Privacy & Information Security Law Blog

On September 29, 2010, the Centre for Information Policy Leadership (the “Centre”) hosted a pre-conference workshop at the International Association of Privacy Professionals (”IAPP”) Privacy Academy in Baltimore, Maryland.  The tutorial “Accountability on the Ground,” led by Centre Executive Director Marty Abrams, offered practical guidance on the subject of accountability.  The workshop, which featured presentations by Centre member companies, discussed in-depth examples of how organizations can implement an accountability program.

Over the past year, the Fair Information Practice Principle of Accountability has figured prominently in international and national policy discussions about how to improve privacy and data protection.  Current approaches are increasingly challenged by the ubiquitous collection of data, the increased speed and power of processing and the complex business models and vendor networks that support data flows and analytics.  Robust data flows hold tremendous potential for economic benefit for individuals and businesses, but that potential can be realized only if individuals trust that their data is used responsibly and their privacy is protected.

The article, Accountability: Part of the International Public Dialog About Privacy Governance, published by BNA Privacy and Security Law last week during the IAPP Privacy Academy, highlights the growing importance of the accountability principle to new models of privacy governance.  The BNA article discusses the anticipated benefits of accountability, among them increasing flexibility for businesses to use data in innovative ways and reducing the burden on individuals to police the marketplace.  The article also covers other forums where accountability has been considered, including the December 2009 and July 2010 documents released by the Article 29 Working Party, the ongoing deliberations over implementation of the APEC Privacy Framework, and the proposed international standards for privacy that are the subject of the Madrid Resolution.  In addition, the article reviews the essential elements of accountability articulated last year in the discussion document, “Data Protection Accountability: The Essential Elements.”  That paper, released by the International Accountability Project led by the Centre, proposes that, to be accountable, organizations should (1) commit to policies based on widely accepted external criteria (such as the OECD Guidelines or the APEC Privacy Framework), (2) implement internal programs that ensure those policies are carried out in practice, and (3) be prepared to demonstrate the organization’s accountability when called upon to do so.

Later this month, at the International Data and Privacy Commissioners conference in Jerusalem, the Accountability Project will release a paper focusing on how companies demonstrate, and how data protection authorities measure, accountability.