Computing has become so sophisticated that, used correctly, it could solve so many of the very real problems we face in areas like healthcare, education and renewable resources. But progress can only be made if the data we collect and compute is used correctly and ethically, and privacy professionals have an obligation to fight for that.
That was the call-to-action that David Hoffman, CIPP/US, made from the stage at the IAPP’s Privacy Academy in San Jose, CA, just after he accepted the 2014 IAPP Vanguard Award. The award, given in past years to former Canadian Privacy Commissioner Jennifer Stoddart and the Department of Homeland Security’s Mary Ellen Callahan, CIPP/US, among others, recognizes the privacy pro who has shown fearlessness in the field over the past year. Hoffman was recognized for his deep commitment to building privacy awareness and education—in part for his role in fostering and sustaining Data Privacy Day annually within the U.S.
Hoffman is Intel’s director of security policy and its global privacy officer. He started his career in 1994 as Proctor & Gamble’s first privacy attorney. Back then, the concerns were more about whether the Internet would flourish rather than how to acquire meaningful consent for data collection.
Now, relieved of any concerns that the Internet might not take off as a concept, Hoffman is more concerned with the public’s ongoing participation in using the technology, he said in an interview.
There are sectors that could especially need meaningful use of technology to flourish, and there’s a lot at stake if there’s mistrust on behalf of users as to how their data will be used, who it will be shared with and for what purposes. Take healthcare, for example. There are real, tangible ways people’s health, and so people’s lives, can improve, if their data can be obtained and put to use for clinical research. But clinical research data isn’t covered by the Health Insurance Portability and Accountability Act, for example, so it wouldn’t be unreasonable for a patient to be hesitant at best or mistrustful at worst about giving up their most intimate data, even if the end result could mean potentially life-changing improvements.
“People aren’t going to participate; people are going to hold back unless we can show them we are going to protect privacy,” he said. “We see examples of this over and over again.”
One of the most glaring examples in recent history was inBloom, the nonprofit student data warehouse aimed at personalizing learning and financed with $100 million from Bill and Melinda Gates and the Carnegie Foundation that was forced to close its doors because of privacy concerns it couldn’t mediate. Parents and therefore schools withdrew their participation, wary of what would happen with their students’ data.
“I can’t think of something that’s more worthy than improving education in the U.S., and yet we couldn’t figure out how to protect the privacy of students,” he said, "resulting in $100 million of loss in time and energy. We need to do better in industry, and we need to do better in the privacy profession."
He called on privacy professionals to ensure situations like inBloom don’t happen again. We’ve entered a new phase in the profession, and that’s the phase of data ethics, he said. Complying with privacy policies is no longer sufficient.
“The public needs to understand that our organizations can be trusted,” he said. “Doctors pledge to do no harm; lawyers promise to protect the Constitution, and privacy pros must commit themselves to the ethical use of data to protect people’s lives.”
He asked the privacy pros in the room to make a pledge by Tweeting the hashtag #datainnovationpledge and make a virtual promise to “promote the ethical and innovative use of data.” Callahan has already Tweeted her promise, along with the likes of Intuit CPO Barb Lawler, CIPP/US, Hogan Lovells Partner Christopher Wolf and CIPT textbook author JC Cannon, CIPP/US, CIPT. Even IAPP CEO Trevor Hughes, CIPP, tweeted a declaration.
“All people who believe in the power of progress should make the pledge,” Hoffman said, adding that by Data Privacy Day, January 28, he wants 100,000 to have made the pledge.
“We can drive societal gain,” he said.