Privacy & Trust

| December 20, 2007
PTP Partnership logo

This discussion forum sets out to generate opinions on a new approach to trust and privacy in an era of accelerating technological change. We are seeking input from a wide range of interested people. The current thinking on this project is set out in a working paper developed for the Privacy & Trust Partnership and discussed at a workshop on “Formulating a New Approach to Privacy and Trust in the Information Age”, held in Sydney on 4 December 2007 at the State Library of New South Wales.

_____________________________________________

This discussion forum sets out to generate opinions on a new approach to trust and privacy in an era of accelerating technological change.

We are seeking input from a wide range of interested people.  The current thinking on this project is set out in a working paper developed for the Privacy & Trust Partnership and discussed at a workshop on “Formulating a New Approach to Privacy and Trust in the Information Age”, held in Sydney on 4 December 2007 at the State Library of New South Wales. You can comment on the working paper or make a general comment.

Please read further to find out more about the proposal, post your comments on this forum or email your thoughts to Chris Cowper at ccowper at iispartners.com.

_____________________________________________

Introduction to the Privacy & Trust Partnership Project

There is evidence that current approaches to protecting individual privacy and promoting trust in the information economy are ineffective and inefficient for individuals and for business. For example, consumers can be overwhelmed but not enlightened by long disclosure statements, even where intended to allow informed consent. At the same time, the notice/consent process can be costly and time-consuming for business. Moreover, the current processes do not necessarily encourage business to consider or mitigate privacy and information security risks for individuals.

The Privacy & Trust Partnership (P&TP) is taking the first steps in exploring options for a new approach.

The core objectives of the project are to:

  • engage in robust and sustained discussion about the impact of the revolutionary change in information management on privacy;
  • develop an approach that facilitates respect for consumer privacy, earns trust and protects from harm and that creates economic value for everybody.

The P&TP project is to be shaped around two White Papers, each to be discussed at a very high level conference. The first conference was held on 4 July in the Legislative Assembly Chamber of the Parliament House of New South Wales and speakers included The Hon. Philip Ruddock MP, the Attorney‑General of Australia, Prof David Weisbrot AM, President of the Australian Law Reform Commission, and leading business and consumer/privacy figures in Australia.

NSW Parliament House Legislative ChamberPhilip RuddockMalcolm CromptonWorkshop

A second conference was to be held in 2008 to continue the dialogue started in July. This conference did not eventuate.

In the lead-up to the second conference, the Partnership convened a workshop on 4 December at which a working paper was discussed as input to the second White Paper.

The project is not aiming to generate hard and fast ‘trust principles’, but we do intend it to lay out a framework in which a sensible set of such principles might be developed that provides genuine reason for individuals to trust while also reducing levels of process and barriers that currently inhibit the imaginative development of the information economy.

_____________________________________________

The aim of this Forum

This discussion forum is set up to give Conference participants and other interested people a chance to have a say. Questions asked and comments made by Open Forum participants will be considered in the second White Paper, currently in the drafting phase.

To start of with, we are interested in your views on the following:

1. Working Paper – any comments on the working paper, particularly in relation to:

  • the overarching objective(s) for a risk based regulatory approach; and
  • ensuring that the system is a learning system that stays grounded in principles and does not stay static over time.

2. First White Paper – any comments on the first White Paper, particularly in relation to:

  • assumptions
  • stakeholders interests
  • economic payoff
  • the nature of the problem – what would business like to be able to do with personal information?

3. Regulation – any thoughts on what would you like to see in a privacy regulation framework:

  • Options for audit/accountability arrangements
  • Options for better/swifter restitution
  • What issues are most important?
  • What would be the risks in changing the law?
  • Ways to mitigate risks
  • If the proposal is to go to a “polluter pays” approach – what would count as “pollution”?

4. Privacy Principles – are we relying too much on consent and disclosure and hence oversight by the individual – is there a better way?

5. Flexibility – How can the privacy regulation framework support innovation and widely accepted and appreciated uses of personal information?

_____________________________________________

The Privacy and Trust Partnership is supported by Veda Advantage, Microsoft, IBM, Acxiom Australia, Suncorp Metway and the SAS Institute.

