Copyright,1997-2004

1

Why PIAs ?

Roger ClarkeXamax Consultancy Pty Ltd, Canberra

Visiting Professor, Unis. of Hong Kong and U.N.S.W. Visiting Fellow, Dept of Computer Science, ANU

http://www.anu.edu.au/people/Roger.Clarke/...

.../DV/PIAHist{.html, .ppt}

rev. 16 May 2004

Copyright,1997-2004

2

Why PIAs ?

Agenda

1. Privacy and Privacy Protection2. Advocate Motivations3. Sponsor Motivations

• Social Responsibility• Business Needs

4. Methods to Support Assessment5. Key Features of Effective PIAs

Copyright,1997-2004

3

PrivacyThe interest that individuals havein sustaining a 'personal space',

free from interferenceby other people and organisations

Dimensions of Privacy• Privacy of the Person• Privacy of Personal Behaviour• Privacy of Personal Communications• Privacy of Personal Data

Copyright,1997-2004

4

Privacy Protection

• Privacy can conflict with other interests:• personal conflict of interests• interests of another person• interests of a group or community• interests of an organisation• interests of society as a whole

• Privacy Protection is a process of finding appropriate balances between privacy and multiple competing interests

Copyright,1997-2004

5

Advocate Motivations

• Powerful parties • through ignorance, impose schemes

that unnecessarily compromise privacy• demand that privacy be compromised,

but that the interests of the powerful parties not be compromised

• Advocates want:• informed design which avoids

invasiveness where it’s practicable• compromise among all interests

Copyright,1997-2004

6

Sponsor Motivations(1) Social Responsibility

• On balance, we’d prefer to be nice• We do appreciate how powerful we

are, and how powerful the technologies are

• Us decision-makers are people to, and to some extent it’s our own and our children’s privacy that we’re invading

Copyright,1997-2004

7

Social Responsibilityand For-Profit Corporations

• Generally required by law to work for the good of the company, and thence shareholders

• Responsibility is only to the above• Precluded by law from having social

responsibility among its objectives• Must regard it only as a constraint

Copyright,1997-2004

8

Social Responsibility, andNot-For-Profits, Associations,

NGOs

• Generally not precluded by law from considering social responsibility

• Many have value-systems and objectives that lean towards social responsibility

• For some, social responsibility is central to their value-system and their objectives

Copyright,1997-2004

9

Social Responsibilityand Government Agencies

• Theory X:• Monarchy, Top-Down Society• Social Control, Authority• Mass Society before Individual Person

• Theory Y:• Government is of the people, but also

by the people, and for the people• Social Responsibility is fundamental

Copyright,1997-2004

10

Diversity Between Governments• Eastern Europe, Asia

cf. Longstanding Democracies• Entry Points now Business Gateway• eDemocracy Consulting Canadians• PIA Rules, Codes MBS ON, TBS Ottawa, ...

Diversity Within Government• National Security & Law Enforcement

cf. policy-formation cf. service-delivery

Copyright,1997-2004

11

Strategic Management Theoryfor For-Profit Corporations

‘Five Forces’ Shape Industry:• the bargaining power of Suppliers• the bargaining power of Buyers• the threat of New Entrants• the threat of Substitute Products• Rivalry among existing firms

(but Porter missed Regulatory Aspects!)

Copyright,1997-2004

12

Towards a Strategic Management Theory for

Government

Forces Shaping the Public Sector

• The Executive• The Parliament• International

Factors

• Business• Business Advocates

and Representatives

• ‘The Public’• ‘The Media’• Representatives of

and Advocates for:• The Public• Population

Segments

Copyright,1997-2004

13

Public Policy Factors

• Service Quality• Service Accessibility• Service Equity• Imposition of Effort and Cost• Imposition of Risks• Freedom of Information• Public Safety, OH&S• Privacy• ...

