Privacy & Trust

_____________________________________________

This discussion forum sets out to generate opinions on a new approach to trust and privacy in an era of accelerating technological change.

We are seeking input from a wide range of interested people. The current thinking on this project is set out in a working paper [1] developed for the Privacy & Trust Partnership and discussed at a workshop on "Formulating a New Approach to Privacy and Trust in the Information Age", held in Sydney on 4 December 2007 at the State Library of New South Wales. You can comment on the working paper [2] or make a general comment.

Please read further to find out more about the proposal, post your comments on this forum or email your thoughts to Chris Cowper at ccowper at iispartners.com [3].

_____________________________________________

Introduction to the Privacy & Trust Partnership Project

There is evidence that current approaches to protecting individual privacy and promoting trust in the information economy are ineffective and inefficient for individuals and for business. For example, consumers can be overwhelmed but not enlightened by long disclosure statements, even where intended to allow informed consent. At the same time, the notice/consent process can be costly and time-consuming for business. Moreover, the current processes do not necessarily encourage business to consider or mitigate privacy and information security risks for individuals.

The Privacy & Trust Partnership (P&TP) is taking the first steps in exploring options for a new approach.

The core objectives of the project are to:

engage in robust and sustained discussion about the impact of the revolutionary change in information management on privacy;
develop an approach that facilitates respect for consumer privacy, earns trust and protects from harm and that creates economic value for everybody.

The P&TP project is to be shaped around two White Papers, each to be discussed at a very high level conference. The first conference [4] was held on 4 July in the Legislative Assembly Chamber of the Parliament House of New South Wales and speakers included The Hon. Philip Ruddock MP, the Attorney‑General of Australia, Prof David Weisbrot AM, President of the Australian Law Reform Commission, and leading business and consumer/privacy figures in Australia.

NSW Parliament House Legislative Chamber Philip Ruddock Malcolm Crompton Workshop

The second conference will be held in 2008 and will continue the dialogue started in July.

In the lead up to the second conference, the Partnership convened a workshop on 4 December at which a working paper [5] was discussed as input to the second White Paper.

The project is not aiming to generate hard and fast 'trust principles', but we do intend it to lay out a framework in which a sensible set of such principles might be developed that provides genuine reason for individuals to trust while also reducing levels of process and barriers that currently inhibit the imaginative development of the information economy.

_____________________________________________

The aim of this Forum

This discussion forum is set up to give Conference participants and other interested people a chance to have a say. Questions asked and comments made by Open Forum participants will be considered in the second White Paper, currently in the drafting phase.

To start of with, we are interested in your views on the following:

1. Working Paper - any comments on the working paper [6], particularly in relation to:

the overarching objective(s) for a risk based regulatory approach; and
ensuring that the system is a learning system that stays grounded in principles and does not stay static over time.

2. First White Paper - any comments on the first White Paper [7], particularly in relation to:

assumptions
stakeholders interests
economic payoff
the nature of the problem - what would business like to be able to do with personal information?

3. Regulation - any thoughts on what would you like to see in a privacy regulation framework:

Options for audit/accountability arrangements
Options for better/swifter restitution
What issues are most important?
What would be the risks in changing the law?
Ways to mitigate risks
If the proposal is to go to a "polluter pays" approach - what would count as "pollution"?

4. Privacy Principles - are we relying too much on consent and disclosure and hence oversight by the individual - is there a better way?

5. Flexibility - How can the privacy regulation framework support innovation and widely accepted and appreciated uses of personal information?

_____________________________________________

The Privacy and Trust Partnership is supported by Veda Advantage [8], Microsoft [9], IBM [10], Acxiom Australia [11], Suncorp Metway [12] and the SAS Institute [13].