SIIA Releases 10 Guidelines to Help Policymakers Develop Consumer Privacy Policies

guidelines are an alternative to calls for a comprehensive U.S. privacy statute such as the EU's General Data Protection Regulation and can help policymakers implement a comprehensive system or legislate or regulate a specific area "such as drones, student privacy, information service providers, or broadband privacy." During a webinar, Mark MacCarthy, SIIA senior vice president-public policy, also cited areas such as artificial intelligence, big data, cloud computing and IoT. He said the first five principles are more general while the second five are more specific. The first principle directs privacy regulators to analyze the consequences of their decisions and ensure the benefits of an adopted regulation justify costs. The second says any new privacy rule should mitigate risks to specific injuries. Technology Policy Institute President Thomas Lenard, describing the principles as a "very positive contribution," said during the webinar that the first two principles are essentially the core of the principles while the remaining eight "flesh" them out in some manner. The other eight principles are: ensuring social and business contexts are considered since norms and expectations differ and change; evaluating privacy as new technologies emerge; picking the right regulatory tool; providing transparency and consumer notices such as data breach notifications; using either an opt-in or opt-out choice; encouraging de-identification of data; assessing a data minimization policy in a risk-based process; and avoiding using data collected for one purpose for another. Center for Democracy & Technology CEO Nuala O'Connor said during the webinar there's "much to like" about the SIIA guidelines, but an organization should be mindful of collecting and retaining identifiable data since there's always a risk of a breach. But even de-identified data, which is preferable, can potentially lead to unintended consequences or bias through algorithms, she said.