PRIVACY BY DESIGN

Privacy by Design (PbD) is not a difficult concept.  Stated simply, it means including privacy protection as an intrinsic part of systems development projects from the earliest stages.  If privacy is the default state the risk of privacy breaches, along with their associated costs and compliance issues, is much reduced. PbD and its corollary, Privacy by Default, are basic principles of the European General Data Protection Regulation (GDPR). The International Organization for Standards (ISO) has introduced a PbD standard, ISO 31700.

The concept of embedding privacy into software applications has been around since the mid-2000’s, but has not been implemented in practice as much as it should be. Privacy issues are often an afterthought for developers, or they are seen as having been covered off by security features. But privacy is different from security, not least because it is subject to legislated requirements. Internet of Things (IoT) devices, web-enabled software, cloud services and networked systems will all benefit from the application of PbD. 

The seven foundational principles of PbD were first stated by Dr. Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, and her collaborators:

  1. Proactive not reactive; Preventative not remedial

  2. Privacy as the default setting

  3. Privacy embedded into design

  4. Full functionality – positive-sum, not zero-sum

  5. End-to-end security – full lifecycle protection

  6. Visibility and transparency – keep it open

  7. Respect for user privacy – keep it user-centric

Excela Associates can assist in implementing privacy by design for any project.  We can recommend PbD approaches for software applications, IoT projects, cloud computing services, database designs and other information technology projects.