Privacy by Design

The Office of the Privacy Commissioner recently implemented an incentive called the “Privacy Trust Mark”, which is an accreditation given to organisations/agencies who demonstrate excellent privacy standards for a specific product, service or process. The OPC is assessing the applications based on the 7 principles of ‘Privacy by Design’ that were created by Dr Ann Cavoukian (Information & Privacy Commissioner, Ontario, Canada). This is a brief run through in case you believe your organisation is up for the challenge.

  1. Proactive and preventative, rather than reactive and remedial

The approach anticipates and prevents privacy incidents before they happen, instead of waiting for incidents to occur.
This includes a clear privacy commitment to set and enforce high standards of privacy shared throughout the community that promises it will maintain its privacy status through continuous improvement,

  1. Privacy as the Default

Personal data must be automatically protected in any given IT system or business practice. Before the information is collected the organisation must disclose the purpose of collecting personal information, why is it being used and how long will it be retained for.

The collection must be fair, lawful and limited to its specific purpose and only the minimum amount of information needed to serve that purpose should be collected. Personal information must also be destroyed after serving that purpose.

  1. Privacy embedded in design

It must be embedded into the design and architecture of IT systems and business practices, so it becomes a core functionality, even if this means redesigning existing systems. A systematic and principled approach that relies on accepted standards and frameworks should be adopted.

The organisation should carry out detailed privacy impact and risk assessments clearly documenting privacy risks and all measures taken to mitigate those risks. This includes consideration of alternatives and metric selection.

The organisation should be able to demonstrate that the privacy impacts have been minimised and are able to withstand long-term use as well as misconfiguration or error.

  1. Full functionality

Privacy by Design believes privacy and non-privacy objectives can all be achieved and there is no need to compromise on either. Privacy should be embedded so full functionality of the system/product/process is not impaired. All interests and objectives of the system/product/process must be clearly documented.

  1. End-to-End Security

Information is secure throughout its entire lifecycle ensuring data is securely obtained, retained and destroyed. Without strong security there can be no privacy. There must be documentation of appropriate encryption, strong access control and logging methods during its activity and secure destruction methods when it has served its purpose.

  1. Visibility and Transparency

This assures all stakeholders (users and providers) that the product/process/service is operating as promised and is achieving the desired objectives subject to independent verification. This is achieved through:

  • Accountability, where privacy related policies and procedures must be well documented and communicated to relevant parties/individuals). Measures should also be taken into account when transferring third party data as well.
  • Openness, making policies and procedures readily available to all individuals relevant
  • Compliance, where acceptable compliance practices should be established and then steps to monitor, evaluate and verify continuous compliance should be taken.
  1. Respect for User Privacy

This principle revolves around a user-centric and user-friendly design.

Consent is required and may be withdrawn later. Personal information must be as accurate, complete and up-to-date as is necessary to serve the specific purpose it is for, individuals are able to challenge this if they feel this standard is not kept and have it amended if they succeed. Individuals shall be provided access to their personal information and be told what it used for.

Organisations must also establish complaint mechanisms and make the pubic aware of their existence.

Ann Cavoukian’s ‘Privacy by Design’ principles can be found here.