Archives

The Concept and Process of Privacy by Design and Privacy by Redesign

Dr Ann Cavoukian, considered as one of the pioneer privacy experts on the globe, is famously recognized for the concept she initially introduced, ‘Privacy by Design’. Twenty years passed since it was first introduced, with the expectation that Privacy should be offered by default, from the beginning, and should not be added later on demand or as an afterthought. She presented the foundational principles in her paper Privacy by Design,where she offered guidance and clarification, presenting a reference framework of the idea to system designers. Cavoukian propagated the idea that system designers should be encouraged to embed privacy proactively in the system, and this is only possible when they are fully aware of all the privacy issues.

It is known through academic literature and practice, that 80% of the time, the default condition rules, whatever it is. Privacy design should be made available to users without them demanding it or before the need to use it arises. This standard was initially introduced and practiced in Canada and the European Union only. Other countries are slowly adapting the Privacy by Design concept as an international standard. The 2011 Commercial Privacy Bill of the 112th Congress,  introduced by Senators John Kerry and John McCain, used language mentioned in the standard Privacy by Design document

Considering the importance of placing privacy concept in systems from the initial point and the fact that constant threats exist and security breaches occur, the concept of privacy by redesign found its way into systems developed prior to adoption of the idea. Here the main focus was on introducing additional safeguards related to privacy in existing systems that included the PII (Personal Identifiable Information). The system safeguards automatically invoked requests of identity management protocols or additional consent management, which limited the use of available information to the intended level.

Foundational Principles of Privacy by Design

1. Proactive and Preventive Instead of Remedial and Reactive – irrespective of whether this design is intended for physical design, organizational practices, information technologies or the networked information ecosystems, the essence of Privacy by Design is the value adoption of proactively strong privacy practices. This requires an honest commitment to high privacy standards applied globally, with the aim of continuously improving through recognition of poor practices and correction of negative impacts.

2. On Default Mode – The main components ofPrivacy by design are specification, limitation and data minimization. The purpose of collecting data should be definite and defined, with fair and lawfully just data collection. There should be limited access to any unwanted data, minimizing the level of strict identifiable information, ensuring that retention and disclosure of collected information is limited to the identified purpose only. The practice of minimizing linkability, observability and identifiability should be instituted wherever possible, using it only where consent was given beforehand for the information’s use.

3. Embedded Feature in The System – This feature calls for use of a principled and systematic approach when embedding privacy in a system. To initiate and operate effectively, detailed impacts of risk assessment and privacy should be estimated and results published, so that a fair and universal practice is applied all through the process of design and operation. Such a system should be checked to avoid any degradation, error or misconfiguration during the system’s operation, technology used or architectural design.

4. A Win-Win scenario instead of A Win-Lose One – The intent of Privacy by Design goes beyond making commitments and declarations, with every legitimate objective automatically met through the design. The prime idea is not only to consider privacy goals but other legitimate goals as well. Application of privacy technology should not in any way impair the entire functionality of a system, rather aid in optimizing it. Privacy systems should not contradict with or force compromise on other interests such as

technical capability or design of a system. Instead of offering a zero sum result, a positive result should be achieved. No tradeoffs should exist.

5. Security from Top to Bottom – Privacy by Design intends to protect the entire domain’s data throughout the system’s lifecycle. Entities must be accountable for personal information security based on the data sensitivity level throughout the lifecycle, at all times ensuring consistency in accordance with the recognized privacy standards. The entity must be responsible for appropriate encryption, secure destruction, and solid access control methods and logging.

6. Precision and Visibility – Transparency is a must for trust and accountability. Visibility and precision are the cornerstones of transparency. Without accountability and a designer’s oath to protect collected information, the system will not succeed once pressed into service. All responsibilities related to privacy procedures and policies should be communicated and documented according to need and transferred to a specific person. The accountable individual must exhibit complete transparency and openness, especially when complications arise. At that point, established complaints and redress mechanisms typically legislated as compliance should be executed.

7. User privacy respect – The Privacy by Design principle clearly states any conscious attempt towards privacy design is only worthwhile when it considers the individual user’s needs and interests. Consent, Accuracy, Access and Compliance are essential requirements targeted towards respect a system user’s privacy.

Privacy by Redesign 

Privacy by Redesign is an extension to the 7 principles of the Privacy by Design. In order to introduce privacy in systems existing before application of standard privacy principles, or based on the evolving privacy needs of businesses, new system components may be added to improve privacy practices. The process introduces the 3R’s of

  • Rethink,
  • Redesign and
  • Revive.

The rethinking process requires organizations look into their strategies of mitigation, their legacy systems legacy and processes. This investigation must review business practices, information technologies, infrastructure and physical design. Alternative or modified approaches for privacy protection should be considered for any uncovered deficiencies.

Redesign is the process that enables improvements in the existing system with complete privacy as the ultimate goal, ensuring business requirements and privacy regulatory compliance are achieved continuously.

The reviving process devises new or unique privacy protections in organizations or systems where privacy was originally designed in, but more recently ignored.

The level of Rethinking, Redesigning or Reviving could range from simple to complex, based on the level of system change required and necessary effort to affect that change.

Summary 

Privacy by design is a concept introduced by Dr Ann Cavoukian, stressing always on by default privacy features to users. This in turn makes compliance automatic, prior to any need to do so. Cavoukian devised a framework based on seven principles to guide system designers on how to incorporate Privacy by Design into their systems. An addition to the framework, Privacy by Redesign, added to the privacy systems. Privacy by Redesign enables organizations to cater to the ever rising business needs, through applying the 3R’s rule of Rethinking, Redesigning and Reviving.

CIPP Exam Preparation 

In preparation for the Certified Information Privacy Technologist (CIPT) Exam, a privacy professional should be comfortable with topics related to this post, including:

  • Privacy by Design (CIPT; V.C.)
  • Privacy by ReDesign (CIPT; V.D.)
Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>