Copyright,1997-2004

14

Equity – Bases for Discrimination

• Physical Handicapssight, mobility, or capacity to use a keyboard or mouse

• Mental Handicapsinability to remember username/password pair, or carry a token

• Educational Handicapslack of understanding of prompts, or what to do with a token

• Lingual Handicapsinsufficient local language to understand instructions

• Locationin an institution, in a remote area, in a rural or regional area with outdated infrastructure or inadequate bandwidth, ex-country

• Lifestyle – traditional, seasonal worker, itinerant, ‘street kid’

Copyright,1997-2004

15

‘Persons-at-Risk’• People under the Direct Threat of Violence

• people concealing themselves from previous criminal associates

• victims of domestic violence• protected witnesses• people under fatwa

• Celebrities, Notorieties and VIPs• politicians• entertainers and sportspeople• people 'in the public eye', such as lottery-winners

• People in Security-Sensitive Roles • national security operatives, undercover police,

prison warders, and staff in psychiatric institutions

Copyright,1997-2004

16

Sponsor Motivations(2) Business Needs

• Return on Investment• Task Tfer / Cost Tfer / Enhanced Svce• User Adoption / Acceptance• Other-Stakeholder Acceptance

(3) Business Not-Needs• User Opposition• Other-Stakeholder Opposition• Bad Press, Embarrassed Ministers

Copyright,1997-2004

17

Antidotes

• Analysis of Stakeholders

• Information for Stakeholders

• Consultation with Stakeholders

• Participation of Stakeholders

Copyright,1997-2004

18

Stakeholder Analysis and Segmentation

• Sponsors• Service and Technology Providers• Users

• People• Business Enterprises and Associations• Govt agencies at varying levels of govt

• Usees / Clients / Regulatees• People• Business Enterprises and Associations

• The General Public

Copyright,1997-2004

19

Who To Consult With?

• Citizens / Consumers / Users / UseesThe people actually affected by the proposal

• RepresentativesUnderstand and can express the concerns of people within a particular population segment

• Public Interest AdvocatesUnderstand the technology, processes and issues

Different approaches are necessary

Copyright,1997-2004

20

Consultations with People

• Most people can’t cope with abstractions, and need concrete experiences

• So prime discussions with mockups, protoypes• Use Focus Group technique:

• diverse group of 6-12 people, preferably without prior knowledge of one another

• typically for 1.5 to 2.5 hours• a Moderator ‘focuses’ discussion on a

topic, but allows it to range across many aspects

Copyright,1997-2004

21

Consultations with Reps and Advocates

• Stakeholder Analysis and Segmentation• Search for Representatives and Advocates• Invitation to Participate• Background Paper• Consultation Workshop• Assimilation of information provided into:

• the Scheme Design• a PIA report

• Feedback

Copyright,1997-2004

22

The Role of Confidentialityin Consultative Processes

• The focus is on mutual confidence• Confidentiality is a spin-off• All parties may want some

protection• All parties may want to ‘fly kites’,

‘test the water’, or use ‘po’

Copyright,1997-2004

23

PRIVACY as a Strategic Factor

• Privacy is much more than mere Data Protection, and Fair Information Practices

• Elements of a Privacy Strategy• A Proactive Stance• An Express Strategy• An Articulated Plan• Resourcing• Monitoring of Performance against the

Plan

Copyright,1997-2004

24

Phases of an Organisational Privacy Strategy

• PreparatoryStudy, Consultation, Formulation, Internal Commitment, Articulation incl. Participation, Public Commitment

• EstablishmentPlanning, Embedment, Acculturation, Internal Implementation, Partner Implementation,Post-Implementation Review

• MaintenanceRe-training, Reinforcement, Internal Audit, External Audit, Strategic Review

Copyright,1997-2004

25

Elements of a Privacy Strategy and Plan

• Corporate Privacy Strategy• Assignment of Organisational Responsibility• Compliance with Laws, Codes, Guidelines,

etc.• Embedment in Technical Infrastructure• Embedment in Corporate Procedures

• proposals for project initiation• conduct of development projects• privacy impact assessment• post-implementation review• audit, both periodic, and on-demand

• Stakeholder Consultative Arrangements

Copyright,1997-2004

26

Privacy Impact Assessment

A processthat surfaces and examines

potential impacts and implications

of privacy-invasive proposals

Copyright,1997-2004

27

Objectives of the PIA Process• Clearly define:

