USACM Comments On Intersection Of Big Data And Consumer Privacy
Yesterday USACM responded to a Request for Comment from the National Telecommunications and Information Administration (NTIA). In response to a recommendation in the Administration’s Big Data report released in May, the NTIA solicited public comment on how the Consumer Privacy Bill of Rights could support big data.
In its comments, USACM notes that while big data adds to the complexity of limiting data collection, such limits should not be deemphasized. It’s important to have controls on both the collection and use of data, and innovations, including privacy enhancing technologies, should make it easy for someone without a technical background to apply their data preferences when interacting with a data collector.
Among the USACM recommendations:
- Use a broadly construed risk-based approach to responsible use that accommodates multiple privacy risk models, and allows designers to accommodate variations in risk and exposure.
- Attach consumer guidance to data supplied by the consumer only once. Organizations should be responsible for applying the guidance wherever and whenever the data is communicated or used.
- Systems designers should build reasonably effective deletion capability into the system and document the capability and its limitations.
- Have sector-independent means of handling data of different levels of sensitivity could help address cost concerns and spur innovation in Big Data by simplifying the set of privacy rules.
- In addition to proper access and physical security controls, contract language is a practical tool available to organizations that want to discourage attacks against latent information about individuals.