ICC policy statement old

ICC discussion paper on data protection principle of accountability

This document is intended to provide an overview of current global discussions of the data protection principle of accountability.

Organizations are increasingly looking for opportunities to communicate that they manage personal data in a responsible manner. There is substantial guidance from regulators on specific obligations for processing data. However, this guidance is often focused on individual data uses and is not harmonized across country specific legal systems. There is surprisingly little guidance on what processes and structures an organization should adopt to show they are committed to make real the obligations they have under law, or that they take on voluntarily, for the collection, storage, processing and use of personal data.

In the past couple of years, work has begun to help define the program elements of a responsible organization. This project has been led by the Center for Information Policy Leadership (CIPL) and has focused on providing detail to help understand the Fair Information Policy Principle of “Accountability.” Much of the content in this discussion paper is drawn from the CIPL work.

Many groups and governments are examining the concept of accountability to understand whether it can provide assistance in promoting the free flow of information while protecting the privacy of individuals. This paper does not express any opinion on that point, but is intended only to summarize current discussions and developments.

Highlights

  • Background
  • Global discussions of the data protection principle of accountability
    OECD guidelines
    – Canada
    Personal Information Protection and Electronic Documents Act
    APEC Privacy Framework
    CIPL Accountability Project
  • Work moving forward