Privacy by design – Building privacy into operations

InsightsThought leadership

Privacy by design

Privacy by design was developed to ensure that privacy is protected, and data subjects exert control over their information and the information of the enterprises. It was introduced as a concept by Ann Cavoukian, the commissioner for Information and Privacy for the province of Ontario, Canada. Later, GDPR and other privacy regulations adopted the concept into their privacy standards.

Privacy by design consists of seven foundational principles that provide guidance on incorporating privacy into all levels of enterprise operations while they are being built, instead of adding privacy to a system, services, or process later.

 1.     Proactive, not reactive; preventative, not remedial

Pro Tip – Consider privacy in the systems or process design phase instead of reacting to privacy harms in the future.

2.     Privacy as the default setting

Pro Tip – Make the default settings of data systems preserve individual privacy without those individuals taking explicit action.

3.     Privacy embedded in design

Pro Tip – Make/embed privacy as an integral part of system or process design.

4.     Full functionality – positive sum, not zero-sum

Pro Tip – Privacy enhancing mechanisms are not to be treated as a trade off with the systems’ or processes’ business functions.

5.     End to end security – full lifecycle protection

Pro Tip – Appropriate security should be in place to mitigate privacy risks in the data lifecycle, collecting, processing, storing, sharing, and destroying.

6.     Visibility and transparency – keep it open

Pro Tip – Providing visibility and transparency in privacy notices helps reduce risks and allow individuals to make informed decisions/choices about their personal data.

7.     Respect for user privacy – keep it user centric

Pro Tip – Keep individuals’/users’ privacy needs and risks at the forefront when developing data systems.

Privacy is also a business issue. The customer trusts that an enterprise will translate privacy into competitive advantage. It is important that privacy be embedded into the IT systems as part of system design, integrated to enhance the enterprise business objectives.

Ready to work with us? 

Contact us

Author

Kiran Bommareddy

The information provided here is for general guidance only, and does not constitute the provision of tax advice, accounting services, investment advice, legal advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisers.

Contact us

+1 212 375 6510
Meet our local team
Discover our locations
Or use our contact form