We need a different approach to how organisations are held to account for their management of information if we are to have effective privacy protection in the era of Big Data and the Internet of Things. Malcolm Crompton says we should have accountable systems that are as scalable as the growth of personal information about us.
Danny Weitzner has been thinking about ‘accountability at scale’ for some time. Along with Tim Berners-Lee he founded the Decentralized Information Group in MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).
In a new blog “Real Privacy Tools for Big Data” for IAPP’s Privacy Tech, Danny writes that:
“A new approach to privacy management is necessary in order to enable organizations to handle data at scale and simultaneously remain consistent with the high standards of privacy protection.”
He then goes on to set down in his blog “four key features necessary for any information accountability solution:
Common and simple language to create data use rules. Data users and privacy professionals should be able to create and implement rules, without the need for IT support. Changes must also be easy to make and apply automatically to all data. A change in government regulation need not cause major disruptions to the business line owners.
Shared repository of policies and rules that apply to data held across the organization.
Automated, real-time reasoning of data usage against these rules. Manual, point-in-time, procedural audits are not sufficient anymore, no matter how automated the audit reporting might be.
Continuous monitoring and reporting. If privacy adherence exceptions arise, real-time alerts should be accompanied by an easy-to-understand explanation of why the behavior in question is inappropriate. Privacy professionals should be able to view compliance status at any point in the monitoring.”
Any discussion about Digital Enlightenment will have to consider ways of effective, enforceable, scalable Information Accountability. CSAIL is making a valuable contribution to developing it.
Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a company that works with public sector and private sector organisations all over the world to help them build customer trust through respect for the customer and their personal information. He was also foundation President of the International Association of Privacy Professionals, Australia New Zealand. In 2012 he received the Privacy Leadership award in Washington DC for his global contribution to the privacy profession. His Open Forum blog is at http://www.openforum.com.au/blogs/malcolm-crompton.
This blog was first published on the Digital Enlightenment Forum blog.