Copyright, 1997-2004 1 The Search for Balance: The Past, Present and Future of Privacy Impact Assessments Roger Clarke Xamax Consultancy Pty Ltd, Canberra.

Slides:



Advertisements
Similar presentations
Community-Based Research Workshop Series CBR 206 Writing Effective Letters of Intent.
Advertisements

Copyright, Why PIAs ? Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Unis. of Hong Kong and U.N.S.W. Visiting Fellow,
Copyright Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Uni. of Hong Kong, A.N.U. & U.N.S.W.
Copyright, Invitation to Research RESEARCH ETHICS Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, CSIS, Uni of Hong Kong Visiting.
Copyright Digital Privacy Roger Clarke, Xamax Consultancy, Canberra Board Member, Australian Privacy Foundation Visiting Professor, Unis. of.
Copyright, Issues from Internet Technologies 2 – Apps for Collaboration & Subversion Roger Clarke, Xamax Consultancy, Canberra Visiting Prof/Fellow,
Copyright, A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,
Chapter 6. Competitive strategy: The analysis of strategic position
CHAPTER 1 Basic Concepts of Strategic Management
Cost Management ACCOUNTING AND CONTROL
Requirements Engineering Process
Copyright 2006 McGraw-Hill Australia Pty Ltd PPTs t/a Management Accounting: Information for managing and creating value 4e Slides prepared by Kim Langfield-Smith.
Enabling non-technical innovation – enabling the demand side Professor Stephen Roper Warwick Business School, UK
Science Subject Leader Training
Erasmus Work Placement Workshop: the risk & insurance implications Rachel Phillips Marsh UK HE Practice Leader Mary Murtagh – Marsh Risk.
1 Environmental Assessment of Trade Negotiations Government of Canada Approach WTO Public Forum September 25, 2006.
ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.
EuropeAid ENGAGING STRATEGICALLY WITH NON-STATE ACTORS IN NEW AID MODALITIES SESSION 1 Why this Focus on Non-State Actors in Budget Support and SPSPs?
Project design, preparation and approval Basel Convention Resource Mobilization Workshop Nairobi, 3 – 7 December 2006 Andreas Arlt Secretariat of the Basel.
Module N° 7 – Introduction to SMS
Framework for K-Farm Green Value Chain Production of Carambola
Illinois Department of Children and Family Services, Pathways to Strengthening and Supporting Families Program April 15, 2010 Division of Service Support,
Transport for London Supplier Diversity Stonewall Presentation Clive Saunders Equality & Inclusion Delivery Manager Group Services.
Project Appraisal Module 5 Session 6.
Options appraisal, the business case & procurement
Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.
Cost Analysis for Decision Making
1 Operating Procedures and Training Presented at: IIAR 2004 Ammonia Refrigeration Conference & Trade Show, Kissimmee, Florida By: Lawrence F. Tex Hildebrand.
1 Implementing Internet Web Sites in Counseling and Career Development James P. Sampson, Jr. Florida State University Copyright 2003 by James P. Sampson,
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Writing Negative Messages
Where to find information…. What topics this presentation covers: Strategic Planning Developing a Business Plan Developing a Marketing Plan Risk Management.
Configuration management
Software change management
EMS Checklist (ISO model)
Town Hall Presentation January 9-10, 2002 Curtis Powell Vice President for Human Resources The Division of Human Resources and William M. Mercer, Incorporated.
Chapter 5 – Enterprise Analysis
Quality Assurance/Quality Control Plan Evaluation February 16, 2005.
2009 Strategic Planning playbook
Integrated Approach to Area Master Planning in Jubail Industrial City
Effectively applying ISO9001:2000 clauses 6 and 7.
Chapter 10 Project Cash Flows and Risk
1 The interconnection of business registers Judit Fischer – DG Internal Market and Services Budapest, 14 June 2010.
Reform and Innovation in Higher Education
Training Employees 8 Human Resources Management and Supervision OH 8-1.
Developing and Implementing a Monitoring & Evaluation Plan
Strategic Financial Management 9 February 2012
CONSULTATION AND THE SAFEGUARD POLICIES ECA Safeguard Training for PIUs, May 17, 2011.
Global E-Commerce Back to Table of Contents.
Visual 3.1 Delegation of Authority & Management by Objectives Unit 3: Delegation of Authority & Management by Objectives.
Internal Control and Control Risk
International Opportunities
McGraw-Hill/Irwin Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved. Global Business and Accounting Chapter 15.
Copyright ©2013 Pearson Education, Inc. publishing as Prentice Hall
1. Karadeniz Technical University Continuing Education Center has been established to organize Karadeniz Technical University’s continuing education programs,
Copyright © 2002 by The McGraw-Hill Companies, Inc. All rights reserved Chapter The Future of Training and Development.
NORMAPME ISO User Guide for European SMEs The essence of.
Chapter 14 Fraud Risk Assessment.
Public Consultation/Participation in an EIA Process EIA requires that, as much as possible, both technical / scientific and value issues be dealt with.
1 Regulatory Impact Assessment: Methodology and Best Practices David Shortall INMETRO International Workshop on Conformity Assessment Rio de Janeiro, Brazil.
Environmental Impact Assessment (EIA): Overview
Registrant Engagement Through CPD Aoife Sweeney, Head of Education, CORU - Health and Social Care Professionals Council, Ireland.
UNEP Training Resource ManualTopic 1 Slide 1 Aims and objectives of EIA F modify and improve design F ensure efficient resource use F enhance social aspects.
Stakeholder consultations Kyiv May 13, Why stakeholder consultations? To help improve project design and implementation To inform people about changes.
Overview of Environmental Impact Assessment. Overview of EIA The Basics Who Sets the standards? Why do an E(SH)IA? Where does it fit in development planning?
DEVELOPING THE WORK PLAN
Copyright Public Policy is Within-Scope Roger Clarke Xamax Consultancy Pty Ltd Visiting Professor in Computer Science, ANU and in Cyberspace Law.
Copyright  2006 McGraw-Hill Australia Pty Ltd PPTs t/a Management Accounting: Information for managing and creating value 4e Slides prepared by Kim Langfield-Smith.
Educational contributions to cohesion and well-being in European social and institutional life.
Strategic Environmental Assessment (SEA)
Presentation transcript:

