The concept of Privacy by Design, or PbD, has been around since the late 1990s but is still surprisingly not as well known as it should be for the benefits it provides to organizations that put it into practice.
The History of Privacy by Design
The term was coined by then Information and Privacy Commissioner of Ontario (Canada), Ann Cavoukian. It emphasizes an approach to systems engineering intended to embed information privacy considerations into the earliest phases of new product and services development.
Initial work on the concept was done in conjunction with the Dutch Data Protection Authority and the Netherlands Organization for Applied Scientific Research in 1995. In 2010, the framework achieved international acceptance when the International Assembly of Privacy Commissioners and Data Protection Authorities unanimously passed a resolution recognizing it as an international standard. Since then, adoption has steadily increased, and the principles deserve continued attention today given the proliferation of privacy laws here in the U.S. and abroad.
Economic Efficiency of Privacy by Design
Anticipating and solving for potential issues and creating appropriate systems to properly handle personal information from the outset saves countless hours and dollars in the long run by preventing costly mistakes.
It’s often challenging for organizations to act in proactive rather than reactive modes, but doing so can be the difference between thriving and struggling in the marketplace. By instituting Privacy by Design principles and practices, not only will personal information be collected, stored, and processed in legally compliant ways, but it also becomes available for new and useful customer insights.
Privacy by Design Principles
Privacy by Design is based on seven “foundational principles”:
- Proactive not reactive; preventive not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality – positive-sum, not zero-sum
- End-to-end security – full lifecycle protection
- Visibility and transparency – keep it open
- Respect for user privacy – keep it user-centric
These general principles, when applied to the greatest extent possible across an organization’s data processing systems will go a long way toward necessary legal compliance, while also building trust with customers and providing new understanding of trends, opportunities and areas needing improvement.
Conclusion
It’s never a finished project, and no organization has achieved nor ever will achieve the application of these goals across all enterprise-wide data stewardship activities. But setting up the goal and expectation to move privacy and security controls early into the new product and services development process will provide economic efficiency, move your company toward its necessary privacy compliance obligations, and might just establish your organization as a leader in the field of customer trust and satisfaction.
For more information, and to inquire about how Myna Partners can help with your risk management and privacy compliance needs, contact: Dave Cohen, dave.cohen@levelupconsult.com,