PbD Principles

2
Privac y by Desi gn The 7 Foundational Principles  Privacy by Design is a concept I developed back in the 90’s, to address the ever-growing and systemic eects o Inormation and Communication Technologies, and o large-scale networked data systems.  Privacy by Design advances the view that the uture o privacy cannot be assured solely by compliance with regulatory rameworks; rather, privacy assurance must ideally become an organization’s deault mode o operation. Initially, deploying Privacy-Enhancing Technologies (PETs) was seen as the solution. Today, we realize that a more substantial appr oach is required — extending the use o PET s to PETS  Plus — taking a positive-sum (ull unctionality) approach, not zero-sum. That’s the “  Plus” in PETS Plus: positive-sum, not the either/or o zero-sum (a alse dichotomy).  Privacy by Design extends to a “T rilogy” o encompassing applications: 1) IT systems; 2) accountable business practices; and 3) physical design and networked inrastructure. Principles o Privacy by Design may be applied to all types o personal inormation, but should be applied with special vigour to sensitive data such as medical inormation and fnancial data. The str ength o privacy measures tends to be commensurate with the sensitivity o the data. The objectives o  Privacy by Design — ensuring privacy and gaining personal control over one’s inormation and, or organizations, gaining a sustainable competitive advantage — may be accomplished by practicing the ollowing 7 Foundati onal Principles (see over page) : Information & Privacy Commissioner Ontario, Canada  Ann Cavoukian, Ph.D.

Transcript of PbD Principles

Page 1: PbD Principles

8/6/2019 PbD Principles

http://slidepdf.com/reader/full/pbd-principles 1/2

P r i v a c y b y D e s i g n

The 7 Foundational Principles

Privacy by Design is a concept I developed back in the 90’s, to address the ever-growing and systemic e ectso In ormation and Communication Technologies, and o large-scale networked data systems.

Privacy by Design advances the view that the uture o privacy cannot be assured solely by compliancewith regulatory rameworks; rather, privacy assurance must ideally become an organization’s de aultmode o operation.

Initially, deploying Privacy-Enhancing Technologies (PETs) was seen as the solution. Today, we realize thata more substantial approach is required — extending the use o PETs to PETS Plus — taking a positive-sum( ull unctionality) approach, not zero-sum. That’s the “ Plus” in PETS Plus: positive-sum, not the either/oro zero-sum (a alse dichotomy).

Privacy by Design extends to a “Trilogy” o encompassing applications: 1) IT systems; 2) accountable businesspractices; and 3) physical design and networked in rastructure.

Principles o Privacy by Design may be applied to all types o personal in ormation, but should be appliedwith special vigour to sensitive data such as medical in ormation and fnancial data. The strength o privacymeasures tends to be commensurate with the sensitivity o the data.

The objectives o Privacy by Design — ensuring privacy and gaining personal control over one’s in ormationand, or organizations, gaining a sustainable competitive advantage — may be accomplished by practicingthe ollowing 7 Foundational Principles (see over page) :

Information & Privacy CommissionerOntario, Canada

Ann Cavoukian, Ph.D.

Page 2: PbD Principles

8/6/2019 PbD Principles

http://slidepdf.com/reader/full/pbd-principles 2/2

Revised: January 2011 Originally Published: August 2009Information and Privacy Commissioner of Ontario2 Bloor Street East, Suite 1400Toronto, Ontario • CANADA • M4W 1A8Telephone: 416-326-3333 • 1-800-387-0073Web: www.ipc.on.ca • www.privacybydesign.ca E-mail: [email protected]

www.privacybydesign.ca

The 7 Foundational Principles1. Proactive not Reactive; Preventative not RemedialThe Privacy by Design (PbD) approach is characterized by proactive rather than reactive measures. It anticipates

and prevents privacy invasive events before they happen. PbD does not wait or privacy risks to materialize,nor does it o er remedies or resolving privacy in ractions once they have occurred — it aims to prevent them rom occurring. In short, Privacy by Design comes be ore-the- act, not a ter.

2. Privacy as the Default SettingWe can all be certain o one thing — the de ault rules! Privacy by Design seeks to deliver the maximum degreeo privacy by ensuring that personal data are automatically protected in any given IT system or businesspractice. I an individual does nothing, their privacy still remains intact. No action is required on the part o the individual to protect their privacy — it is built into the system, by default.

3. Privacy Embedded into Design

Privacy by Design is embedded into the design and architecture o IT systems and business practices. It is notbolted on as an add-on, a ter the act. The result is that privacy becomes an essential component o the core

unctionality being delivered. Privacy is integral to the system, without diminishing unctionality.

4. Full Functionality —Positive-Sum, not Zero-Sum Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner,not through a dated, zero-sum approach, where unnecessary trade-o s are made. Privacy by Design avoids thepretense o alse dichotomies, such as privacy vs. security, demonstrating that it is possible to have both.

5. End-to-End Security — Full Lifecycle Protection

Privacy by Design, having been embedded into the system prior to the frst element o in ormation beingcollected, extends securely throughout the entire li ecycle o the data involved — strong security measuresare essential to privacy, rom start to fnish. This ensures that all data are securely retained, and then securelydestroyed at the end o the process, in a timely ashion. Thus, Privacy by Design ensures cradle to grave,secure li ecycle management o in ormation, end-to-end.

6. Visibility and Transparency — Keep it Open Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in

act, operating according to the stated promises and objectives, subject to independent verifcation. Its componentparts and operations remain visible and transparent, to users and providers alike. Remember, trust but veri y.

7. Respect for User Privacy — Keep it User-Centric Above all, Privacy by Design requires architects and operators to keep the interests o the individual uppermostby o ering such measures as strong privacy de aults, appropriate notice, and empowering user- riendlyoptions. Keep it user-centric.


PBD Trucks

PBD Trucks

PBD Distilling Apparatus

PBD Distilling Apparatus

PBD Transformers

PBD Transformers

PBD Desktops 2010

PBD Desktops 2010

PBD aircon

PBD aircon

PBD Passenger Van

PBD Passenger Van

PBD Bais Lab Equipment

PBD Bais Lab Equipment

PBD Desktop

PBD Desktop

PBD Poster Design en A3

PBD Poster Design en A3

pBd ljsf; ;xhstf{ - CTEVTctevt.org.np/files/curriculum/short term/Enterprise... · 3 kl/kkll//kl/ro rrooro of] "pBd ljsf; ;xhstfpBd ljsf; ;xhstf{{{{" laifosf] kf7\oqmd pBd ljsf;sf]

pBd ljsf; ;xhstf{ - CTEVTctevt.org.np/files/curriculum/short term/Enterprise... · 3 kl/kkll//kl/ro rrooro of] "pBd ljsf; ;xhstfpBd ljsf; ;xhstf{{{{" laifosf] kf7\oqmd pBd ljsf;sf]

PBD-02-001 PSC INSPECTIONS

PBD-02-001 PSC INSPECTIONS

PBD Cargo Truck

PBD Cargo Truck

Pbd Goods 4thed

Pbd Goods 4thed

PBD Security Services

PBD Security Services

Goel - PBD of EBF

Goel - PBD of EBF

PBD Janitorial Services 2

PBD Janitorial Services 2

Ashraf Pbd Seminar

Ashraf Pbd Seminar

Pbd Drones

Pbd Drones

PBD Office Renovation

PBD Office Renovation

PBD Trucking Fleet 2010

PBD Trucking Fleet 2010