Privacy by Design (PbD) is not a difficult concept.  Stated simply, it means including privacy protection as an intrinsic part of systems development projects from the earliest stages.  If privacy is the default state the risk of privacy breaches, along with their associated costs and compliance issues, is much reduced. PbD and it's corollary, Privacy by Default, are basic principles of the European General Data Protection Regulation (GDPR).

The concept of embedding privacy into software applications has been around for more than a decade, but has not been implemented in practice as much as it should be. Privacy issues are often an afterthought for developers, or seen as having been covered off by security features. But privacy is different from security, not least because it is subject to legislated requirements. Internet of Things (IoT) devices, web-enabled software, cloud services and networked systems will all benefit from the application of PbD. 

The seven foundational principles of PbD were first stated by Dr. Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, and her collaborators:

  1. Proactive not reactive; Preventative not remedial

  2. Privacy as the default setting

  3. Privacy embedded into design

  4. Full functionality – positive-sum, not zero-sum

  5. End-to-end security – full lifecycle protection

  6. Visibility and transparency – keep it open

  7. Respect for user privacy – keep it user-centric

Excela Associates can assist in implementing privacy by design for any project.  We can recommend PbD approaches for software applications, IoT projects, cloud computing services, database designs and other information technology projects.