Operationalizing Privacy by Design: From Rhetoric to Reality
Commissioner Cavoukian outlines the steps for organizations to take to implement strong privacy practices, for enduring success
TORONTO - Information management and its protection is imperative to any organization's success, regardless of its size. Privacy breaches can have profound and long-term adverse consequences, including significant financial impact and damage to the reputation and brand of the organizations involved. The international standard of Privacy by Design is an actionable framework which has been put into practice by a growing number of organizations worldwide to make privacy the default setting. In order to further guide organizations through this potentially challenging process, Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, has authored a new paper, Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices, which illustrates many examples of the framework being put into action.
The new paper provides an anthology of the experiences of organizations from a wide range of sectors including telecommunications, technology, healthcare, transportation, and energy. It provides a comprehensive overview of the partnerships and joint projects that the Commissioner has engaged in to implement Privacy by Design by providing concrete and meaningful operational effect to its principles.
"The end result of implementing these standards is a significant privacy payoff - a sustainable, business-friendly environment which provides superior protection from data leaks or breaches, in turn enabling a significant competitive advantage," said Commissioner Cavoukian. "Building privacy in - robustly and systematically - across the business ecosystem, yields many meaningful benefits, from cost-savings to strengthening business relationships."
By drawing on the perspectives of executives, engineers, risk managers, lawyers and analysts, as well as designers, computer scientists, and application developers, the paper outlines step by step the necessary actions which an organization will need to take in order to ensure success in embedding privacy as the default.
"While there is no "one-size-fits-all" solution to an organization's specific requirements, comprehensive privacy programs are an essential component of building trusting, long-term relationships with existing stakeholders and attracting opportunities in the form of new ones," adds Commissioner Cavoukian. "Too often, the issues of privacy and the protection of personal data are regarded as the domain of large corporations, but this is not the case. Every organization bears a responsibility to understand its relationship with personal information and strategize accordingly."
Privacy by Design was unanimously approved as an international framework for privacy protection in 2010, and has been translated into 25 languages. Privacy by Design seeks to proactively embed privacy into the design specifications of information technologies, organizational practices and networked infrastructures. To achieve the strongest protection possible, Privacy by Design should be applied when initiatives are in their nascent stages, fostering an environment where privacy harms are minimized or entirely prevented from happening, in the first place. To view a video blog post by Commissioner Cavoukian discussing the new paper, please visit the Privacy by Design YouTube channel.