Privacy is a 360 degree issue; the best advisors can tell you how it looks from all the angles your organization needs to know about.

Who we are

HISTORYDigital Discretion Inc. was founded in 2003 by Stephanie Perrin, as a consulting firm providing advice in the application of privacy law, the development of privacy policy, and in practical matters of implementation.  Working with a number of associates, the company produced reports on matters ranging from identity theft to RFID, performed risk assessments and training sessions, and drafted privacy policies and developed privacy impact assessments and privacy audits.  The company was dormant between 2005 and 2013 while she returned to the federal government to work in various capacities on privacy policy, risk management, and ethics.  Digital Discretion is now active again, providing advice and guidance in information law and policy.

Our team brings a depth of experience that we venture to say is unrivalled in the field of information rights.  We have all worked in this field for over ten years, most of us over 25 years, and have been in key roles developing, implementing, interpreting, and writing about information law and policy.  We bring a wealth of different perspectives to our field, having worked at the political level, as public servants and legal counsel, as reporters, as representatives of Civil Society, as academics, and within corporations in various capacities.

What we do for you

- Needs assessment:  If you do not understand what you need to do to comply with privacy law and customer expectations, we can help.

Personal information audits and data mapping:  A first step is to identify and review existing practices and procedures for the management of personal information across all or part of an organization.

- Privacy risk and impact assessments, scanning:  The Privacy Impact Assessment (PIA) is now the standard tool for evaluating compliance with privacy laws and policies in Canada, and is required in some jurisdictions.  Digital Discretion can provide a detailed review of personal information transactions, either holistically or on a project basis, and provide appropriate qualitative impact assessment.  Since privacy risk assessment must be done in the context of security risk assessment, we work with security risk professionals to review the links with security threat risk assessments.   Given our expertise in broader risk assessment, we can fit your privacy risk mitigations into your global risk management planning.

- Compliance with law:  We can help you develop policies and procedures, examine relevant privacy laws and policies in order to identify areas of non-compliance and assess your risks. A full PIA provides mitigation strategies, ideally incorporated within a user-friendly action plan, that will put your organization in a situation of manageable risk.  We can help you develop implementation schedules that will get you there within budget.

- Communications with clients, oversight bodies, and stakeholders:  Often when privacy issues arise, organizations are in a quandary as to how to respond.  We can help, we have experience at all levels of the privacy communications:
   Management of complaints and appeals;
   Strategies for special issues such as social media, authentication, data analytics, ethics in information practices;
   Training of staff, and preparation of information materials for clients;
   Strategic crisis communications.  Sometimes things just go wrong and your organization gets caught in the collateral damage, other times people make costly mistakes.  We have lots of experience in dealing with stakeholders in these situations, and can help you through the crisis.

- Policy and Analysis:  You are busy running your business, you may not be aware of what is happening in privacy issues.  Because of the speed with which issues can develop, you may want to be advised when something that could impact your organization has occurred.  We provide monitoring and analysis of local and global developments and trends, and advice for short and long-term policy positions on key issues for organizations.

What we believe

We are committed to the belief that a flourishing and just information society is vital to the future of our democratic ideals.  While there is no question that data protection, transparency, and security are a complex tangle of often contradictory and risky issues, with our assistance you can navigate them successfully.  Our goal is to manage that complexity for our clients, without charging an arm and a leg for our services.  We want to help you identify the best course of action, and make that course of action practical, affordable, and straightforward.    We believe most organizations take pride in doing the right thing, and are committed to facilitating that.

We take pride in our work and invite our clients to debate the issues, don’t just take our advice.  If at the end of an engagement with Digital Discretion, you don’t understand why you are doing what you are doing, we have failed.

There is a lot of talk these days about how privacy is dead, you have no privacy, young people don’t believe in it, etc.  This is nonsense. Everybody wants respect.  Everybody wants to control their own destiny, not have it mapped out by someone else who purports to know more about them than they do themselves.  Privacy is not an outmoded idea – in fact it is increasingly relevant as users become more aware of the risks implicit in the collection, use and disclosure of personal information.  Organizations who choose to respect rather than exploit personal information will not only save themselves from sifting through petabytes of data in order to retrieve and correct errors, but will attract sophisticated and loyal clients and partners.  Poor personal information management practices are now a measurable and increasingly visible liability.

What we are doing

    August 27-30 - Stephanie Perrin was in Washington D.C. with the ICANN Experts Working Group.  Work continues on the new top-level domain Directory Services (replacement of WHOIS) and the comment period on the EWB interim report had been extended to September 9, next meeting is October 8-10 in Los Angeles.

    September 20-21 - Stephanie Perrin was at the Canadian Civil Liberties Conference Rightswatch (http://ccla.org/events/rightswatch-2013/) seeking comments on the ICANN EWG draft proposal for anonymous credentials for domain name registration.  For more information about the activities of the expert working group, go here https://community.icann.org/pages/viewpage.action?pageId=40175189.  The EWG will discuss the next draft of their report on revamping directory services at the  48th International Public ICANN Meeting in Buenos Aires, Argentina during 17-21 November 2013 (http://buenosaires48.icann.org/)

3. October 10-11 - Heather Black is in Vancouver at the Privacy and Access 20/20 Conference (http://www.privacyandaccess2013.ca/events/privacyandaccess2013/), focusing on a New Vision for Information Rights.

What we are reading

On Big Data:
Oscar H. Gandy, Jr. Coming to Terms with Chance:
 Engaging Rational Discrimination and Cumulative Disadvantage, Farnham, Surry:  Ashgate Publishing (2009).
There is a lot of talk these days about “big data”, about how it fuels the information economy and is the underpinning to modern risk management.  Oscar Gandy, who has more or less retired from a prolific scholarly career in communications and sociology, culminating at the Annenberg School at the University of Pennsylvania, has written a very interesting book on what needs to be done to protect individuals at risk in this new environment.  Read the book to find his solution, it is well worth it, and if there is a better solution out there we would love to hear what it is.

On the current discussion regarding the future of the European Directive on Data Protection:

On the role of the FTC in handling privacy complaints:  http://www.concurringopinions.com/archives/2013/08/who-is-the-more-active-privacy-enforcer-ftc-or-ocr.html

© Digital Discretion 2013