Data Protection Law and the Ethical Use of Analytics
Time 3 Minute Read
Categories: Centre for Information Policy Leadership, Information Security

The Centre for Information Policy Leadership (the “Centre”) this week issued “Data Protection Law and the Ethical Use of Analytics,” authored for the Centre by Paul Schwartz, Professor of Law, Berkeley Law School, University of California.  Marty Abrams shared this paper on November 30, 2010, at the European Data Protection and Privacy Conference in Brussels and plans to present the paper on December 1, 2010, at the Organization for Economic Cooperation and Development.

The paper examines the increasing role of analytics – the use of information to make decisions and to create new products and services – in 21st century organizations.  Analytics provides a way for organizations to draw on the great quantities of information in their control or available from third parties.  Leading authorities on the practice of analytics refer to the phenomenon as “the extensive use of data, statistical and quantitative analytics, explanatory and predictive models, and fact-based management to drive decisions and actions.”  According to the paper, analytics takes the information that entities have, or to which they can gain access, and converts the information into knowledge they can act on.

The paper argues that analytics should be considered in a manner that takes into account the risks that a specific use of analytics poses to privacy and the kind of responsible processes that should accompany such use.  It considers examples of analytics in action, including multichannel marketing, fraud prevention and data security, health care research and a variety of products for direct use by individuals.

The paper identifies four distinct stages of analytics: (1) collection, (2) integration and analysis, (3) decision-making and (4) review and revision.  It also proposes that responsible data processing should be tailored to the discrete stages in which analytics is used.  At the same time, the paper examines the complex questions that analytics raises for data protection law modeled on fair information practices and proposes a set of ethical guidelines for the use of analytics.

Organizations participating in this project included a cross-section of leading private sector companies that currently use analytics.  The paper’s ethical standards were developed through a series of interviews and a workshop involving experts from those organizations.  The Centre expects that this paper will form the basis for further discussions about applying data protection to advanced analytic processes.

For more information on the Centre’s projects, please visit the Centre’s website.

Tags: Fair Information Practice Principles
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
NIST Launches Privacy Framework Effort

On September 4, 2018, the Department of Commerce’s National Institute of Standards and Technology (“NIST”) announced a collaborative project to develop a voluntary privacy framework to help organizations manage privacy risk. The announcement states that the effort is motivated by innovative new technologies, such as the Internet of Things and artificial intelligence, as well as the increasing complexity of network environments and detail of user data, which make protecting individuals’ privacy more difficult. “We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
NIST Releases Privacy Engineering and Risk Management Guidance for Federal Agencies

On January 4, 2017, the National Institute of Standards and Technology (“NIST”) announced the final release of NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems. NISTIR 8062 describes the concept of applying systems engineering practices to privacy and sets forth a model for conducting privacy risk assessments on federal systems. According to the NIST, NISTIR 8062 “hardens the way we treat privacy, moving us one step closer to making privacy more science than art.”

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Upcoming NIST Workshop to Focus on Draft Privacy Engineering Concepts

On September 15-16, 2014, the National Institute of Standards and Technology (“NIST”) will sponsor a workshop to further its Privacy Engineering initiative. The workshop will focus on developing draft privacy engineering definitions and concepts that will be explored in a forthcoming NIST report.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 4 Minute Read
Fred Cate of the Centre Submits Comments to NIST on Preliminary Cybersecurity Framework

On December 12, 2013, Fred H. Cate, Senior Policy Advisor in the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”), submitted comments in response to the National Institute of Standards and Technology’s (“NIST’s”) Preliminary Cybersecurity Framework (the “Preliminary Framework”). On October 22, NIST issued the Preliminary Framework, as required by the Obama Administration’s February 2013 executive order, Improving Critical Infrastructure Cybersecurity (“Executive Order”), and solicited comments on the Framework. The Preliminary Framework includes standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber risks.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page