Effective Data Protection Governance An Approach to Information Governance in an Information Age. OECD Expert Consultation Boston October 2016

Similar documents
Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Ten Principles for a Revised US Privacy Framework

Ethical issues raised by big data and real world evidence projects. Dr Andrew Turner

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Analysis of Privacy and Data Protection Laws and Directives Around the World

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

About the Office of the Australian Information Commissioner

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

Data Protection and Privacy in a M2M world. Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

Pan-Canadian Trust Framework Overview

Privacy Management in Smart Cities

Towards a Magna Carta for Data

Section 1: Internet Governance Principles

Responsible Data Use Policy Framework

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

REPORT ON THE INTERNATIONAL CONFERENCE MEMORY OF THE WORLD IN THE DIGITAL AGE: DIGITIZATION AND PRESERVATION OUTLINE

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

The Blockchain Ethical Design Framework

Hong Kong Personal Data Protection Regulatory Framework From Compliance to Accountability

Big Data & AI Governance: The Laws and Ethics

IoT in Health and Social Care

Privacy Policy SOP-031

Media Literacy Policy

04 - Introduction to Privacy

Alan Turing Institute: May 30, 2017

BLOCKCHAIN FOR SOCIAL GOOD. November 9, 2017 Dr. Cara LaPointe

HealthTech: What does it mean for compliance?

TRANSFORMATIVE (INNOVATION) POLICY

Sensor Technology Innovations Enabling Quantified-Self (Technical Insights) Nine Pronged Technology Assessment-- New Era of Self-Monitoring Devices

Privacy, Technology and Economics in the 5G Environment

Our Corporate Strategy Digital

Trusted Digital Transformation. Considerations for Canadian Public Policy. January 2019

The Information Commissioner s role

The new GDPR legislative changes & solutions for online marketing

Ethics Review Data Sharing Bridging Legal Environments

The Privacy Case. Matching Privacy-Protection Goals to Human and Organizational Privacy Concerns. Tudor B. Ionescu, Gerhard Engelbrecht SIEMENS AG

Challenges and Innovations in Digital Systems Engineering

How do you teach AI the value of trust?

Toppindustrisenteret AS. April 2017

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

Building DIGITAL TRUST People s Plan for Digital: A discussion paper

COMMISSION RECOMMENDATION. of on access to and preservation of scientific information. {SWD(2012) 221 final} {SWD(2012) 222 final}

Privacy, Ethics, & Accountability. Lenore D Zuck (UIC)

Whatever Happened to the. Fair Information Practices?

APEC PRIVACY FRAMEWORK

Nymity Demonstrating Compliance Manual: A Structured Approach to Privacy Management Accountability

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Protection of Privacy Policy

Spurring Big Data-Driven Innovation and Promoting Responsible Data Governance in a Privacy-Centred Europe

Research with Digital Health Methods 2.0 version date: 03/06/18

Violent Intent Modeling System

ENABLERS FOR DIGITAL GOVERNMENT: A DATA DRIVEN PUBLIC SECTOR

Personal Data Protection Competency Framework for School Students. Intended to help Educators

Digital Preservation Strategy Implementation roadmaps

Internet, Human Rights and privacy

Societal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics

ISACA Privacy Principles and Program Management Guide. Yves LE ROUX CISM, CISSP ISACA Privacy TF Chairman. Insert Date Here

Guide to Water-Related Collective Action. CEO Water Mandate Mumbai Working Session March 7, 2012

EUROPEAN GNSS APPLICATIONS IN H2020

Proposed Changes to the ASX Listing Rules How the Changes Will Affect New Listings and Disclosure for Mining and Oil & Gas Companies

Toronto Real Estate Board Submission to Office of the Privacy Commissioner of Canada. July 2016

A CALL TO (H)ARMS: THE CRY FOR HARMONIZATION OF SECURITY AND PRIVACY LAWS

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Toward Objective Global Privacy Standards. Ari Schwartz Senior Internet Policy Advisor

2

Privacy by Design: essential for organizational accountability and strong business practices

Global Alliance for Genomics & Health Data Sharing Lexicon

ICC POSITION ON LEGITIMATE INTERESTS

Details of the Proposal

Executive Summary. The process. Intended use

Information Privacy Awareness Seminar

Unified Ethical Frame for Big Data Analysis IAF Big Data Ethics Initiative, Part A. Draft March 2015

Science and Innovation Policies at the Digital Age. Dominique Guellec Science and Technology Policy OECD

Legal Issues Related to Accountable-eHealth Systems in Australia

Stakeholder Involvement. Nuclear Issues. INSAG and IAEA perspective BASIS FOR KNOWN PUBLIC CONCERN. INSAG-20 Stakeholder Involvement in

30 April 2 May 2018 ICC Sydney Unlocking the Future through Systems Engineering. sete2018.com.au. Ksenia Ivanova

The 45 Adopted Recommendations under the WIPO Development Agenda

The Toronto Declaration: Protecting the rights to equality and non-discrimination in machine learning systems

Robert Bond Partner, Commercial/IP/IT

The Gibraltar Financial Services Commission. Experienced Investor Fund Directors Thematic Review Outcomes

Fostering Seed Innovation

A Computing Research Perspective on a Learning Healthcare System. Kevin Sullivan Computer Science University of Virginia 4/11/2013

Trends in. Archives. Practice MODULE 8. Steve Marks. with an Introduction by Bruce Ambacher. Edited by Michael Shallcross

Privacy and the EU GDPR US and UK Privacy Professionals

Delineation and Regulatory Oversight of Processing Oil and Gas Midstream Facilities

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

BSA COMMENTS ON DRAFT PERSONAL DATA PROTECTION ACT

Big data: a complex and evolving regulatory framework

Engineered Resilient Systems DoD Science and Technology Priority

Transparency in Negotiations Involving Norms for Knowledge Goods. What Should USTR Do? 21 Specific Recommendations

