Professor Paul A. Schwartz recently wrote:
“Companies are now putting internal policies in place, centered on forward looking rules of information management and training of personnel. Such policies are, at the very least, a necessary precondition for an effective accountability regime that develops a high level of privacy protection.”
An accountability-based regulatory structure is one where organizations are charged with societal objectives, such as using information in a manner that maintains individual autonomy and protecting the individual from social, financial and physical harms that might come from the mismanagement of information, while leaving the actual mechanisms for achieving those objectives to the organization. One of the best conceptual models for building in the types of controls suggested by Professor Schwartz is Privacy by Design. The best in class companies in Schwartz’s study, “Managing Global Data Privacy: Cross-Border Information Flows in a Networked Environment,” are using Privacy by Design concepts to build business process that use personal information robustly with clear privacy-protective controls built into every facet of the business process. In other words, Privacy by Design and accountability go together in much the same way that innovation and productivity go together.