The Centre for Information Policy Leadership (CIPL) at Hunton & Williams LLP has called for a privacy framework that holds organisations accountable for consumer data collection and management.
"Organisations need to understand the risks they create for individuals as they use data, how to mitigate those privacy risks and be answerable for their actions," said Marty Abrams, executive director of the CIPL.
"The simple word for this is accountability, and it needs to go hand in hand with the innovation that models the future rather than just perfects the present in a digital age," he said.
According to Abrams, innovation is dependent on organisations using data in new, responsible ways, but while individual participation is important, today's market is too complex for consumers to police themselves.
In response to the UK Department of Commerce's policy framework, the CIPL has outlined six recommendations.
- The Policy Framework should rely less on the individual's control over the collection and use of data and more upon data stewardship and organisational accountability.
- The Department should look to fair information practice principles as articulated in the Organisation for Economic Cooperation and Development (OECD) guidelines as the foundation for privacy guidance.
- Principles of fair information practices should be applied within a contextual framework, and not in a rigid or fixed way.
- The Centre encourages organisations' use of privacy impact assessments as a tool to assess and manage risks data use may pose to individuals, however, such assessments are not the appropriate tool to serve the transparency function suggested in the Department's framework.
- The privacy office should take a lead role in discussions with international organisations, and the Federal Trade Commission should continue to represent the United States in forums addressing privacy enforcement.