Privacy by Design

Privacy by Design

The concept that organizations need to build privacy directly into technology, systems and practices at the design phase, thereby ensuring the existence of privacy from the outset. Originating in the mid-1990s by the Information and Privacy Commissioner of Ontario, the principle has gained recognition around the globe, including from the U.S. Federal Trade Commission and the European Commission. Privacy by Design consists of seven foundational principles: (1) Proactive not Reactive; Preventative not Remedial, (2) Privacy as the Default Setting, (3) Privacy Embedded into Design, (4) Full Functionality—Positive-Sum, not Zero-Sum, (5) End-to-End Security—Full Lifecycle Protection, (6) Visibility and Transparency− Keep it open, (7) Respect for User Privacy−Keep it User−Centric.


    • Related Articles

    • Privacy Assessment

      An assessment of an organization’s compliance with its privacy policies and procedures, applicable laws, regulations, service-level agreements, standards adopted by the entity and other contracts. The assessment or audit measures how closely the ...

    • Privacy Notice

      A statement made to a data subject that describes how the organization collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy ...

    • Privacy Policy

      A policy that documents and governs an organization’s or entity’s handling practices of personal information. A Privacy Policy provides information regarding the organization, describes how the organization collects, uses, retains and discloses ...

    • Privacy (Data Protection) Officer

      An official responsible for the coordination and implementation of all privacy, data protection and confidentiality efforts within an organisation. They are generally responsible to Data Protection Authorities (DPAs) or senior management for ensuring ...

    • EU/US Privacy Shield and Swiss/US Privacy Shield

      The EU/US and Swiss/US Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection ...