Privacy By Design
Privacy by Design and the 7 Foundational Principles use universal principles of fair information practices but go beyond them as well. Commissioner Ann Cavoukian developed the concept of Privacy by Design in the 1990s. It was developed to address the growing effects of information and communication technologies of large networked data systems.
Privacy by Design can be used for IT systems, business practices, and physical design and network infrastructure. Its principles can be applied to all types of personal information including sensitive data.
The 7 Foundational Principles
The goals of Privacy by Design include ensuring privacy and gaining control over one’s information can be achieved through its 7 Foundational Principles.
Proactive not Reactive; Preventative not Remedial
Privacy by Design is proactive rather than reactive. PbD does not wait for privacy risks to unfold. It also does not solve privacy breaches after it has occurred.
Privacy as the Default
Privacy should be built into IT systems and business practices by default. Personal data should automatically be protected in any IT system or business practice. By default the data is always private. The individual should require no action in order for their data to be protected.
Privacy Embedded into Design
Systems should be created with privacy embedded in them without sacrificing its functionality. Privacy becomes an important part of the functionality of the system. It should not be considered an add-on.
Full Functionality – Positive-Sum, not Zero-Sum
Privacy by Design aims to satisfy all interests and objects without needless trade-offs such as privacy vs. security.
End-to-End Security – Lifecycle Protection
The protection of the data should extend throughout its lifecycle. It also makes sure that all data are destroyed securely and in a timely manner.
Visibility / Transparency
Privacy by Design aims to assure all stakeholders and users that regardless of the business practice or technology it will operate according to the principles of PbD. It’s parts and operations are visible and transparent but should be verified.
Respect for Users
Architects and operators should keep users in mind by keeping the system user-friendly and providing privacy defaults.