Privacy should not be underestimated or taken for granted. Following the Privacy @ Play Summit last month, Malcolm Crompton explains why good privacy is good business.
Each year, the International Association of Privacy Professionals Australia New Zealand (iappANZ) convenes its Annual Summit.
They have proved to be the stand out event for anybody interested in global developments in privacy or what our region’s privacy regulators are really thinking.
There were two prominent themes this year: (1) the quickening pace of data-driven technological change, and (2) accountability as a means for businesses and governments to create value, manage risk and build trust in this dynamic environment.
Exciting technological developments driven by a deluge of data, including personal information, are touching every aspect of modern society. We are in the early stages of smartphones and other wearables becoming commonplace, sensors becoming ubiquitous and everyone (and everything) becoming connected. As keynote speaker Larry Irving (Internet and telecommunications advisor to the Clinton Administration) observed, “it’s not science fiction, it’s not tomorrow, it’s today.”
Multiple sessions noted how the increasing quality and especially quantity of data that is generated and collected will transform diverse sectors (including government, banking, health, transportation and agriculture) and create enormous market opportunities. Panellistshighlighted key trends including the growing abundance of personal metadata (i.e., information about us rather than information that identifies us) and the widespread use of analytics even when we don’t realise it.
While Big Data and the Internet of Things will undoubtedly bring great benefits, tricky questions were raised with respect to personal information in particular: Who owns the data? Who gets to decide what happens to it? Can we really consent if we don’t have a choice? How is it protected from loss and misuse? Control – or rather, the lack of it among individuals – was identified as a crucial issue that needs to be addressed going forward.
After a dismal year of data breaches and as the record numbers of complaints to the OAIC demonstrate, privacy is clearly a mainstream concern. For businesses, this means that privacy is not just a compliance issue but also a matter of trust.
The importance of trust was encapsulated by the second theme of the summit: accountability. Put simply, accountability is about organisations building trust by first implementing and then demonstrating adherence to concrete privacy policies and practices. In launching the Privacy Governance Framework for the New South Wales public sector, Dr Elizabeth Coombs (NSW Privacy Commissioner) highlighted the importance of leadership in establishing the priorities and culture for respecting privacy within an organisation. It might have been developed specifically for the NSW public sector, but all organisations would benefit from considering how such a framework might be applied to them.
The Thought Leadership panel provided useful insight into the regulatory efforts of some of our Asia-Pacific neighbours to promote accountability in their respective jurisdictions. Here in Australia, Timothy Pilgrim (Commonwealth Privacy Commissioner) noted that accountability is embodied in the Australian Privacy Principles, namely APP 1 (implement practices, procedures and systems to comply with the APPs – i.e., “the bedrock principle”) and APP 8 (cross-border disclosures).
In his opening address Mr Pilgrim reiterated his commitment to work with organisations to attain good privacy practice, including the release of further guidance on compliance with the APPs. He also signalled his intention to conduct privacy audits of “high risk or high volume” organisations over the next 12 months. Finally, in light of the Federal Government’s plans to disband the OAIC, Mr Pilgrim dispelled any uncertainty by declaring that for privacy, it will be “business as usual”.
Having promoted the idea that good privacy is good business since the turn of the century, I am heartened to see that the idea has now gained broad acceptance, including among the attendees with whom I spoke. Accountability will be a key strategic differentiator in today’s dynamic environment – do the right thing by individuals and you can reap the benefits of innovative data applications while building trust and avoiding regulator scrutiny. Implementing and demonstrating good privacy practice must start from the top of the organisation.