The Governance of Privacy: Policy Instruments in Global Perspective by Colin J. Bennett & Charles Raab

Author:Colin J. Bennett & Charles Raab [Bennett, Colin J. & Raab, Charles]
Language: eng
Format: epub
Tags: Public Policy, Political Science, Privacy, History, Computers, Law, General
ISBN: 9780262524537
Google: ULlNEAAAQBAJ
Goodreads: 844616
Publisher: MIT Press
Published: 2003-09-25T00:00:00+00:00

Privacy Standards

The phenomenon of a privacy standard extends the self-regulatory code of practice in some important ways. Standards imply not only a common yardstick of measurement, but also a process through which organizational claims about adherence to a set of norms can be more objectively tested. We use the term 'standardization' to mean not only a common code, but also a conformity assessment procedure that might more effectively determine that an organization 'says what it does, and does what it says'.

Technical standards have played an important role in computer security for many years. One example is the certification system established under the British Standard, BS7799. This standard comprises a code of practice for computer security, as well as a standard specification for security management systems which includes a risk analysis for the different categories of information stored by the organization. There is also a certification scheme, called 'c:cure' that can operate in conjunction with the ISO 9000 range of generic quality management standards.9 More recently, the wireless industry has negotiated a series of standards for the security of cellular communications.10

However, the idea of a more general privacy, rather than security, standard that would incorporate the entire range of privacy protection principles is a rather different innovation. The first comprehensive privacy standard was negotiated in Canada. In 1992, representatives of the major trade associations joined with key government officials and consumer representatives ostensibly to harmonize existing codes of practice developed under the OECD Guidelines. Later that year, it was decided to formalize the process by using the more institutionalized process of standard development within the CSA, which then acted as facilitator and secretariat. The Model Code for the Protection of Personal Information was finally passed without dissent on September 20, 1995, was subsequently approved as a 'National Standard of Canada' by the Standards Council of Canada, and was published in March 1996 (CSA, 1996).

The standard is constructed around ten principles, each of which is accompanied by an interpretive commentary. Organizations have been advised that all principles must be adopted in their entirety, and are also expected to reproduce the CSA principles in their codes although they may adapt the accompanying commentary to their own personal information practices. The standard may be adopted by any public or private organization that processes personal data. An accompanying workbook, giving more practical advice about the development and implementation of a privacy policy, was also released (CSA, 1997). Although the standard uses certain prescriptive language ('shall' and 'must') it is clearly described as a voluntary instrument in the sense that there is no external compulsion upon any organization to adopt the principles. Once adopted, however, the code would operate like any other standard in that it would carry certain obligations to follow through on organizational claims.

Within CSA, the Quality Management Institute (QMI) registers companies to the series of 'quality assurance' standards, principally those within the ISO 9000 series. There are some interesting parallels between the goals of 'total quality management' and the implementation of fair information principles.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.