We need a different approach to how organisations are held to account for their management of information if we are to have effective privacy protection in the era of Big Data and the Internet of Things. Malcolm Crompton says we should have accountable systems that are as scalable as the growth of personal information about us.
Danny Weitzner has been thinking about ‘accountability at scale’ for some time. Along with Tim Berners-Lee he founded theDecentralized Information Group in MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).
“A new approach to privacy management is necessary in order to enable organizations to handle data at scale and simultaneously remain consistent with the high standards of privacy protection.”
He then goes on to set down in his blog “four key features necessary for any information accountability solution:
- Common and simple language to create data use rules. Data users and privacy professionals should be able to create and implement rules, without the need for IT support. Changes must also be easy to make and apply automatically to all data. A change in government regulation need not cause major disruptions to the business line owners.
- Shared repository of policies and rules that apply to data held across the organization.
- Automated, real-time reasoning of data usage against these rules. Manual, point-in-time, procedural audits are not sufficient anymore, no matter how automated the audit reporting might be.
- Continuous monitoring and reporting. If privacy adherence exceptions arise, real-time alerts should be accompanied by an easy-to-understand explanation of why the behavior in question is inappropriate. Privacy professionals should be able to view compliance status at any point in the monitoring.”
Any discussion about Digital Enlightenment will have to consider ways of effective, enforceable, scalable Information Accountability. CSAIL is making a valuable contribution to developing it.