Privacy by design – Building privacy into operations
Privacy by design consists of seven foundational principles that provide guidance on incorporating privacy into all levels of enterprise operations while they are being built, instead of adding privacy to a system, services, or process later.
1. Proactive, not reactive; preventative, not remedial
Pro Tip – Consider privacy in the systems or process design phase instead of reacting to privacy harms in the future.
2. Privacy as the default setting
Pro Tip – Make the default settings of data systems preserve individual privacy without those individuals taking explicit action.
3. Privacy embedded in design
Pro Tip – Make/embed privacy as an integral part of system or process design.
4. Full functionality – positive sum, not zero-sum
Pro Tip – Privacy enhancing mechanisms are not to be treated as a trade off with the systems’ or processes’ business functions.
5. End to end security – full lifecycle protection
Pro Tip – Appropriate security should be in place to mitigate privacy risks in the data lifecycle, collecting, processing, storing, sharing, and destroying.
6. Visibility and transparency – keep it open
Pro Tip – Providing visibility and transparency in privacy notices helps reduce risks and allow individuals to make informed decisions/choices about their personal data.
7. Respect for user privacy – keep it user centric
Pro Tip – Keep individuals’/users’ privacy needs and risks at the forefront when developing data systems.
Privacy is also a business issue. The customer trusts that an enterprise will translate privacy into competitive advantage. It is important that privacy be embedded into the IT systems as part of system design, integrated to enhance the enterprise business objectives.
Ready to work with us?
Author
Kiran Bommareddy
The information provided here is for general guidance only, and does not constitute the provision of tax advice, accounting services, investment advice, legal advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisers.