rad⋅i⋅cal: adj., thoroughgoing or extreme, esp. as regards change from accepted or traditional forms

prag⋅ma⋅tism: n., A practical, matter-of-fact way of approaching or assessing situations or of solving problems.

Privacy in the 21st century needs to be approached with “radical pragmatism”. This according to Ann Cavoukian, Information and Privacy Commissioner of Ontario (IPCO), in the IPCO anthology paper titled, Privacy and Radical Pragmatism: Change the Paradigm, recently released in an anthology of her office’s works, Privacy By Design … Take the Challenge. The anthology highlights the IPCO’s vision, philosophy and approach toward advancing information privacy. She stressed at an IAPP Knowledgenet presentation on October 20, 2009 that “most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg; the majority of privacy breaches remain unchallenged, unregulated – unknown. Compliance alone, is unsustainable as a model for ensuring the future of privacy; for that, we must turn to measures such as Privacy by Design: the Gold Standard – embedding privacy proactively into the core.”

‘“Radical” pragmatism (radical used here in the sense of “far-reaching” or “thorough”) is the embodiment of a positive-sum paradigm, involving taking a practical approach, and invoking the need for transformative technologies.’  Furthermore, the paper defined:

Positive-Sum Paradigm + Privacy-Enhancing Technology = Transformative Technology

Taken by its own, this definition could be quite a mouthful, however, these concepts are explained in the paper.

“A Positive-Sum Paradigm describes a situation in which all participants may mutually gain together (win-win). Conversely, a Zero-Sum Paradigm describes a concept or situation in which one party’s gains are balanced by another party’s losses – win/lose;either/or; enhancing security often comes at the expense of privacy – the more you have of one, the less you can have of the other” , stated Ann in her presentation to the IAPP.

Contradicting the view that achieving privacy objectives, comes at the expense of operational efficiency, usability, innovation or other desired business goals, the positive-sum paradigm does require that privacy be built into systems or procedures from the outset, thereby, introducing the IPCO mantra of “Privacy by Design”. Privacy factors when properly considered during the initial design, are typically easier to get buy-in and resources. Conversely, having to retrofit a solution will typically be met with more opposition and require more effort to implement. The IPCO paper suggests that failure to understand the “Privacy Payoff” is a factor for this short sightedness:

1. Consumer trust drives successful customer relationship management and lifetime value … in other words, revenues
2. Broken trust will result in a lost off market share, loss of revenue, and lower stock value.
3. Consumer trust hinges critically on the strength and credibility of an organization’s data privacy policies and practices

Thankfully, by utilizing Privacy by Design foundational principles, “the effect is a minimization of the unnecessary collection and use of personal data by the system, while at the same time, strengthening data security, and empowering individuals to exercise greater control. This can result in technologies that achieve strong security and privacy, or privacy and functionality, delivering a “win-win” outcome”, maintained Ann in her presentation.

Privacy-enhancing technologies (PETs), defined as “coherent systems of information and communication technologies that strengthen the protection of an individual’s private life in an information system by preventing unnecessary or unlawful processing of personal data or by offering tools and controls to enhance the individual’s control over his/her personal data”, when used, provide the dual benefit of users having maximum control over their personal information and little to no impact on system functionality and performance; further supporting the positive sum paradigm’s win-win scenario.

Developing these types of technologies with a positive-sum paradigm mandate are what the paper describes as a “transformative technology”. Transformative in the sense that it converts a typically privacy-invasive feature of the technology into a privacy-protecting one. The paper goes on to give examples and full descriptions of some of these types of technologies, such as bioemetric encryption, clipped tag RFIDs, CCTV image encryption, whole body imaging etc.

Given the rapidly changing technological and social currents affecting privacy, viewing privacy as merely a compliance activity is akin to simply treading water. With the level not only being raised but shifting continually, a radical privacy pragmatism is required to ensure that privacy is kept in its proper perspective.