Ready to start a serious discussion of privacy?

https://iapp.org/news/a/privacy-as-code-a-new-taxonomy-for-privacy/

Privacy as code: A new taxonomy for privacy

“Privacy by design” implies putting privacy into practice in system architectures and software development from the very beginning and throughout the system lifecycle. It is required by the EU General Data Protection Regulation in Article 25. In the U.S., the Federal Trade Commission included an entire section on privacy by design in its 2012 report on recommendations for businesses and policymakers. Privacy by design is also covered by India’s PDP Bill and by Australia’s Privacy Management Framework, to name just a few. Privacy by design has come a long way since its original presentation by Ann Cavoukian, former Canadian privacy commissioner of Ontario, in 2009.

While privacy as design is conceptually simple, its reduction to practice is not. System developers and privacy engineers responsible for it face simple but hard-to-answer questions: Where is the actual data in the organization? What types of information fall under personal data? How does one set up a data deletion process for structured as well as unstructured data?

Three years ago, Cillian Kieran and his team at Ethyca embarked on a quest to develop a unified solution to those questions. Their vision? Nothing less than privacy-as-code – privacy built into the code itself. This revolutionary approach classifies data in such a way that its privacy attributes are obvious within the code structure.

… Last week, Ethyca celebrated an additional $7.5 million in funding and announced the first release of Fides. Fides is named after the Roman god of trust.

Fides is an open-source, human-readable description language based on the data-serialization language YAML. Fides allows one to write code with privacy designed in. It is based on common definitions of types, categories and purposes of personal data. Developers that use this language can easily see where privacy-related information is at any point in the software development. For any given system, engineers shall be able to understand at a glimpse whose data is in the system and what it is being used for.

Perhaps it is not too late.

https://sloanreview.mit.edu/article/catching-up-fast-by-driving-value-from-ai/

Catching Up Fast by Driving Value From AI

Some organizations may feel that acquiring AI capabilities is a race, and if a company starts late, it can never catch up.

That notion is belied by Scotiabank (officially the Bank of Nova Scotia), which has pursued a results-oriented approach to artificial intelligence over the past two years. While some of its resources are devoted to exploring how new technologies — including blockchain and quantum computing — might drive fresh business models and products, the great majority of its data and AI work is focused on improving operations today rather than incubating for the future.

As a result, Scotiabank — one of the Big Five banks based in Canada — has caught up to competitors in some crucial areas. It has done so by more closely integrating its data and analytics work; taking a pragmatic approach to AI; and focusing on reusable data sets, which help with both speed and return on investment.

Questions yes, answers not so much.

https://www.fedscoop.com/questions-around-federal-ai-oversight/

2021 in review: Oversight questions loom over federal AI efforts

The Biden administration established several artificial intelligence bodies in 2021 likely to impact how agencies use the technology moving forward, but oversight mechanisms are lacking, experts say.

Bills mandating greater accountability around AI haven’t gained traction because the U.S. lacks comprehensive privacy legislation, like the European Union’s General Data Protection Regulation, which would serve as a foundation for regulating algorithmic systems, according to an Open Technology Institute brief published in November.

… “Right now most advocates and experts in the space are really looking to the EU as the place that’s laying the groundwork for these kinds of issues,” Spandana Singh, policy analyst at OTI, told FedScoop. “And the U.S. is kind of lagging behind because it hasn’t been able to identify a more consolidated approach.”

Instead lawmakers propose myriad bills addressing aspects of privacy, transparency, impact assessments, intermediary liability, or a combination in a fragmented approach year after year. The EU has only the Digital Services Act, requiring transparency around algorithmic content curation, and the AI Act, providing a risk-based framework for determining if a particular AI system is “high risk.”