_____________________________________

RELATED BLOGS & FORUMS:

SHARE WITH:

6 Comments

  1. Nick Mallory

    November 23, 2007 at 1:43 pm

    ‘Diskgate’
    The loss of disks containing the personal details of half of Britain has not only torpedoed the national ID card there but in Australia too. ID cards are wrong in principle and unworkable, and ludicrously expensive, in practice. A free market of ID grows naturally between firms and customers in real life and online and there's no need for huge lumbering frameworks to impose a rigid structure on their evolution.

  2. Malcolm Crompton

    December 1, 2007 at 5:40 am

    Diskgate 2

    Nick is of course right – large data holdings create honey pots for the crooks and security challenges for the holders.  This is becoming a top of mind issue worldwide, thanks at least in part to data breach notification law.

    For more thoughts on this, see my blog entry titled "Losses of personal information, trust and privacy: This is going to change your life" at https://www.openforum.com.au/losses_of_personal_information.

    We need to focus on solutions, though.  We will be discussing crucial components of the solution at the Privacy and Trust partnership workshop on 4 December where we try to look at compliance and enforcement approaches that deliver stronger incentives to do the right thing.  The workshop will be built around a new workshop paper titled "A Possible Way Forward: Some Themes and an Initial Proposal for a Privacy and Trust Framework" and is online at http://www.iispartners.com/PTP_working_paper.pdf.

    On the specific topic of identity management as raised by Nick, we need to develop a clearer view on what constitutes "user centric ID management" that is practicable, is credible to other parties and secure.  OpenID is a start, but does it pass tests of credibility to other parties such as banks or government?  How secure is it?  Single sign on doesn't have to mean single identifier.  Does it mean standards and multiple trusted suppliers?  Depending on your point of view, government has a considerable role to play.  What that role is needs a lot of thought. 

    I for one am still looking for answers.  Have a look at the papers prepared for the Partnership.  All comments welcome – we can only do better.

  3. Malcolm Crompton

    January 3, 2008 at 12:57 am

    Privacy gains attention over the Christmas New Year break….

    Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?

    This has obvious implications for the Privacy & Trust debate as it continues into 2008.  There is at least some evidence that change is in the air.  For more, see "Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?"

  4. wizard

    January 10, 2008 at 7:12 am

    Exposed: affairs of the look-at-me generation

    An amusing story on Privacy providing an interesting insight on today's generation, comparing buildings (of days gone by, & modern) with blogs –  written in an Opinion piece on Jan 9 2008 by Elizabeth Farrelly at the Sydney Morning Herald http://www.smh.com.au/news/opinion/exposed-affairs-of-the-lookatme-generation/2008/01/08/1199554651636.html

  5. Malcolm Crompton

    January 13, 2008 at 2:37 am

    Some more thoughts on regulation …

    Stephen Wilson made an excellent point in his comment Privacy movement deja vu on my blog on Another swallow flew by, but who was looking ?

    He pointed out the curse of the rule maker:  Rules are made to be broken. 

    But there are more lessons for rule makers than just this perennial reminder.  I have posted thoughts on what they might be in The curse of the rule maker.  What do others think?

  6. alison

    January 14, 2008 at 12:57 am

    Interesting article

    I was talking with a colleague only last week about the generation this article refers to and I think "look-at-me" is a perfect way to describe them. The writer makes brief reference to the "blog" generation being unaccustomed to privacy, and therefore resists it.

    While the "over-parenting" factor is probably responsible at least in part, the line between child and adult in the blog generation is far less black and white than those who have gone before them. Now the distinction is very much based on a number (age 18), and that number carries a simple legal meaning for many – being able to vote and (legally) gamble. 

    Yet this rite of passage used to have some more significant social and cultural attachments. You were treated as an adult through privileges, something this "look-at-me" generation seems to believe are now rights. You knew you had made it because it felt like an achievement and the rewards were freedom, trust and a different kind of respect. Now, even five year olds are not as preoccupied with five year old stuff anymore. You are talking to little adults in the making!

    Perhaps it is good that we are giving youth the tools to act as adults at a younger age, however there is something sad about children not really being children anymore.

Leave a Comment