› 
Privacy & Trust

This discussion forum sets out to generate opinions on a new approach to trust and privacy in an era of accelerating technological change. We are seeking input from a wide range of interested people. The current thinking on this project is set out in a working paper developed for the Privacy & Trust Partnership and discussed at a workshop on "Formulating a New Approach to Privacy and Trust in the Information Age", held in Sydney on 4 December 2007 at the State Library of New South Wales.

_____________________________________________

This discussion forum sets out to generate opinions on a new approach to trust and privacy in an era of accelerating technological change.

We are seeking input from a wide range of interested people.  The current thinking on this project is set out in a working paper developed for the Privacy & Trust Partnership and discussed at a workshop on "Formulating a New Approach to Privacy and Trust in the Information Age", held in Sydney on 4 December 2007 at the State Library of New South Wales. You can comment on the working paper or make a general comment.

Please read further to find out more about the proposal, post your comments on this forum or email your thoughts to Chris Cowper at ccowper at iispartners.com.

_____________________________________________

Introduction to the Privacy & Trust Partnership Project

There is evidence that current approaches to protecting individual privacy and promoting trust in the information economy are ineffective and inefficient for individuals and for business. For example, consumers can be overwhelmed but not enlightened by long disclosure statements, even where intended to allow informed consent. At the same time, the notice/consent process can be costly and time-consuming for business. Moreover, the current processes do not necessarily encourage business to consider or mitigate privacy and information security risks for individuals.

PTP Partnership logo

The Privacy & Trust Partnership (P&TP) is taking the first steps in exploring options for a new approach.

The core objectives of the project are to:

  • engage in robust and sustained discussion about the impact of the revolutionary change in information management on privacy;
  • develop an approach that facilitates respect for consumer privacy, earns trust and protects from harm and that creates economic value for everybody.

The P&TP project is to be shaped around two White Papers, each to be discussed at a very high level conference. The first conference was held on 4 July in the Legislative Assembly Chamber of the Parliament House of New South Wales and speakers included The Hon. Philip Ruddock MP, the Attorney‑General of Australia, Prof David Weisbrot AM, President of the Australian Law Reform Commission, and leading business and consumer/privacy figures in Australia.

NSW Parliament House Legislative ChamberPhilip RuddockMalcolm CromptonWorkshop

The second conference will be held in 2008 and will continue the dialogue started in July.

In the lead up to the second conference, the Partnership convened a workshop on 4 December at which a working paper was discussed as input to the second White Paper. 

The project is not aiming to generate hard and fast 'trust principles', but we do intend it to lay out a framework in which a sensible set of such principles might be developed that provides genuine reason for individuals to trust while also reducing levels of process and barriers that currently inhibit the imaginative development of the information economy.

_____________________________________________

The aim of this Forum

This discussion forum is set up to give Conference participants and other interested people a chance to have a say. Questions asked and comments made by Open Forum participants will be considered in the second White Paper, currently in the drafting phase.

To start of with, we are interested in your views on the following:

1. Working Paper - any comments on the working paper, particularly in relation to:

  • the overarching objective(s) for a risk based regulatory approach; and
  • ensuring that the system is a learning system that stays grounded in principles and does not stay static over time. 

2. First White Paper - any comments on the first White Paper, particularly in relation to:

  • assumptions
  • stakeholders interests
  • economic payoff
  • the nature of the problem - what would business like to be able to do with personal information?

3. Regulation - any thoughts on what would you like to see in a privacy regulation framework:

  • Options for audit/accountability arrangements
  • Options for better/swifter restitution
  • What issues are most important?
  • What would be the risks in changing the law?
  • Ways to mitigate risks
  • If the proposal is to go to a "polluter pays" approach - what would count as "pollution"?

4. Privacy Principles - are we relying too much on consent and disclosure and hence oversight by the individual - is there a better way?

5. Flexibility - How can the privacy regulation framework support innovation and widely accepted and appreciated uses of personal information?

_____________________________________________

The Privacy and Trust Partnership is supported by Veda Advantage, Microsoft, IBM, Acxiom Australia, Suncorp Metway and the SAS Institute.

