Page 104 - Cyber Defense eMagazine April 2023
P. 104
Understanding The Concept of Privacy By
Design
By Danijela Obradovic, Lawyer at Roberts & Obradovic
"Privacy by Design," a concept first introduced by former Ontario Information and Privacy Commissioner
Ann Cavoukian, is a comprehensive approach to privacy that goes beyond simply meeting regulatory
and legal requirements. It involves incorporating privacy into all aspects of an organization, including its
objectives, priorities, project management, and operations. Privacy Lawyers and IT professionals should
understand the principles behind this important privacy framework.
The Privacy by Design framework is based on seven (7) principles:
Principle 1: Proactive, Preventative Approach - Organizations should anticipate and prevent
privacy risks before they occur.
Principle 2: Privacy as Default Setting - IT systems and business practices should include the
maximum degree of privacy protections by default.
Principle 3: Embedded in Design - Privacy should be incorporated into the design and architecture
of IT systems and business practices.
Principle 4: Full Functionality, Positive-Sum Approach - Privacy and security, as well as privacy
and revenue, can both be achieved.
Principle 5: End-to-End Security - Privacy and security measures should cover the entire lifecycle
of data.
Principle 6: Visibility and Transparency - Organizations should be transparent about their privacy
standards and practices and be open to independent verification.
Principle 7: User-Centric Approach - Organizations should prioritize the privacy interests of
individuals and provide strong privacy defaults, appropriate notice, and user-friendly options.
The aim of these principles is to promote privacy as an integral aspect of organizational objectives,
priorities, project management, and operations. We will discuss these seven principles in more detail
below:
104
