SYDNEY AUSTRALIA 
+61 2 9267 3700

Taking a ‘By Design’ approach

Most privacy practitioners and many others working in a range of information management roles today would be familiar with the concept of ‘Privacy by Design’. Developed by a coalition of privacy watchdog agencies and a research institute from Canada and The Netherlands in the mid 1990s, it was formally recognised by the annual assembly of International Data Protection and Privacy Commissioners in 2010.

Design_for_a_Flying_Machine

Privacy by Design is based on 7 ‘foundational principles’:

  1. Proactive not reactive; Preventative not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality – positive-sum, not zero-sum
  5. End-to-end security – full lifecycle protection
  6. Visibility and transparency – keep it open
  7. Respect for user privacy – keep it user-centric

In recent months I have been investigating the application of the ‘By Design’ philosophy to solving a variety of information management problems and managing information-related risks. These have included everything from ensuring adequate recordkeeping for large infrastructure projects to protecting the security of client information in the delivery of government services online.  The ‘By Design’ strategies and tactics employed to these manage information risks were both technical and non-technical, ranging from the design of customer service portals to protect sensitive personal information to the systematic inclusion of privacy impact assessments in new services development. (more…)