“Privacy by design” as a phrase may seem like common sense. After all, who on Earth would want to have their data monitored or outright stolen? Well, no one WANTS that to happen, but you would be surprised how few organisations are pro-actively thinking about that when designing or implementing policies/procedures.
The Privacy by Design framework dictates that privacy and data protection are embedded throughout the entire life cycle of technologies, from the early design stage through deployment, use and ultimate disposal or disposition. The foundational concept is that organizations need to build privacy directly into technology, systems and practices at the design phase, thereby ensuring the existence of privacy and appropriate controls from the outset. It’s a key recommendation of the upcoming EU GDPR.
Privacy by Design consists of seven foundational principles:
- Proactive, not Reactive; Preventative, not Remedial. Privacy by Design anticipates and prevents privacy invasive events before they happen, rather than waiting for privacy risks to materialize.
- Privacy as the Default Setting. No action is required by individuals to maintain their privacy; it is built into the system by default. This concept has been introduced in the European Commission’s GDPR.
- Privacy Embedded into Design. Privacy is an essential component of the core functionality being designed and delivered. The FTC has adopted this principle in its proposed consumer privacy framework, calling for companies to promote consumer privacy throughout the organization and at every stage of product development.
- Full Functionality—Positive-Sum, not Zero-Sum. Privacy by Design seeks to accommodate all legitimate interests and objectives, rather than making unnecessary trade-offs.
- End-to-End Security—Full Life Cycle Protection. Strong security measures are essential to privacy, from start to finish of the life cycle of data. This is another principle the FTC has adopted in its proposed consumer privacy framework.
- Visibility and Transparency. Component parts and operations remain visible and transparent, to both users and providers alike. Visibility and transparency are essential to establishing accountability and trust.
- Respect for User Privacy. Above all, Privacy by Design requires keeping the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options.
Now that wasn’t so hard was it? A little forward-thinking can go a long way. Customers and employees expect this level of care and attention from the businesses in their lives and will actively punish companies who refuse the demonstrate the level of care required. Don’t be left behind.