The framework for PbD was initially drawn up in Canada in the 1990s. Dr. Ann Cavoukian, its originator, who was the Privacy Commissioner of Ontario at the time, developed the framework to tackle the common problems of developers fixing privacy problems after the completion of a project:
The framework provided by Privacy by Design averts events that could lead to privacy invasion prior to its happening. PbD is proactive in that it doesn’t wait for privacy threats to occur, neither does it proffer solutions for handling privacy infractions when they have materialized. Its primary aim is to prevent them from happening. In a nutshell, PbD comes before and not after the fact.
Below are the 7 foundational principles of the PbD framework:
- Proactive and not reactive privacy. Any issues bordering on privacy must be anticipated before it gets to the user. Also, privacy must be pre-emptive and not corrective.
- The default setting must be privacy. The user must not be saddled with the responsibility of securing their privacy and should not assume consent for sharing data.
- Privacy must be embedded into the design. It has to be an essential function of the product or service and not a supplementary.
- Privacy must be positive sum and dichotomies ought to be avoided. For instance, Private by Design gets an attainable balance between security and privacy, not a zero-sum game of security or privacy.
- An end-to-end lifecycle protection of user data must be provided by privacy. This implies getting involved in the correct reduction, retaining and erasure processes of data.
- The standards of privacy must be open, visible, transparent, documented and can be verified independently. In other words, your processes must be capable of facing external scrutiny.
- Privacy must be centred on the user. This simply means providing users with granular privacy options, maximized privacy defaults, detailed privacy information notices, user-friendly options and clear notification if there are any changes.
Info: escort web design London