Accountability is one of the fair information practices principles. It says that a data controller should be accountable for complying with measures which give effect to the other principles. Accountability is also found in guidance such as the OECD Guidelines; EU, Canadian and U.S. law (among others), and governance such as the APEC Privacy Framework. Despite its repeated recognition as a critical component of effective data protection, how accountability is demonstrated or measured has not been clearly articulated. Accountability does not redefine privacy or replace laws, but shifts the focus of privacy governance to an organization’s ability to demonstrate its capacity to achieve specified privacy objectives.
This guide offers resources to help you determine what accountability means for your organization.