When it comes to making secure products, privacy must be encompassed in the entire design. Privacy will be lacking if it is an after-thought and is looked at as a feature, rather than part of the product.
What Does Privacy by Design Mean?
Privacy by Design is an approach taken when creating new technologies and systems. It is when privacy is incorporated into tech and systems, by default. It means your product is designed with privacy as a priority, along with whatever other purposes the system serves.
“Privacy must become integral to organizational priorities, project objectives, design processes, and planning operations. Privacy must be embedded into every standard, protocol and process that touches our lives.”
Seven Principles of Privacy By Design
1. Proactive not Reactive; Preventative not Remedial
This approach anticipates and prevents privacy breaches before they happen. Because privacy has been integrated into the product, security is a priority from the beginning of the design process. Privacy by design protects organizations from privacy issues that could hurt the company’s reputation.
2. Privacy as the Default
This ensures that personal data are automatically protected in any system or business practice. Individuals don’t have to protect their own privacy because the system was created to be secure. If people want to take steps to secure their own data they can, but by making privacy the default, they don’t have to.
3. Privacy Embedded into Design
By embedding privacy into the design, rather than trying to add it on later, the system run better. Ann Cavoukian, Ph.D, author of Privacy by Design: The 7 Foundational Principles says privacy should be “integral to the system, without diminishing functionality.” Making user-experiences worse for the sake of privacy is not an option. Privacy must be integrated in a holistic and creative way.
4. Full Functionality — Positive-Sum, not Zero-Sum
Trade-offs shouldn’t be made to accommodate either privacy or functionality. It’s easy to fall victim to false dichotomies, like privacy vs. security, among others. But if the system requires compromises, its likely not as effective or user-friendly as it should be.
5. End-to-End Security — Lifecycle Protection
Privacy by Design considers security from start to finish. This means that information is secure and protected when it enters the system, is retained safely, and then properly destroyed.
6. Visibility and Transparency
By allowing users and other involved parties to see how information moves through your system, the system improves. Accountability, openness and compliance are required for an effective and secure system. Being clear about your system, and the level of security it provides, creates trust and holds your organization accountable.
7. Respect for User Privacy
You should make user privacy your number one concern. If you are dealing with customer’s private information, the stakes of letting it fall into the wrong hands are extremely high. More generally, your system should be optimized for your users and all of their needs.
How To Implement Privacy by Design
In new systems, privacy by design starts by emphasizing privacy and security throughout the system design process. Privacy will be smoothly integrated into your system — allowing it to work smoothly and securely from day one.
Implementing privacy by design in an existing system is more difficult and time consuming, because you have to completely deconstruct and analyze the system you have in place. You must first do a privacy audit on your system, broken down from start to finish. Look at how privacy has been embedded into your current system, identify weak-points, and create new user-friendly solutions.