http://privacybydesign.ca is the main place for Privacy by Design concept.
“Privacy by Design (PbD) represents a significant shift from traditional approaches to protecting privacy, which focus on setting out minimum standards for information management practices and providing remedies for privacy breaches, after-the-fact.
Advocating privacy as a core requirement of systems, right from the outset, it is a proactive approach to privacy protection which seeks to avoid data breaches and their attendant harm. “
There are 7 PbD Principles:
- Proactive not Reactive—Preventative not Remedial.
- Privacy as the Default Setting.
- Privacy Embedded into Design.
- Full Functionality—Positive-Sum, not Zero-Sum.
- End-to-End Security—Full Life Cycle Protection.
- Visibility and Transparency—Keep it Open.
- Respect for User Privacy—Keep it Individual and User-Centric.
The PbD concept complements the other information and material existing around Privacy. For example, see the recent ISO Standard 29100 “Privacy Framework”.
Material to look
- Book “Privacy by Design … Take the Challenge” (pdf)
- A Foundational Framework for a PbD – PIA
- Course/Slides “Privacy by Design”
- Maps of Privacy Legislation in Canada, the United States. and Europe
- Privacy Risk Management
Links
- privacy impact assessment (PIA) handbook, by Information Commissioner’s Office in UK
- PIPEDA self-assessment tool
- Video: The Role of Privacy by Design at PII2011
- Panel Video: Putting Privacy by Design into Practice, at PII2012