_____________________________________

RELATED BLOGS & FORUMS:



Recommended Reading

  1. Working Paper "A Possible Way Forward: Some Themes and an Initial Proposal for a Privacy and Trust Framework". By Martin Abrams, Malcolm Crompton and Chris Cowper (for the Privacy & Trust Partnership)
  2. 1st White Paper Formulating a New Approach to Privacy and Trust in the Information Age”. By Martin Abrams, Malcolm Crompton and Chris Cowper (for the Privacy & Trust Partnership)
  3. Report on the 4 July 2007 Conference “Formulating a New Approach to Privacy and Trust in the Information Age”. By Global Access Partners (commissioned by the Privacy & Trust Partnership)
  4. "Privacy 2012": Opening Remarks (see the attachment below) from the 4 July 2007 Conference. By Marty Abrams, Center for Information Policy Leadership
  5. Closing Remarks from the 4 July 2007 Conference. By Malcolm Crompton, Information Integrity Solutions
  6. “The Future of Business Analytics”. By Bruce McCabe (published by http://www.s2intelligence.com.au)

Comments

'Diskgate'

The loss of disks containing the personal details of half of Britain has not only torpedoed the national ID card there but in Australia too. ID cards are wrong in principle and unworkable, and ludicrously expensive, in practice. A free market of ID grows naturally between firms and customers in real life and online and there's no need for huge lumbering frameworks to impose a rigid structure on their evolution.

Diskgate 2

Nick is of course right - large data holdings create honey pots for the crooks and security challenges for the holders. This is becoming a top of mind issue worldwide, thanks at least in part to data breach notification law.

For more thoughts on this, see my blog entry titled "Losses of personal information, trust and privacy: This is going to change your life" at http://www.openforum.com.au/losses_of_personal_information.

We need to focus on solutions, though. We will be discussing crucial components of the solution at the Privacy and Trust partnership workshop on 4 December where we try to look at compliance and enforcement approaches that deliver stronger incentives to do the right thing. The workshop will be built around a new workshop paper titled "A Possible Way Forward: Some Themes and an Initial Proposal for a Privacy and Trust Framework" and is online at http://www.iispartners.com/PTP_working_paper.pdf.

On the specific topic of identity management as raised by Nick, we need to develop a clearer view on what constitutes "user centric ID management" that is practicable, is credible to other parties and secure. OpenID is a start, but does it pass tests of credibility to other parties such as banks or government? How secure is it? Single sign on doesn't have to mean single identifier. Does it mean standards and multiple trusted suppliers? Depending on your point of view, government has a considerable role to play. What that role is needs a lot of thought.

I for one am still looking for answers. Have a look at the papers prepared for the Partnership. All comments welcome - we can only do better.

Privacy gains attention over the Christmas New Year break....

Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?

This has obvious implications for the Privacy & Trust debate as it continues into 2008. There is at least some evidence that change is in the air. For more, see "Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?"

Exposed: affairs of the look-at-me generation

An amusing story on Privacy providing an interesting insight on today's generation, comparing buildings (of days gone by, & modern) with blogs - written in an Opinion piece on Jan 9 2008 by Elizabeth Farrelly at the Sydney Morning Herald http://www.smh.com.au/news/opinion/exposed-affairs-of-the-lookatme-generation/2008/01/08/1199554651636.html

Some more thoughts on regulation ...

Stephen Wilson made an excellent point in his comment Privacy movement deja vu on my blog on Another swallow flew by, but who was looking ?

He pointed out the curse of the rule maker: Rules are made to be broken.

But there are more lessons for rule makers than just this perennial reminder. I have posted thoughts on what they might be in The curse of the rule maker. What do others think?

Interesting article

I was talking with a colleague only last week about the generation this article refers to and I think "look-at-me" is a perfect way to describe them. The writer makes brief reference to the "blog" generation being unaccustomed to privacy, and therefore resists it.

While the "over-parenting" factor is probably responsible at least in part, the line between child and adult in the blog generation is far less black and white than those who have gone before them. Now the distinction is very much based on a number (age 18), and that number carries a simple legal meaning for many - being able to vote and (legally) gamble.

Yet this rite of passage used to have some more significant social and cultural attachments. You were treated as an adult through privileges, something this "look-at-me" generation seems to believe are now rights. You knew you had made it because it felt like an achievement and the rewards were freedom, trust and a different kind of respect. Now, even five year olds are not as preoccupied with five year old stuff anymore. You are talking to little adults in the making!

Perhaps it is good that we are giving youth the tools to act as adults at a younger age, however there is something sad about children not really being children anymore.