Copyright, The Search for Balance: The Past, Present and Future of Privacy Impact Assessments Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Unis. of Hong Kong and U.N.S.W. Visiting Fellow, Dept of Computer Science, ANU {.html,.ppt} Queens University, Kingston ON – 9 June 2004

Copyright, The Past, Present and Future of PIAs Agenda 1.Where They Came From 2.What They Are 3.Why PIAs? 4.Can They Counter the PITs?

Copyright, Technology Assessment European movement US OTA, Technologists and Technocrats are too close Social Scientists are too far away: Dont regulate what you dont understand Cross-over Individuals Multi-Disciplinary Teams

Copyright, Environmental Impact Statements (EIS) The green movements of the 1960s For major projects since the 1970s Costly and slow One-sided, manipulated, closed, unauditable Public cynicism Public reactions, sometimes fatal to projects Limited by jurisdictional boundaries

Copyright, Environmental Impact Assessment (EIA) the identification of future consequences of a current or proposed action To address the cynicism Public consultation, publication, review Process as well as product Limited by jurisdictional boundaries

Copyright, Social Impact Statements Berkeley Gazette, 31 Oct 1974: "... the Council approved a proposed ordinance to require a social impact statement prior to implementation of any new or expanded city automated personal data systems" Motion by Cr Loni Hancock on the suggestion of Lance Hoffman

Copyright, Social Impact Assessment (SIA?) an outgrowth of EIA which focuses on the impact of development proposals on people,... including potential changes to population, lifestyle, cultural traditions, community dynamics, and quality of life and well being e.g. U.N. Economics & Trade Program, focussed on developing countries e.g.literature for the developed world ?

