Implementing Accountability in the Marketplace

Accountability builds on traditional notions of fair information practices, but incorporates new elements that require organizations to implement comprehensive privacy programs and base their decisions about data on credible assessment of the risks they raise for individuals and how best to mitigate them.

This year, the CIPL has responded to suggestions in public policy discussions that accountability, in order to be effective, must be required across the marketplace. Participants in our Accountability Project have considered what would be required of organisations in such circumstances, and what benefits the approach would offer as a result of such broad implementation. They further explored the requirements and benefits of accountability when formally recognized by a third party.

While this progress is encouraging, a great deal of work remains if accountability is to serve as an effective solution for data protection and privacy. Data protection authorities and agencies, organisations and third-party accountability agents will need to implement programmes and procedures to support accountability, and the practical aspects of how that infrastructure might work requires further exploration. Questions remain about how organisations will establish the validity of the statements they provide to demonstrate their accountability. More work is also needed to determine the nature of the relationship between data protection authorities necessary to resolve cross-border privacy issues, and to better understand the appropriate role and level of authority of third-party accountability agents. As the Project has considered accountability in greater detail, reaching consensus on all issues has become more challenging.

This discussion paper references areas where differences remain and additional work is necessary.

Download Now