations and safety and how they can protect themselves.
- Hold sessions for parents at school or PTA meetings.
- Engage your peers. Talk about the best way to engage the community at an IAPP KnowledgeNet meeting.
Many of us work for organizations creating the components of the connected digital infrastructure and acting as stewards of the data therein. We need to be accountable to the individuals whose data we hold and protect. Privacy education and awareness should be a fundamental part of making good on that commitment of accountability.
Together, we can make the Internet a more secure and trusted platform because that is the ultimate goal for us all.
About the Author
David Hoffman, CIPP/US, is Director of Security Policy and Global Privacy Officer at Intel Corporation, in which capacity he oversees Intel’s privacy compliance activities, legal support for privacy and security and all external privacy and security policy engagements. Hoffman was a member of the U.S. Federal Trade Commission’s Online Access and Security Committee. In 2005, Hoffman was appointed to the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. He also serves on the Center for Strategic and International Studies Cyber Security Commission.
Hoffman has a JD from The Duke University School of Law, where he was a Member of the Duke Law Journal and has received an AB from Hamilton College.