Copyright, Privacy Impact Statements – 1 of 2 HEW (1973) " Each time a new personal data system is proposed (or expansion of an existing system is contemplated) those responsible for the activity the system will serve, as well as those specifically charged with designing and implementing the system, should answer such questions as... " i.e. the concept, but not the term...

Copyright, Privacy Impact Statements – 2 of 2 Flaherty (1989) "The data protection agency can... [prepare] its own evaluations of the potential impact on personal privacy of proposed legislation and information systems.... It is important that small data protection agencies encourage the main government departments to prepare their own initial reviews of the impact of new technology, preferably in the form of 'privacy impact statements'..."

Copyright, Privacy Policy Statements / Notices Privacy Notice mania on the Web cf. safe harbor, i.e. image not substance Remarkable absence of guidelines Canadian PCer says: Inform customers, clients and employees that you have policies and practices for the management of personal information Make these policies and practices understandable and easily available

Copyright, Privacy Impact Assessment Data Matching Program Protocol – Australia, 1990 The following is to be filed with the Privacy Commer and (generally) made available for public inspection: identities of agencies legal basis for the program program objectives alternative approaches and why rejected details of any cost/benefit analysis undertaken outline of technical controls for data quality, integrity and security in the conduct of the program use of identification numbers the nature of actions resulting from the program

Copyright, Privacy Impact Assessment The term was used in publications in by the Privacy Commers of Ontario and BC (Ann Cavoukian and David Flaherty) Discussion session and publications in 1996 by NZ Dep. Privacy Commer (Blair Stewart) Exemplars of PIA Reports from 1995 onwards Guidelines published from 1994 onwards (one obscure guide even from 1991) Many limitations inherent in many Guidelines

Copyright, Privacy Impact Assessment A process that surfaces and examines potential impacts and implications of privacy-invasive proposals

Copyright, Objectives of the PIA Process Clearly define: business needs stakeholder groups privacy impacts and implications Enable understanding and assessment of the proposal Enable mutual understanding of stakeholder perspectives Ensure reflection of stakeholder perspectives in the outcomes Enable: maximisation of positive impacts avoidance or amelioration of negative impacts Maximise the likelihood of stakeholder support Avoid new requirements emerging late Earn public confidence Raise awareness, educate Anticipate and avoid misinformation campaigns

Copyright, Alternative Assessment Perspectives The Sponsor The Sponsors Strategic Partners Service and Technology Providers Users – and Usees / Clients / Regulatees People Business Enterprises and Associations Govt agencies at varying levels of govt The Society / Economy / Polity

Copyright, Methods to Support Assessment Sponsor Perspective Only Capital Investment Project Evaluation Discounted Cash Flows, Payback Period, NPV Assumes that all variables are measured in financial terms Deterministic, but can do Sensitivity Analysis Business Case Analysis Supports finl, quantitative, and qualitative measures Multi-Perspective Cost / Benefit Analysis (CBA) Finl, quant, qual measures Less precise, partly qualitative Recognises Opportunity Costs Sensitivity Analysis Cost / Benefit / Risk Analysis (COBRA) CBA + Focuses on key uncertainties Search for countermeasures

Copyright, Elements of the PIA Process Surfacing and Examination of the privacy impacts and implications of a proposal Development of a clear understanding of the Business Need that justifies the proposal and its negative impacts Gauging of the Acceptability of the proposal and its features by organisations and people that will be affected by it Assessment of Compliance of the proposal with existing privacy-related laws, codes, best practices and guidelines Constructive Search for, and Evaluation of, better Alternatives Constructive Search for ways to Avoid Negative Impacts, and ways to Ameliorate Unavoidable Negative Impacts Documentation and Publication of the Outcomes

