The concept that organizations need to build
privacy directly into technology, systems and practices at the design phase,
thereby ensuring the existence of privacy from the outset. Originating in the
mid-1990s by the Information and Privacy Commissioner of Ontario, the principle
has gained recognition around the globe, including from the U.S. Federal Trade
Commission and the European Commission. Privacy by Design consists of seven foundational principles: (1)
Proactive not Reactive; Preventative not Remedial, (2) Privacy as the Default
Setting, (3) Privacy Embedded into Design, (4) Full Functionality—Positive-Sum,
not Zero-Sum, (5) End-to-End Security—Full Lifecycle Protection, (6) Visibility and Transparency− Keep it
open, (7) Respect for User Privacy−Keep
it User−Centric.
Related Articles
Privacy Assessment
An assessment of an organization’s compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity and other contracts. The assessment or audit measures how closely the ...
Privacy Notice
A statement made to a data subject that describes how the organization collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy ...
Privacy Policy
A policy that documents and governs an organization’s or entity’s handling practices of personal information. A Privacy Policy provides information regarding the organization, describes how the organization collects, uses, retains and discloses ...
Privacy (Data Protection) Officer
An official responsible for the coordination and implementation of all privacy, data protection and confidentiality efforts within an organisation. They are generally responsible to Data Protection Authorities (DPAs) or senior management for ensuring ...
EU/US Privacy Shield and Swiss/US Privacy Shield
The EU/US and Swiss/US Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection ...