from Publications - The Citizen Lab
Release: DIY Transparency Report Tool
June 30, 2016
Tagged: data retention, lawful access, Privacy, Telecommunications Transparency, transparency
Categories:
Christopher Parsons,
Reports and Briefings,
Research NewsThe Telecommunications Transparency Project is happy to announce the release of the DIY Transparency Report Tool, which is designed the help small- and medium-sized organizations produce holistic transparency reports. The Project is associated with the Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, and the project was funded through the Canadian Internet Registration Authorities’s .CA Community Investment Program.
The DIY Transparency Report tool helps smaller organizations produce holistic transparency reports. Such reports comprehensively explain to customers, citizens, and government agencies alike how an organization retains data, its policies for disclosing information to government agencies, and the regularity at which it does disclose information to such agencies. The tool is designed to guide organizations through the process of developing their own holistic report, while empowering them to customize their reports to reflect their organizational profile. And, critically, the tool is entirely open source and operates where the organization decides, so sensitive information is never disclosed to another party until the organization makes that decision.
Using this tool, organizations can create data retention guides, government requests handbooks, and government requests reports.
- A data retention guide can help companies rapidly identify to third-parties, including users and government agencies, whether they possess information of interest to those parties. Moreover, evaluating the data under an organization’s control can clarify whether data is being retained for a clear, and overtly stated, business purpose for an appropriate period of time. Principle 8 of Canada’s federal commercial privacy legislation, the Personal Information and Protection of Electronic Data Act (PIPEDA), asserts that “personal information that is no longer required to fulfil the identified purposes should be destroyed, erased, or made anonymous. Organizations shall develop guidelines and implement procedures to govern the destruction of personal information.” Consequently, developing a data retention guide can dovetail with an organization’s efforts to ensure it is complying with Canadian privacy law.
- A government requests handbook details how an organization responds to requests from government agencies for information which may be controlled or accessible to the organization. Such handbooks help organizations professionally respond to such requests and assist government agencies format and communicate requests in a manner that will be quickly addressed by an organization. These handbooks might explain a little about an organization, whether the organization responds to voluntary (i.e. non-court ordered) disclosure requests, how requests from foreign government agencies are handled, whether costs might be sought for providing lawful assistance, and whether the organization will seek to notify its users of any requests. Such handbooks will also clearly identify to whom, and how, government requests should be made and how the organization requires requesters to prove they are genuinely government agents.
- Government requests reports summarize the number, and kind, of requests that an organization has received over the period of time covered by the holistic transparency report. Such reports list different kinds of request-types, such as voluntary types of requests, court-ordered types of requests, as well as foreign requests as well as preservation requests, along with how organizations responded to such requests. Responses might include fully, partially, or refusing/being unable to provide responses, and might also note the number of affected persons/accounts which were notified of the government agencies’ request and possible subsequent disclosures.
Download DIY Transparency Report Documentation || Download DIY Transparency Report Application Code
Project Support
This project was funded through the Canadian Internet Registration Authority’s .CA Community Investment Program. Through the Community Investment Program, .CA funds projects that demonstrate the capacity to improve the Internet for all Canadians. The .CA team manages Canada’s country code top-level domain on behalf of all Canadians. A Member-driven organization, .CA represents the interests of Canada’s Internet community internationally.