5

PCPD News

私隱專員公署通訊

•

Issue no. 31

Professor Fred Cate

美國印第安納大學摩利爾

法學院傑出教授

Distinguished Professor and C.

Ben Dutton Professor of Law,

Senior Fellow of the Center

for Applied Cybersecurity

Research, and Director of the

Center for Law, Ethics and

Applied Research in Health

Information, Indiana University

Maurer School of Law, US

Mr Peter Cullen

美國資訊問責基金創新政策

行政策略師

Executive Strategist for Policy

Innovation, The Information

Accountability Foundation, US

問責

2.0

是甚麼？我認為由過去所說的「私隱影響評估」過渡至「資訊影響評估」可能是

思考這問題的另一方法。我們絕對需要重新思索個人的參與。個人在適當時作出有意義

的同意及控制，非常重要。我們要思索新的減輕風險方法。最後，企業必須顯示能力，

付諸實行。

What may accountability 2.0 look like? I think moving from what we used to call

“privacy impact assessment” to “information impact assessment” may be another way

to think about it. We absolutely need to rethink individual participation. It is super

important that individuals do have meaningful consent and meaningful control where

appropriate. We have to think about new approaches to risk mitigation. And finally, we

businesses have to demonstrate capability, to be able to do this.

我們在保障私隱資料上可以採取下述步驟，做得更好：

首先，我們不應太集中於個人同意方面，應聚焦於資料管理責任及資料使用者在理應可

預知的傷害下所承擔的責任。第二，我們需要採用更具系統化及完善的風險管理。第

三，應更注重大數據會如何被使用，而不是資料的收集或保留，或收集資料的原本目

的。第四，透過具透明度及包容性的過程，我們（包括規管者、業界及個人）應發展一

個可識別傷害的體系。第五，我們應更著重透明度及糾正方法。最後，在有意義及有

效的情況下，通知當事人和讓當事人得以選擇。

There are a number of steps that we can take to enhance our ability to do better (on

privacy data protection):

First of all, we should focus less on individual consent and more on placing

responsibility for data stewardship and liability for reasonably foreseeable harm on

data users. Second, we need to employ a more systemic and well-developed use of

risk management. Third, we need to place greater focus on the uses of big data as

opposed to the mere collection or retention of data or the purpose for which data were

originally collected. Fourth, we need to develop a broad framework of cognisable

harms, identified through a transparent, inclusive process, including regulators,

industries and individuals. Fifth, we should pay more attention to transparency and

redress. And finally, we should reserve notice and choice for where it is meaningful

and effective.