Page 106 - Cyber Defense eMagazine April 2023
P. 106

The third principle indicates that privacy should be integrated into the very foundation of IT systems and
            business practices, rather than being added on as an afterthought. This results in privacy becoming a
            fundamental aspect of the system's core functionality, without compromising its performance.



            Full Functionality, Positive-Sum Approach

            Positive-Sum, not Zero-Sum, takes a “positive sum” view of privacy and recognizes that organizations
            need  not  choose  between  privacy  and  security  or  between  privacy  and  revenue,  as  both  can  be
            achieved.



            End-to-End Security

            The  fifth  principle  requires  organizations  to  implement  end-to-end  privacy  and  security  measures
            covering the entire lifecycle of data once privacy has been embedded into the design of IT systems and
            business practices.



            Visibility and Transparency


            The visibility and transparency principle requires organizations to be transparent with users and ensure
            that all interested stakeholders have visibility into their privacy standards and practices. Organizations
            should also consider obtaining independent verification of the robustness of their privacy systems.



             User-Centric Approach

            The  last  principle  calls  for  organizations  to  adopt  a  user-centric  approach  and  prioritize  the  privacy
            interests of individual users and customers. This can be demonstrated, for example, by offering strong
            privacy defaults, appropriate notice, and empowering user-friendly options.

            In  Canada,  the  CPPA  (Canadian  Personal  Information  Protection  and  Electronic  Documents  Act)
            contains no explicit reference to Privacy by Design or its seven foundational principles. However, the
            Standing Committee on Access to Information, Privacy, and Ethics has recommended that privacy by
            design  be  made  a  central  principle  and  that  its  seven  foundational  principles  be  incorporated  into
            Canadian privacy legislation, where possible.


            In Quebec, on the other hand, privacy legislation (Bill 64) has incorporated Privacy by Design concepts.
            The legislation requires organizations that collect, use, or disclose personal information of individuals
            located in Quebec to implement privacy-by-default settings and ensure the highest level of confidentiality
            without  any  intervention  by  the  individual  concerned.  Organizations  must  comply  with  these
            requirements, even if they do not have a physical presence in Quebec.







                                                                                                             106
   101   102   103   104   105   106   107   108   109   110   111