“Properly understood, privacy is becoming increasingly critical to achieving success in the new economy. In this environment, Privacy by Design offers a principled, flexible, and technology-neutral vehicle for engaging with privacy issues, and for resolving them in ways that support multiple outcomes in a full functionality, positive-sum, win-win scenario.” — Ann Cavoukian
“Privacy by Design” (PbD) is a concept that has been championed since 1997 by Ann Cavoukian, the former information and privacy commissioner of Ontario, Canada. The concept refers to applying the areas of information technology, accountable business practice, and physical design to the following seven principles:
The Seven Foundational Principles of Privacy by Design
- Proactive not Reactive; Preventative not Remedial
- Privacy as the Default Setting
- Privacy Embedded into Design
- Full Functionality – Positive-Sum, not Zero-Sum
- End-to-End Security – Full Life-Cycle Protection
- Visibility and Transparency – Keep it Open
- Respect for User Privacy – Keep it User-Centric
Privacy by Design comprises these seven foundational principles and is currently an international regulatory priority. The recently enacted General Data Protection Regulation requires “Data Protection by Design” which means companies offering products and services in Europe must show that they have done the appropriate due diligence and respected user privacy considerations. Enterprivacy Consulting Group uses PbD to remediate privacy risks as well as include privacy protection throughout the life cycle of a product. Whether you are looking for support on a particular offering or you need help building out your own privacy by design practice, we can help.
Privacy by Design starts with training. Whether it’s seasoned privacy professionals, product managers or engineering staff, each can learn from our focused process driven training. We will teach attendees to recognizes privacy invasions, use tactics to mitigate those invasions and how to appropriately select tactics. The process will result in comprehensive documentation that not only any regulator would be happy to see but will result in more secure and thoughtful products your customers will trust.
Identifying privacy issues themselves can be one of the toughest jobs. Privacy can be extremely nuanced and often hinges on identifying at-risk populations among large customer bases. Analysts must also consider cognitive biases, information asymmetries, and often ethical boundaries in order to conduct a proper assessment. Not only can ECG help you identify these hidden risks, we will also suggest mitigating controls, be they simple business model changes or more sophisticated technologies.
Products and services are never static. Static offerings will quickly kill your business, and as your business expands so too does the need to address any and all privacy issues. ECG can help you build a world class Privacy by Design Program, so that you can repeatedly address new privacy issues as your product changes.
Certification is not a requirement in order to utilize Privacy by Design. However, if one wants to go down that route, former Information and Privacy Commissioner of Ontario Ann Cavoukian has developed a program at Ryerson University to certify specific product or service offerings as applying the Privacy by Design approach. Assessment must be done by Deloitte – however, Enterprivacy Consulting Group can help you design a program and prepare for assessment, saving your organization time and money prior to your engagement with Deloitte.