In May, BSI Group, the national standards body for the U.K., held its most recent workshop looking at the development of standards around the use of big data. Privacy pros may find the group’s work particularly relevant as BSI approaches guidance, in particular, for the terms and conditions organizations would use to obtain and use data, as well as a code of practice for the ethical use of data.
For the former, there is now a draft standard scope that will be working its way through the BSI processes for creating guidance, which would then be worked into a specification once there is acceptance of the guidance’s approach. For the latter, the ethical use of data, BSI is actively looking for volunteer contributors to build out the scope so that it can begin to move toward a code of practice.
Much of this, said BSI Market Development Manager Tim McGarr, was triggered by BSI’s big data market report from 2016, showing there is growing desire for big data-related standards due to the business potential the use of data analytics represents, but that the standards that exist in the marketplace are largely technical in nature, and not focused on business operations.
“The impression I got,” said McGarr, “was that more was needed.”
BSI has since scheduled workshops with relevant stakeholders and settled into four standards needs that are definitely moving forward: the aforementioned terms and conditions work, plus standards for business organization around utilizing big data, the internal communications around big data, and big data project management.
What about the ethical use of data? That actually had something of an earlier genesis, though it’s still taking shape and doesn’t have the go ahead of those four other standards pieces.
"There’s uncertainty around what U.K. companies will have to comply with, and where they sit within the GDPR and how the Data Protection Act is likely to change." — Dele Atanda, IBM
“We proposed that to BSI years ago,” said IBM Digital Innovation Officer Dele Atanda, after work supported by IBM through a non-governmental organization, The Internet Foundation, which is seeking the creation of a universal declaration of digital rights. Angelique Carson, CIPP/US, explored that effort as far back as 2013.
Especially, post-Brexit the idea of a global standard for data use, not only for GDPR, but beyond compliance, resonated with BSI, Atanda said. “There’s uncertainty around what U.K. companies will have to comply with, and where they sit within the GDPR and how the Data Protection Act is likely to change,” he said. “What’s the frontier in terms of the next level of operations if companies want to go beyond the letter of the law and aspire to excellence?”
That proposal quickly dovetailed with the work of the big data workshops. Atanda will now lead a new committee being created by BSI to explore definitions for “privacy,” “ownership,” and “consent” from an ethical point of view; what the value of data is and what constitutes “fair use”; principles for transfer of data between organizations at individual request; plus solutions to issues like data correction, data erasure, arbitration, and notification to changes to personal data.
Those interested in participating in the development of these ethical data use standards should reach out directly to McGarr. While the meetings will be on British time and likely held in the U.K., he said contributors form around the globe are welcome. He hopes to have workshop meetings ramp up this summer after committee members are set.
If you want to comment on this post, you need to login.