Hard for me to believe, but it’s
since we rolled out
Perspectives
, our very first blog here at the IAPP. As an organization, we were veering into uncharted territory, but our ultimate purpose was and continues to be to provide a forum for the difficult or practical or funny or just plain outlandish privacy conversations to play out.
Just before Christmas, we posted our
—all based on page views. But now that a full calendar year has gone by, I thought it worth looking back with a bit more nuance.
A lot of stories were told during this last year—166 to be exact—ranging from the hilarious to the serious to the practical. And driving many of these stories were privacy news developments that will resonate for years to come.
The News Breakers
Early 2013 started with a sad note. The passing of pioneering privacy scholar Alan Westin was a huge loss for our community. Luckily,
.
And, perhaps one of the biggest topics on the mind of many privacy pros early on in 2013 was the state of the proposed EU data protection regulation. Were the EU and U.S. going to find a way to get along?
, Wilson Sonsini’s Christopher Kuner put the EU-U.S. privacy relationship this way:
For someone who has received his legal education in both the EU and the U.S., and has long worked in both worlds, the current political skirmishes between the two concerning the proposed EU data protection reform have been both entertaining and disappointing. Entertaining, since observing the two largest political and economic entities in Western world engage in a game of one-upmanship over which has the best system for privacy and data protection can often be amusing. Disappointing, because it is obvious that each side has an imperfect understanding of each other’s system, and because the energy they have been putting into such tit-for-tat battles could be better spent trying to reach an accommodation between them.
By May, Kuner
between a U.S. company representative and a European data protection authority.
Company representative: Your data protection law is making it impossible for us to offer our technology in Europe!
DPA: It is your technology that has to adapt to our legal system, not the other way around!
And these tensions existed prior to the Summer of Snowden!
Yet, before the world became better acquainted with the NSA’s surveillance programs, we here in New England, and those of us in the office, were struck by the senseless events at the Boston Marathon. My colleague,
for such a shocking time. It was a day to “put privacy aside.”
With personal perspective in check, the booming digital economy and all the information flows and privacy concerns that go with it, kept churning.
And then an unknown government contractor came along and turned the privacy world on its head. By far, the privacy news bombshell of the year, the NSA disclosures and their
as they did last June.
With memories of the Marathon bombing still fresh and these new leaks showing the extent to which U.S. intelligence spied on individuals,
between balancing security and personal privacy and information sharing with data protection. Since then, “Snowden” has appeared in 23
Perspectives
posts and “NSA” in 38.
to the Snowden disclosures on
Perspectives
by calling on the newly “stood-up” Privacy and Civil Liberties Oversight Board (PCLOB) to make investigating these surveillance programs a top priority. Well, the PCLOB did make such an investigation a priority,
, declared its opinion that the phone metadata programs are illegal. Swire was also later appointed by President Barack Obama to help put together a set of recommendations on U.S. intelligence gathering.
and gave us a European perspective, assessing its impact on EU-U.S. data flows. If you thought it was difficult before, things went from an “exasperatingly awkward challenge” to a “massively distorted” debate post-PRISM. He later
after the LIBE Committee recommended data flows out of Europe cease.
And Steptoe & Johnson’s
up the contentious cloud provider issue, while, in his post on
, Hogan Lovells’ Christopher Wolf kept us abreast of the latest developments between the EU and U.S. He also didn’t mince words when wondering aloud if the LIBE Committee had just
.
The Snowden revelations also gave us our first point-counterpoint from the Center for Democracy & Technology’s
and George Mason University’s
.
in one of his posts that the revelations now place another layer of pressure upon tech companies to either comply with government subpoenas or sever the trust of their customers. (I’m also proud to say this post included our first animated GIF.)
The NSA news also prompted Mozilla’s Alex Fowler to pen an
calling for a code of ethics:
As privacy professionals, do we have ethical obligations to the people whose data is our professional responsibility, or only to our employers? How do we handle conflicts of loyalty that arise? Does public safety trump privacy in every case and in any circumstances? Do we have obligations to report—even secretly, under legal requirements—our objections?
The Privacy Profession
K Royal, of Align Technology, also asked whether privacy professionals should carry a
—a question that perhaps doesn’t have a clear or easy answer. But as a professional organization there is nothing we take more seriously than the privacy profession. And in this past year, we’ve received insightful analysis and thoughts on becoming and charting a career as a privacy pro.