• business needs• stakeholder groups• privacy impacts

and implications• Enable understanding

and assessment of the proposal

• Enable mutual understanding of stakeholder perspectives

• Ensure reflection of stakeholder perspectives in the outcomes

• Enable:• maximisation of positive

impacts• avoidance or amelioration

of negative impacts• Maximise the likelihood of

stakeholder support• Avoid new requirements

emerging late• Earn public confidence• Raise awareness, educate • Anticipate and avoid

misinformation campaigns

Copyright,1997-2004

28

Alternative Assessment Perspectives

• The Sponsor• The Sponsors• Strategic Partners• Service and Technology Providers• Users – and Usees / Clients / Regulatees

• People• Business Enterprises and Associations• Govt agencies at varying levels of govt

• The Society / Economy / Polity

Copyright,1997-2004

29

Methods to Support AssessmentSponsor Perspective OnlyCapital Investment Project EvaluationDiscounted Cash Flows, Payback Period, NPVAssumes that all variables are measured in financial termsDeterministic, but can do Sensitivity AnalysisBusiness Case AnalysisSupports fin’l, quantitative, and qualitative measures

Multi-PerspectiveCost / Benefit Analysis (CBA)Fin’l, quant, qual measuresLess precise, partly qualitativeRecognises Opportunity CostsSensitivity AnalysisCost / Benefit / Risk Analysis (COBRA)CBA +Focuses on key uncertaintiesSearch for countermeasures

Copyright,1997-2004

30

Elements of the PIA Process• Surfacing and Examination of the privacy impacts and

implications of a proposal• Development of a clear understanding of the Business Need

that justifies the proposal and its negative impacts• Gauging of the Acceptability of the proposal and its features

by organisations and people that will be affected by it• Assessment of Compliance of the proposal with existing

privacy-related laws, codes, best practices and guidelines• Constructive Search for, and Evaluation of, better Alternatives• Constructive Search for ways to Avoid Negative Impacts,

and ways to Ameliorate Unavoidable Negative Impacts • Documentation and Publication of the Outcomes

Copyright,1997-2004

31

Public Participation in PIAs• Public Representation on the Steering Committee• Focus Groups; and a PIA Consultative Group• Sufficient Diversity of Participants to

ensure all perspectives are represented• Multiple Rounds of:

• information provision by the sponsor to the public• consultation between advocates and stakeholder

groups, and the primary sponsor• Assimilation of the information provided by all parties into

subsequent rounds of activities and consultation• Participation by stakeholder groups in the

design and implementation activities

Copyright,1997-2004

32

Contents of a P.I.A. Report

• Description of the Proposal and its Applications

• Analysis of Privacy Concerns• Summary of Laws, Codes, Best

Practices and Guidelines, and Application to the Proposal

• Evaluation, and Justification for the Privacy Impacts

• Analysis of Public Acceptability• Analysis of Measures to Avoid

& Ameliorate Privacy Impacts

• Appendices:• References to Laws,

Codes, Best Practices and Guidelines

• Summary of the Consultative Processes

• Organisations and Individuals Consulted

• The Background Information Provided

Copyright,1997-2004

33

Benefits of a P.I.A.

• Early appreciation of the citizen perspective

• Constructive suggestions• to avoid negative impacts• to improve the design

• Early warning of future problems• Avoidance of re-work and retro-fit• Pre-countering of public criticism

Copyright,1997-2004

34

Key Features of a PIA – 1 of 2• More Process Than Product• Not just an audit of compliance with existing laws• Requires active involvement of all relevant parties, and

incorporation of ideas into the emergent design(inclusive and participative, or at least consultative)

• Proxies need to be engaged, in order to:• gauge the acceptability of various features• constructively search for alternatives• constructively search for ways in which negative

impacts can be avoided, or at least ameliorated• gain commitment

Copyright,1997-2004

35

Key Features of a PIA – 2 of 2• Is performed by the proposal’s sponsor

• not by a privacy regulatory agency• not fully delegated to a consultant or contractor

• Commences early, to maximise involvement, avoid suspicion, and minimise re-work costs

• Involves multiple phases, such that shared understanding increases, and with it commitment

• Reduces the likelihood of later public opposition and misinformation campaigns, and, even if they are conducted, reduces their credibility

Copyright,1997-2004

36

Why PIAs ?

• It may be a Legal Requirement• Public Policy may dictate that it be done• Stakeholder groups may have

sufficient power to force it• Project Risk may be reduced• Investment Risk may be reduced• Adoption may be enhanced• The proposal’s quality may be enhanced