Privacy by Design

Introduction

Privacy by Design is a concept developed by Dr. Ann Cavoukian in the 1990s, collaborating with data regulation authorities across the globe. She built this framework around the idea that compliance with regulation alone cannot assure privacy; it should become an organization's default mode of operation. Privacy by Design gives people control over their information, and holds organizations accountable for how they handle it. When I build my clients' sites, as well as my own, I follow the seven foundational principles of Privacy by Design.

Proactive not reactive; preventive not remedial

Identify and anticipate risks rather than scrambling for solutions after problems happen. This principle is about acting before the fact and preventing privacy breaches from taking place.

Privacy as the default

Within this framework privacy is the default setting throughout the system. You, as a visitor, don't have to take any action for your privacy to be safeguarded.

Privacy embedded into design

Privacy is an integral part of the design process, not an add-on or an afterthought. It's an essential component of a site's functionality and of an organization's business practices.

Full functionality – positive sum not zero sum

Privacy and other legitimate interests and goals can both be fulfilled. The framework dismantles the old way of thinking that pins privacy against other goals like security or user experience.

End-to-end security – full life cycle protection

Information is securely collected, securely retained, and securely destroyed. Every step is designed deliberately to keep information safe.

Visibility and transparency – keep it open

Make all information about privacy and protection available to every stakeholder. Be open, honest, and transparent about the process.

Respect for user privacy

User-centric systems empower people to decide about their information and make choices in a user-friendly way.