Swinging pendulums: accountability, the Global Financial Crisis and prosecuting Google in Italy

| February 3, 2009

As the political pendulum swings back towards more regulation of the markets, how do we stop it from swinging too far?

I am a free marketeer.  Within limits.

For over a decade, I worked in Department of Finance as a proud part of the micro-economic reform revolution wrought by the Hawke-Keating governments that contributed so much to economic growth in the subsequent decade.  As a member of the Management Improvement Advisory Committee of the government’s Management Advisory Board, I also led some of the teams introducing world class public management reform, seen by many in the OECD as an exemplar to be followed.

The trick in such reforms is always to ensure that responsibility is clearly allocated and then those responsible are held to account.  One of the essences of a well functioning free market is that the market itself holds players to account simply through who gets to sell their wares & who does not.

All this change has taken place in the context of a wider, global revolution fired up by Reagan & Thatcher in the 1970s and 1980s.

Now many think this has gone too far, including our own Prime Minister as he has laid out in the February edition of The Monthly in his article called The Global Financial Crisis.

But as the pendulum swings back over the next decade or so towards more regulation of the markets, how do we stop it from swinging too far the other way?  Pendulums by definition move fastest half way through their swing yet that is probably where we want the political pendulum to stop in this instance.

The simple laws of physics show that you cannot stop a pendulum mid-swing unless you interfere with the swing.  The lores of politics indicate that the same thing is the case with the political pendulum.

We can, however, try & keep a cool head. 

An example closer to our area of expertise illustrates the point.  Here at Information Integrity Solutions, we have pointed out time and again that one of the underlying challenges in implementing appropriate management and use of personal information is to understand the risk allocations involved and to ensure that it is appropriate.  Almost inevitably, we see a separation of the risk taker (the government or private sector organisation) from the risk bearer (the individual), just as has been happening on Wall Street.  The trick is to address such a separation when it is unhealthy.

The response often requires the use of a Layered Defence approach – how to allocate and manage risk through education and culture; the writing of the law; the construct of technology; governance and hence accountability; and management of failure as it impacts on the individual or weaker party.  Usually something from all these layers needs to be brought to bear.

Few would argue that the governance and accountability arrangements should bear directly down on the organisation involved.  Indeed, the worldwide move towards so called data breach notification law is part of ensuring this, as recommended by the Australian Law Reform Commission in ALRC Report 108, For Your Information: Australian Privacy Law and Practice.

But when does this go too far?  Has it just gone too far in Italy?  Today, we have the report of an Additional claim filed against Google where individual Google executives face charges of defamation and failure to exercise control over personal data. The charges follow a two-year investigation by Italian authorities into footage uploaded onto Google Video that showed a disabled teen being disparaged by peers.  This means that individuals are facing criminal proceedings possibly with the threat of fines or jail.

And having answered questions like these, the next question is just as challenging.  How do we achieve a regulatory response that meets the Three E’s – ethical, effective, efficient, especially when an increasing proportion of the challenge will be multi-jurisdictional?

In the debate over the management and handling of personal information, this last challenge has boiled down to a debate over whether ‘adequacy’ or ‘accountability’ is the right approach.  This is significantly more than another of Jonathan Swift’s debate between Big Endians versus the Little Endians

This is a debate that now also requires urgent attention.  IIS has just published The Australian Dodo Case: an insight for data protection regulation in World Data Protection Report that draws out the insights from the recent Dodo case settled by the Australian Communications and Media Authority.  ACMA appears to have met the Three E’s challenge using a well constructed strategy that has classic characteristics of the Ayers and Braithwaite Responsive Regulation framework and their very timely 2008 update, Regulatory Capitalism – How it works, ideas for making it work better.

Watch this space. The pendulum has only just begun to swing.

Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information.  He is also foundation President of the International Association of Privacy Professionals, Australia New Zealand, www.iappANZ.org.