Privacy by Design Approach in System Design and Implementation
How to keep privacy in the digital world?
At the beginning let’s focus shortly on the question why privacy should matter for us a lot. Among a lot of others, it protects our right to education, our development, freedom of speech and beliefs. It also helps to protect our rights to protest. Shortly, privacy gives you personal control over your information. And it is extremely important to have the right to decide about ourselves, isn't it?
In this subject there are two concepts that may seem to you similar - privacy and anonymity, however there are different. Privacy is the capability to keep some information to yourself, activities that you decide, who knows about them. Differently is with anonymity - it is a situation, when you want others to know about your behaviour, just not that it was you, who did it.
The answer is privacy by design
Very important idea in maintaining our privacy is privacy by design concept. This method assumes that your company implements data protection already in the design process of applications or services. There are a lot of regulations in the world, which ensure privacy maintenance. One of them is european General Data Protection Regulation (GDPR), there are also Personal Data Protection Act 2012 in Singapore, California Consumer Privacy Act (CCPA) and Privacy Act 1988 in Australia. In the US there is also HIPAA (Health Insurance Portability and Accountability Act of 1996), which protects personal health information of American patients.
Seven foundational principles of privacy by design:
- Proactive not reactive; preventive not remedial - aim to prevent privacy infraction, not resolve them after they happen.
- Privacy as the default setting - if you clients do nothing to change it, their privacy remains protected, because it is built into the system by default.
- Privacy embedded into design - privacy is integral part of the system and does not diminish its functionality.
- Full functionality – positive-sum, not zero-sum so you do not have to choose between for example security and privacy, you can have both.
- End-to-end security – full lifecycle protection to ensure all data are securely stored and at the end of the process securely destroyed.
- Visibility and transparency – keep it open (trust but verify) component parts remain visible and transparent to users during the whole process.
- Respect for user privacy – keep it user-centric - the most important is customer data, so measures such as strong privacy defaults and empowering user-friendly options should be implemented.
Why focus on privacy?
Now let’s focus once again on the importance of privacy in general and at the time of privacy by design concept. As already mentioned it is required by a lot of regulations around the world and the absence is highly punished. But is it the only reason why we should care about it? Of course not, we should individually understand why it is in our interest to protect our privacy.
- Firstly, the more someone knows about us, the more power they have over us. Information about our views can be used to influence our decisions and shape our behavior.
- Secondly, using someone's data, we can decide whether this person gets a loan, a license or a job. It is used to determine if we are searched at the airport or investigated by the government - it affects nearly all parts of our lives.
- Thirdly, the amount of information which we have about someone does not mean that we can correctly judge this person. Which in consequence can be very unconscionable, especially that people change during their lives and data remains.
As you can see, privacy is a very important subject for all of us and privacy by design is a concept that will help us to maintain it better. What is extremely important is customers “right to be forgotten”, which is the most technologically challenging task for companies. It is so, because if requested our data has to be removed not only from servers, but also from all backups and archives. All of these prove that in the digital era privacy is the concept that will protect us from a huge amount of manipulation and losing most of our free will, so it is important to keep it.