 |
| Cavoukian delivers the session via video. |
Ann Cavoukian, Founder of Privacy by Design, stresses that trust is essential but it can be fleeting when organisations fail to keep personal information private to the extent that their customers expect them to.
Speaking via video at Data Privacy Asia 2016 in Singapore on The Need to Embed Privacy, by Design, into Big Data and IoT, Cavoukian explained that data privacy is not about having something to hide. "Privacy applies to everyone. It relates to control, personal control in terms of you - to whom the information relates - what you have to say about releasing information related to yourself," she said. "Content is key to privacy. Only you know the value of that information."
Privacy by Design is a commitment to be proactive about how privacy will be protected from the beginning, and how it is communicated to stakeholders, Cavoukian said, complementing regulatory compliance.
"Most privacy breaches are largely unknown, unchallenged, unregulated; regulatory compliance alone isn't enough," she said.
The theory behind Privacy by Design essentially boils down to being proactive and embedding the necessary protections to safeguard privacy into the design of the product or service. There are seven foundational principles as guidelines:
1. Be proactive not reactive
2. Privacy is the default setting, giving stakeholders the assurance without requiring them have to ask for it. "Customers love it, they will reward you with their business," Cavoukian said.
3. Privacy is embedded into design, as opposed to being an add-on
4. Full functionality, with no tradeoffs
5. There must be end-to-end security
6. Visibility and transparency - everyone must know what is being done with the information
7. Respect for user privacy. "If you keep it focused on the user, keep it user-centric, the rest flows," Cavoukian said.
Privacy by Design has already been operationalised in surveillance cameras for mass transit systems, and biometrics used in gaming facilities, as well as for telehealth, Cavoukian said. There are specific guidelines from companies such as Microsoft and Oracle, she shared.
"It can be done, you can do it too," she said. "The cost involved is a fraction of the cost of a data breach that you'll invariably have if you don't this." Class action lawsuits, brand damage, loss of consumer confidence and trust can come to tenfold the cost of implementing Privacy by Design, she warned, and may that loss of trust may be impossible to restore.
Cavoukian added that privacy must be embedded into Internet of Things and mobile devices. "You have to reach out to engineers and software designers to put it onto their radar, most critical part is to raise the awareness," she said. "Privacy drives innovation. You can have both."
Interested?
Read more about the seven foundational principles of Privacy by Design (PDF, 2011)
Privacy by Design at Microsoft
Privacy by Design at Oracle
posted from Bloggeroid
No comments:
Post a Comment