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

DATA PROTECTION IMPACT ASSESSMENT

A stronger system to protect the health and safety of Canadians. Exploring the Future of the Food Regulatory Framework Under the Food and Drugs Act

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

The ALA and ARL Position on Access and Digital Preservation: A Response to the Section 108 Study Group

Safety related product corrective action

Before the National Telecommunications & Information Administration Department of Commerce Washington, DC

Reassessing Contemporary Approaches to Digital Inclusion & Broadband Development : Meaningful Public Policy and Regulatory Innovations

APEC Internet and Digital Economy Roadmap

Transcription:

Effective Protection Governance An Approach to Information Governance in an Information Age OECD Expert Consultation Boston October 2016

Today s Objectives Are the Same, But the Challenges Are Different protection and privacy law have always had the dual objectives of facilitating the free flow of information, while protecting individuals interests in privacy and preventing inappropriate uses. Today, data protection is being thought about as ensuring a full range of individual interests has been considered while enabling knowledge growth through data. The acceleration of data generated from analytics, the increasing velocity of data flows, and the vastly expanding potential uses of data, even by entities that have no direct relationship with the individual, require a fresh new, dynamic and ethical approach to best accomplish these dual objectives. The Effective Protection Governance Project Born from a recognized need by business sponsors that a new model was required Rapidly developing and iterating a framework that is actually applied, not just theoretical Builds on work done by the IAF (specifically Big Ethics) and work underway (Legitimate Interest Balancing) Short and Long-term utility - helpful as today s policy models develop and are implemented Time to test in a specific test case an IoT scenario Time to more broadly engage with stakeholders 2

Key Questions for an Effective Protection Governance System 1. What broader responsibilities are required for data stewards? 2. How would a Comprehensive Impact Assessment work and how would it scale (up and down a data intensity scale)? 3. What level of participation is meaningful and practical for an individual to have; meaningful yet puts/keeps the individual in the center? - When should individual participation occur? - How does the individual exercise his/her control? 4. What types of oversight are needed? - How would enforcement work? 5. How does an evolved governance system benefit regulators, individuals (consumers) and business? 3

Why is Today More Complicated? A Two Dimensional Problem - Information flows and uses are beyond the ability and expectations for individuals to manage and for regulators to easily enforce. Breadth & Depth Ecosystem Participants Industry Codes Standards Bodies Governance Laws/ Government Regulators User Direct Relationships User Initiated Packaged with the Product Product Service Provider / Distributor Primary Apps & Software/Services Support Services Value Add Product Providers Device Other User Chosen Entities Value Add Products Connectivity Provider Other Bundled Products Indirect Relationships 3 rd Party Fraud 3 rd Party Marketing 3 rd Party Research 3 rd Party BI or Bus Efficiency 3 rd Party Other Uses?? 4

Future Framework for Ethical Governance Upstream Legitimate Source(s) Provenance (Collected, Observed, Created) Known & Unknown Use(s) (A and Use Based Approach) Downstream Comprehensive Impact Assessment Acceptable Application of Transparency - Comprehensive Notice Optional- - Privacy policy User Engagement (Meaningful Contextual Participation) - Opt-Out (Implied Consent) - Opt-In (Affirmative) - Access/Correction/Deletion - Compliant Handling /Redress Standard - Accountability Program - Independent Oversight - Reasonable Security - Integrity - Cross-Border - Other Legal - Self-Regulation - Retention - Provenance - Legitimate Sources - Upstream - Legitimate Recipient - Downstream 5

Framework for Ethical Governance Comprehensive Impact Assessment Upstream Legitimate Source Provenance (Collected, Observed, Created) Notice for Regulators Accountability Program Independent Oversight Identifiability Sensitivity of and/or Use Cross-Border Self-Regulatory Other Legal Known & Unknown Use(s) Fair/Ethical Use /Use Benefit(s) Legitimate Interest Reasonable Security Retention Integrity Downstream Meaningful User Engagement(s) Access, Correction & Deletion Complaint Handling Acceptable Application of Legitimate Recipient 6

Benefits? Regulators More thorough application of privacy principles by businesses that include what is currently non-pii data and is not covered by most data protection laws. More effective information governance covering a broader range of interests, including more meaningful and innovative ways in which individuals are engaged relative to collection and use of information about them. A process to establish an organization s use of legitimate interest and increased and greater use of assessments. More accountability/enforceability over responsible business use of information about individuals including areas that may not be subject to direct regulation, and/or where a direct consumer relationship may not exist. Define domains where codes of conduct would enhance protection when data is used beyond the understanding and expectations of individuals Individuals More relevant ways for individuals to engage with information about them and more contextual ways to participate in meaningful control over that data. With more accountability for businesses to use information about individuals responsibility, there is less risk to the individual, resulting in higher confidence that business are focused on a broader set of the individuals risks around the use of information about them. Business Greater confidence in their information governance system because it manages a broader set of interests and risks allowing businesses to aggressively leverage information to create value. Clarity around regulator expectations for an accountable process to establish objective based obligations. Freedom to innovate through data discovery (learning). Flexibility to innovate around consumer centric engagement. 7

Next Steps Engage individuals/small groups for interactive/collaborative feedback Test, explore, develop the framework with wearable (IoT) scenario through a multi-stakeholder approach Further refine and test the framework applicability to other information intensive scenarios Design/Test an assessment approach/tool Areas still to develop Role and function of the Regulator, Oversight, How is Risk to be determined, What demonstration of Accountability is needed. Define the parameters that establish processing for a research (learning) purpose Impact vs Engagement; when to engage with an individual. Key Questions: Trust? 8

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback