Privacy by Design is a concept I developed back in the 90’s, to address the ever-increasing and systematic effects of Information and Communications Technologies, and large-scale network data systems.
Privacy by Design promotes the view that the future of privacy cannot be guaranteed just by complying with regulatory frameworks; rather, ideally privacy assurance should become an organization’s default mode of operation.
Initially the development of Privacy Enhancement Technologies (PET) was seen as a solution.
Today, we realize that a more substantial approach is required – extending the use of PETs to PETs Plus – by taking a “everyone win” method (total functionality), rather than “if someone wins, another loses”. This is the “Plus” in the PETs Plus: “everyone wins”, not a condition of “one thing or the other” of the model “if someone wins, another loses” (a false duality).
Privacy by Design extends to a “Trilogy” of applications that encompass:
Design Privacy principles may apply to all types of personal information, but should be applied with special force to sensitive data such as medical information and financial data. The robustness of privacy measures tends to be corresponding to the sensitivity of the data.
The objectives of Privacy by Design – to ensure privacy and gain personal control of their own information, and for organizations, to gain a sustainable competitive advantage – can be achieved by practicing the 7 Fundamental Principles: