Today is International Privacy Day (and also National Data Privacy Day here in the USA and maybe where you are too). The day is set aside to celebrate the anniversary of the Council of Europe Convention on Data Protection. Put on your reading list for today both the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data as well as the Organisation for Economic Co-operation and Development’s Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
It’s also, felicitously, the end of the quarter for us here Burton Group, which means that we are trying to wrap up the final edits of our reports and send them off for peer review. This quarter Bob Blakley and I have been researching privacy. We’ve talked to a variety of different kinds of companies of all sizes in many industries, and we’ve come away with a lot of lessons.
Two of these lessons are that privacy is deeply contextual, and that this contextual nature prevents privacy from being easily defined. Without a strict definition, though, how does an enterprise privacy team proceed? Can you write policies concerning something which means one thing in one setting and something different in another? It turns out, we think, that you can.
I practice martial arts. Every martial art has a set of principles. Though these principles may differ, their use is the same. Principles guide practice. You practice your art in multiple contexts to prepare you for whatever may come. In each of those contextualized situations, your principles guide your response. (Synchronicity moment number one).
My friend Julie is one of the most amazing corporate and brand marketers I have ever met. She uses a simple approach in building overall market strategies and brands: identify true corporate values (principles), then let those values lead you to tangible market strategies. Corporate values guide the formation of market strategies. (Synchronicity moment number two).
In our forthcoming report, Bob and I examine sets of privacy principles, but we also look at the ways in which these principles can drive real practice. We discuss the characteristics and activities of effective privacy teams, too. In building our report, Bob and I used (self-referentially) this method of letting principles drive practice. We built the report by starting with what we are referring to as Burton Group’s “Golden Rule of Privacy” and let the Golden Rule guide our writing. You’ll have to wait a bit for the full report (unless you want to be a pre-publication reviewer, in which case please drop me a line!), but I’ll share the Golden Rule with you now:
We protect privacy when we consider the dignity of individuals about whom we know things, and when we use what we know about them only in ways which preserves and enhances that dignity.
Happy International Privacy Day! And for those of you attending the IAPP’s Privacy After Hours event tonight in Washington DC, I’ll see you there.
(Cross-posted from Burton Group’s Identity blog.)