The Information Accountability Foundation, a nonprofit think tank, announced its board of directors unanimously approved the appointment of Fred Cate as its new executive director and Stanley Crosley, CIPP/US, CIPM, as chief policy strategist. The news was shared in a letter from IAF Board Chair Scott Taylor.
Founded in 2013 by Martin Abrams, who transitioned out of his leadership role in 2023, the IAF's mission has been to work with global regulators and industry executives to promote organizational accountability, data stewardship and data ethics. Since Abrams left his full-time position last year, the IAF was co-led by Elizabeth Denham and exiting president Barbara Lawler. Denham was recently appointed chairperson of the Jersey Data Protection Authority, which takes effect this month.
In his letter announcing the new direction, Taylor said, "Fred and Stan are industry veterans with over three decades of experience in data privacy and security, and bring a wealth of knowledge, leadership and innovation into these roles."
With the appointment of Cate and Crosley, the IAF will streamline its approach to advancing its mission by asking members to support a project-based focus under a more outcomes-delivered model.
In a phone conversation, Cate explained the project-based model "means that we can cut the overhead close to zero and try to put all of our funding into specific initiatives and projects." Members can choose whether a project will benefit them or not, and if the latter, they do not need to fund it.
Cate said the goal "is going to be to deliver on the projects and get them out faster."
First focus: Institutional review boards and where privacy meets AI
Cate and Crosley have already identified what projects they'll lead off with: institutional review boards and where privacy and AI do not align. Both have deep expertise in these fields.
"More companies are turning to review boards," Cate said, "but they are doing that without any sense of standards, like what makes a good review board." He said, with help from regulators and companies, they would like to develop standards for what a good review board looks like.
The other project on the horizon is where privacy rubs up against AI. "It seems privacy is caught in the crosshairs with AI," Cate said. "So what's good for AI may not be good for privacy, and what's good for privacy may not be good for AI. Building on the work that IAF has already done, we'd like to work with regulators, companies and civil society to see how we can square this circle."
Both projects have a natural connection as well.
The continued rise of AI and proliferating digital regulation are driving the need for more review boards. Issues involving accountability, fairness and ethical use of data have become more complicated with AI systems. And the society and business impacts of AI are stark.
For privacy professionals, this paradigm shift is having a real-world impact. According to the IAPP Organizational Digital Governance Report 2024, 69% of chief privacy officers surveyed have acquired additional responsibility for AI governance, 69% are responsible for data governance and data ethics, and 37% are responsible for cybersecurity regulatory compliance.
From privacy to AI governance
Crosley, a long-time privacy pro who was among the 21st century's first wave of CPOs while at pharmaceutical company Eli Lilly, said, "For the last 20 years, we've been practicing in privacy, and yeah, it hasn't really been life or death; they're not the core things people think about when they think about privacy. But now, all of a sudden, we have real privacy issues coming in: deepfakes; how to counter misinformation about individuals; generative AI systems that pose real threats if we don't have the right ethical approaches or the structure to help companies make good decisions. So, I see this as being on the doorstep and stepping into a world that none of us really knows a lot about."
In this new AI-driven world, predicting and identifying harm is much more complicated. "That's why the project is resonating with us," Crosley said. "We've been talking about review boards since 2010, so this seems like an approach that will allow us to to figure out best practices here."
Choosing to focus on review boards makes sense for both Cate and Crosley, as they both have deep experience in this area.
Cate is a distinguished professor, C. Benn Dutton Professor of Law and adjunct professor of informatics and computing at Indiana University. In a previous role at IU, Cate oversaw all of the university's IRBs.
In his work in the private sector and academia, among others, Crosley has extensive experience working with regulators in multiple jurisdictions. Plus, both Cate and Crosley already work closely together at Red Barn Strategy, a boutique consulting firm they co-founded in 2022.
"We're looking for better, more rational outcomes," Cate said. "We're not lobbying regulators or representing these companies. We're aiming to provide a neutral environment, one that is more hypothetical." He said they will not be looking to rewrite any laws, as that would take years. "Rather, we want to help regulators understand what a given conundrum is for responsible companies who want to be good stewards of data and who want to be fully compliant with the law."
The key, Cate and Crosley said, is not to study an issue for years on end. "We're trying to move the ball forward, even if it's just a few inches. Companies are trying to do this every day and putting them in a regulatory vice is not helpful and will lead to frustration."
Cate said it's not that companies or regulators are smarter than the other. The key will be to help each faction understand the problems the other faces in practice. "If you can understand the problem, that goes a long way in helping to solve it."
For the IAF, the more project-based focus will streamline operations as well. That means three staff positions are being phased out, including IAF President Barb Lawler, CIPP/US, CIPM, FIP Finance and Accounting Director Candy Johnson, and Administration and Operations Manager Stephanie Pate. The IAF will also phase out their regular Thursday calls with stakeholders.
As Board Chair Scott Taylor explained in his letter, "Together, (Cate and Crosley) are well positioned to help strengthen and lead IAF into an exciting new chapter, focusing on delivering high-impact projects that address specific, timely needs, with fewer routine calls and briefings."
Indeed, focusing first on review boards and privacy's conundrum with AI, the IAF will have its hands full, but it will not end here. It is too early to tell what the next project for the new IAF will be, but they will be open to exploring the top challenges companies and regulators face.
Jedidiah Bracy is the editorial director of the IAPP.
