Earlier this week an article popped onto my tweetstream, courtesy of @bduperrin, entitled “What is a privacy strategist” and written by Lawrence Serewicz. The reason it resonated with me is that I’m in the middle of examining privacy implementation and governance approaches that will allow people analytics play an increasingly valuable role within the enterprise; first and foremost for the individual, and secondly for the organization. As is frequently the case when I wander the socialsphere, I started to think about my own privacy observations and since all my thoughts eventually end up on my blog… Here we go :-)
When I look at the challenge of implementing privacy policies I’m (unsurprisingly) coming at it from the perspective of a solution developer looking to innovate and wanting to do so through leveraging people data – be that social, collaboration, communication, business, etc. As a solution developer I want a system that is simple to work with; both in terms of understanding privacy commitments and implementing to ensure absolute compliance. After having spent several years working on people analytics and having completed many privacy reviews, I’m now firmly convinced that a “Privacy by Design” approach is the only way to go.
The biggest challenge that exists today, which is impacting compliance on one side and innovation on the other, is the huge chasm that exists between the legal professional and the technologist. The technologist has absolutely no chance of understanding the subtleties of privacy compliance, particularly the global implications. Similarly the lawyer is unable to decipher the technical complexity of the solution, particularly in the case of an analytics solution where a few lines of code and a bigdata platform can transform public data into private (and sensitive) data.
In order to adress this issue I believe we need to embed privacy policy, practice, and implementation into the fabric of application development. The legal team become partners in the development process, providing expertise, advise, and counsel (perhaps simplified through templates, checklists, and validation tools), however the responsibility to design solutions sensitive to privacy and compliant to requirements lies in the hands of the solution team. In this way I believe organizations create a scalable, sustainable, and compliant environment within which to innovate. It also gets rid of the stereotypes that “laywers stop innovation” and “developers ignore privacy”. In my experience both sides want to create exciting new solutions that will add value to customers, they just come at the problem from different perspectives. However when you bring them together and the whole is definitely better than the parts.
Trust me, if I can learn to love the legal profession, so can you. They totally rock when you bring them early into your development lifecycle and always bring great insight and ideas to the table, it’s only when you drop your monstrosity in their lap at the last minute that they become your worst enemy :-)
If you are interested in learning more about IBM’s approach to privacy, check out this IBM Case Study entitled Privacy by Design: From Policy to Practice written by the Information and Privacy Commissioner of Ontario, Canada. I would also recommend following the IBM Privacy Blog, particularly the posts from Christina Peters who is IBM Privacy Officer and a forward thinker in this space. You may also enjoy this interview with Jeff Jonas talking about his approach when building predictive analytics solutions, IBM’s Jeff Jonas on Baking Data Privacy into Predictive Analytics.
Marie's Ramblings & Ruminations 
Leave a comment