Privacy & Information Security Law Blog

On July 23, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP issued two new discussion papers on the Central Role of Organizational Accountability in Data Protection. The goal of these discussion papers is to show that organizational accountability is pivotal to effective data protection and essential for the digital transformation of the economy and society, and to emphasize how its many benefits should be actively encouraged and incentivized by data protection authorities (“DPAs”), and law and policy makers around the globe.

The Case for Accountability: How it Enables Effective Data Protection and Trust in Digital Society

The first discussion paper explains how accountability provides the necessary framework and tools for scalable compliance, fosters corporate digital responsibility beyond pure legal compliance, and empowers and protects individuals. It also details the benefits of implementing accountability to individuals, regulators and organizations.

Key areas of focus in the paper include:

• the essential elements of accountability and the different approaches to implementing accountability;
• how accountability applies in similar and different ways to data controllers and processors;
• implementing and demonstrating accountability within an organization (e.g., through comprehensive internal privacy programs or verified or certified accountability mechanisms); and
• the benefits of accountability, both by stakeholder and by type.

Incentivizing Accountability: How Data Protection Authorities and Law Makers Can Encourage Accountability

The second discussion paper explains why and how accountability should be specifically incentivized, particularly by DPAs and law makers. It argues that given the many benefits of accountability for all stakeholders, DPAs and law makers should encourage and incentivize organizations to implement accountability. They should not merely rely on the threat of sanctions to ensure legally required accountability, nor should they leave the implementation of heightened accountability (i.e., accountability beyond what is legally required) to various “internal” incentives of the organizations, such as improved customer trust and competitive advantage. Instead, DPAs and law makers should proactively provide additional external incentives, including on the grounds that accountability provides broader benefits to all stakeholders beyond just the organization itself and specifically helps DPAs carry out their many regulatory tasks.

Key areas of focus in the paper include:

• why accountability measures should be incentivized;
• who should incentivized accountability, namely, DPAs and law and policy makers; and
• how accountability should be incentivized, including examples of what the incentives might be.