Organised by CPDP
Chair: Marty Abrams, Information Accountability Foundation (US)
Moderator: Colin Bennett, Victoria University (CA)
Panel: Christopher Docksey, EDPS (EU), Terry McQuay, Nymity (BE), Michael Scuvée, Johnson Controls (BE), Scott Taylor, Hewlett Packard (US)
Several interrelated forces have emerged making the conditions perfect for an accountability approach to demonstrating compliance and moving beyond the compliance checklist. Accountable organizations have effective privacy management and are compliant with privacy laws. Research has shown that organizations can be compliant without an effective privacy management program, but organizations cannot be accountable without an effective privacy management program. Join the panellists as they discuss the merits of this approach and address the following questions:
Could regulators create a policy that provides accountable organizations with benefits if they volunteer to stand ready to demonstrate compliance and demonstrate an effective privacy management program (demonstrate accountability) to the Regulator through an onsite inspection?
Could an onsite inspection and incentive based approach use existing laws as the framework for demonstrating accountability?
Could this then empower the privacy office in an accountable organization to contextualize evidence of compliance to the Regulator?
If accountable organizations can stand ready to demonstrate compliance with privacy laws and demonstrate an effective privacy management program, do these organizations deserve benefits?