Copyright, Who To Consult With? Citizens / Consumers / Users / Usees The people actually affected by the proposal Representatives Understand and can express the concerns of people within a particular population segment Public Interest Advocates Understand the technology, processes and issues Different approaches are necessary

Copyright, Consultations with People Most people cant cope with abstractions, and need concrete experiences So prime discussions with mockups, protoypes Use Focus Group technique: diverse group of 6-12 people, preferably without prior knowledge of one another typically for 1.5 to 2.5 hours a Moderator focuses discussion on a topic, but allows it to range across many aspects

Copyright, Consultations with Reps and Advocates Stakeholder Analysis and Segmentation Search for Representatives and Advocates Invitation to Participate Background Paper Consultation Workshop Assimilation of information provided into: the Scheme Design a PIA report Feedback

Copyright, Contents of a P.I.A. Report Description of the Proposal and its Applications Analysis of Privacy Concerns Summary of Laws, Codes, Best Practices and Guidelines, and Application to the Proposal Evaluation, and Justification for the Privacy Impacts Analysis of Public Acceptability Analysis of Measures to Avoid & Ameliorate Privacy Impacts Appendices: References to Laws, Codes, Best Practices and Guidelines Summary of the Consultative Processes Organisations and Individuals Consulted The Background Information Provided

Copyright, Key Features of a PIA – 1 of 2 More Process Than Product Not just an audit of compliance with existing laws Requires active involvement of all relevant parties, and incorporation of ideas into the emergent design (inclusive and participative, or at least consultative) Proxies need to be engaged, in order to: gauge the acceptability of various features constructively search for alternatives constructively search for ways in which negative impacts can be avoided, or at least ameliorated gain commitment

Copyright, Key Features of a PIA – 2 of 2 Is performed by the proposals sponsor not by a privacy regulatory agency not fully delegated to a consultant or contractor Commences early, to maximise involvement, avoid suspicion, and minimise re-work costs Involves multiple phases, such that shared understanding increases, and with it commitment Reduces the likelihood of later public opposition and misinformation campaigns, and, even if they are conducted, reduces their credibility

Copyright, Advocate Motivations Powerful parties through ignorance, impose schemes that unnecessarily compromise privacy demand that privacy be compromised, but that the interests of the powerful parties not be compromised Advocates want: informed design which avoids invasiveness where its practicable compromise among all interests

Copyright, Sponsor Motivations Social Responsibility For-Profits cf. Not-For-Profits cf. Govt Agencies Business Needs Return on Investment Task Transfer / Cost Transfer / Enhanced Svce User Adoption / Acceptance Other-Stakeholder Acceptance Business Not-Needs User Opposition Other-Stakeholder Opposition Bad Press, Embarrassed Ministers

Copyright, Public Policy Factors Service Quality Service Accessibility Service Equity Imposition of Effort and Cost Imposition of Risks Freedom of Information Public Safety, OH&S Privacy...

Copyright, Equity – Bases for Discrimination Physical Handicaps sight, mobility, or capacity to use a keyboard or mouse Mental Handicaps inability to remember username/password pair, or carry a token Educational Handicaps lack of understanding of prompts, or what to do with a token Lingual Handicaps insufficient local language to understand instructions Location in an institution, in a remote area, in a rural or regional area with outdated infrastructure or inadequate bandwidth, ex-country Lifestyle – traditional, seasonal worker, itinerant, street kid

Copyright, Why PIAs ? It may be a Legal Requirement Public Policy may dictate that it be done Stakeholder groups may have sufficient power to force it Project Risk may be reduced Investment Risk may be reduced Adoption may be enhanced The proposals quality may be enhanced

Copyright, Limitations of PIAs Pseudo-Imperatives Technology Marketing Economic / Cost- Reduction Security... Imbalance of Power But Internet-Era Social Activism Jurisdictional Limitations in a time of Globalisation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.