PRIVACY BY DESIGN
Privacy by Design (PbD) is not a difficult concept. Stated simply, it means including privacy protection as an intrinsic part of systems development projects from the earliest stages. If privacy is the default state the risk of privacy breaches, along with their associated costs and compliance issues, is much reduced. PbD and its corollary, Privacy by Default, are basic principles of the European General Data Protection Regulation (GDPR). The International Organization for Standards (ISO) has introduced a PbD standard, ISO 31700.
The concept of embedding privacy into software applications has been around since the mid-2000’s, but has not been implemented in practice as much as it should be. Privacy issues are often an afterthought for developers, or they are seen as having been covered off by security features. But privacy is different from security, not least because it is subject to legislated requirements. Internet of Things (IoT) devices, web-enabled software, cloud services and networked systems will all benefit from the application of PbD.
The seven foundational principles of PbD were first stated by Dr. Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, and her collaborators:
Proactive not reactive; Preventative not remedial
Privacy as the default setting
Privacy embedded into design
Full functionality – positive-sum, not zero-sum
End-to-end security – full lifecycle protection
Visibility and transparency – keep it open
Respect for user privacy – keep it user-centric
Excela Associates can assist in implementing privacy by design for any project. We can recommend PbD approaches for software applications, IoT projects, cloud computing services, database designs and other information technology projects.