Take, for example, Emma Bulter’s post on “
?” or Phil Lee’s explanation of “
.” Not only has this been a forum to share these most fundamental constructions of the privacy profession, there have also been opportunities to share experiences while on the job.
Royal, for example, shared her experience leading her company’s charge into
, or what the heck you should do if you get an
from the Office for Civil Rights. Mary Ellen Callahan let us into her “
” around the world to discuss privacy.
And with experience, also comes other helpful tips.
, not long after the other big privacy news event—
—shared with us top data privacy tips. Similarly, the
, “in honor of the 2014 Data Privacy Day,” gave us 14 tips to create a data incident plan. Omer Tene and Marc Groman shared top tips on the protection of privacy for
.
With so many breaches stemming from thumb drives,
reminded privacy pros, “The bottom line is that organizations that collect personal information need to have mature privacy programs, which includes proper policies and procedures, and also fully functional enforcement mechanisms.” Others, including Intel’s
and Wiley Rein’s
, delved into the privacy issues around your co-workers and employees.
Marty Abrams has shared two over-arching posts for the privacy profession on
, and just this week looked at
, arguing that the privacy office needs to take part in a strategic development.
As Abrams pointed out, the profession is changing.
asked if 2013 was the year of the privacy engineer, while
called on privacy lawyers and engineers to get along.
Allen Brandt shared ideas on creating
, while
debunked perceived myths about cyber insurance. And for the public sector, Westin Research Fellow
gleaned six practical privacy tips from the Department of Homeland Security annual report. No small task, I assure you.
The Research
The value of the privacy profession has been further bolstered by the invaluable research of Dierdre Mulligan and Kenneth Bamberger with their
. They were kind enough to share three installments of their work with us in 2013.
The in-depth
has also been serialized on
Perspectives
. Through detailed and creative research on consumers, CwC helps examine consumer attitudes toward privacy and explain what privacy professionals can do within their organization to tailor organizational needs with gaining the trust of their customers.
And privacy has far-reaching consequences beyond the protection of personal data. We saw this with the thoughtful take from Cherri-Ann Beckles on
.
Creative research was also on display by
and how data is shaping our most intimate relationships.
The Social Stuff
And this rise of digital technology and the social web is
the way we interact with one another. Whether we’re talking about
or
or how our
, however you slice it, difficult questions are being asked, debated, played out and answered.
and
are proving to be a difficult balancing act. We want some modicum of anonymity online, but too much allows hateful people to hide behind a mask. Trolls are everywhere, ready to set in motion
out of hatred and ignorance. The work of some has even caused people to lose their jobs or scramble to reconstruct their online reputation.
And what about social media in highly regulated organizations like hospitals or financial institutions?
with some unorthodox thinking.
And, as
, let us not forget what we can learn about privacy from our children.
The Debate
With shifting social norms, and a new generation being raised in the 21 century, the rise of the
and
are creating robust and very necessary debates. And regulators are paying attention. In recent weeks, we’ve featured posts from the
and from
. And several contributors have debated who the de facto privacy regulator is here in the U.S. (
,
and
).
Businesses, advocates, privacy professionals and the government are all taking part in the digital privacy conversation.
The classic “privacy is dead” refrain has made its way into
Perspective
several times. But more specific and hugely important debates have recently been taking place regarding the role of the
(FIPPs).
Are ubiquitous connected devices and machine-to-machine communications diminishing the practicality of notice and consent?
and continuing to promote it is simply dangerous.
has chimed in, noting that the FIPPs—all of them including notice and consent—
. Prof. Viktor Mayer-Schönberger
. The debate has also included the “
” and warnings not to get “
.”
Is privacy dead?
tell us something about that? For Vint Cerf, privacy is an anomaly, and
about such a contention.
And just today,
, with certain charm and wit, reminded us that, no, it may be freakishly changing right in front of our eyes, but privacy’s not quite ready to be counted out yet.
Hopefully, as we move into this exciting and challenging future—fraught with complex international frameworks, surveillance and civil liberties concerns, incredibly smart and predictive technology and changing laws and social norms—such a debate and conversation will continue.
And to all of you who have contributed, thank you. To those of you who would like to contribute,
. I look forward to working with you all on this ongoing and important conversation.
photo credit:
via
