What You Need to Know About Privacy by design

What You Need to Know About ‘Privacy-by-Design’

As awareness of privacy concerns has increased, consumers have grown more reluctant to trust companies with their personal data. Statistics gathered by the Pew Research Center in 2019 revealed that 81% of American consumers had concerns regarding companies collecting their private data. Gathering your customers' personal information is often essential for maintaining normal business operations. This means that developing your customers' trust and ensuring you can keep that trust is critical. Developing trust begins with proving your commitment to customer privacy by implementing a privacy-by-design strategy.?

What Is Privacy-by-Design

Privacy-by-design is a system engineering approach that involves considering privacy concerns and making privacy-based decisions throughout the entire engineering process. The approach considers data protection and consumer privacy from early on, as opposed to the more traditional approach of only viewing privacy concerns as an afterthought to be implemented once the product has been completed or at the end of the product lifecycle.??

Why Is Privacy-by-Design a Must

One of the parameters tracked by the annual DevOps Research and Assessment (DORA) report is software deployment frequency. Low performers deploy software updates a handful of times a year, compared to elite performers that deploy multiple times a day.

With the deployment frequency constantly on the rise, implementing security and privacy as an afterthought will result in a manual, lengthy, and costly process that is unlikely to be able to catch up and will constantly be behind.

In addition, losing your customers' data can potentially cripple your organization’s brand reputation and bottom line due to severe financial costs. For example, IBM's annual data breach cost report revealed that in 2021, companies experienced the highest average costs of data breaches in 17 years, reaching $4.24 million per breach. This price includes the costs of reputation damage and customer loss, downtime caused by the breach, and the fines and other penalties incurred by failure to comply with privacy regulations.?

Failure to meet the privacy standards of consumers and regulatory bodies can cripple your organization temporarily or even lead to permanent shutdowns. The GDPR alone demands a minimum fine of €10 million or 2% of your organization’s annual revenue. Implementing a privacy-by-design methodology can help ensure compliance and reduce the likelihood of data exploitation while giving your customers the confidence to entrust you with their most valuable and vulnerable asset - their personal information.?

Implementing a “shift-left” methodology and incorporating security and privacy-by-design is not just “nice-to-have” anymore but a necessity to manage both security and privacy risks continuously.

Why Security-by-Design Just Doesn't Cut It

Security-by-design takes a generalized approach to data protection, protecting all data equally, which means resources are wasted on less sensitive data and not invested enough in highly sensitive data like PII. Privacy-by-design prioritizes protecting private information such as PII that could compromise users' identities and security if exposed. Security-by-design can only serve as an adequate protection measure when implemented together with privacy-by-design principles.

Regulatory Compliance

GDPR article 25 (Data Protection by Design and by Default - DPbDbD), prescribes both design and default elements that should be taken into account. According to this article, DPbDbD is an obligation for all controllers, irrespective of size and varying complexity of processing. The requirement described in Article 25 is for controllers to have data protection designed into the processing of personal data and as a default setting, and this applies throughout the processing lifecycle.

Other regulatory bodies that require elements of privacy-by-design for compliance include OECD for member countries (including the US and many European countries), GAPP (which originated in Canada and the United States), and the APEC Privacy Framework established for Asia-Pacific countries.?

As regulatory compliance is still an evolving landscape and changing to keep up with technological developments, regulations are likely to change and increase their requirements over time. At this point, over 130 countries have implemented privacy regulations, and many more are in the process of implementing national privacy regulations. As such, being vigilant about coming regulations will enable companies to anticipate and proactively countermeasure new laws

Despite this seemingly uncertain situation, the GDPR serves as an excellent foundation for data protection, and most regulations are based on the requirements the GDPR sets out. Adopting a privacy-by-design framework means that you know the state of your organization’s privacy at every stage of the development process and can easily adapt your privacy measures to accommodate changing regulations.

“Protecting privacy while meeting the regulatory requirements for data protection around the world is becoming an increasingly challenging task. Taking a comprehensive, properly implemented risk-based approach—where globally defined risks are anticipated and countermeasures are built into systems and operations, by design—can be far more effective, and more likely to respond to the broad range of requirements in multiple jurisdictions.” – Dr. Ann Cavoukian, Executive Director of the Privacy and Big Data Institute at Ryerson University, Creator of Privacy by Design.

The 7 Principles of Privacy-by-Design

The GDPR is far from the first to introduce the concept and principles of privacy-by-design. The Information & Privacy Commissioner of Canada, Dr. Ann Cavoukian, released a PDF summarizing privacy-by-designs principles, a concept she developed way back in the 90s. These principles include:

1. Proactive privacy. This principle means that privacy is not an afterthought, and privacy issues should be prevented from occurring altogether.
2. Privacy as the default. Privacy-by-design ensures that users’ data is always secure by making privacy the default. This means that users don’t need to do anything to remain protected, as the IT system will protect their data at all times. Privacy is guaranteed, regardless of any actions taken or not taken on the part of the user, so that even if they do nothing - their privacy is still protected.
3. Privacy is built into the design. When following privacy-by-design principles, privacy should be built into the architecture of IT systems and become a core part of business practices. Privacy should be used as a building block as opposed to being a tacked-on afterthought, making privacy a core part of the functionality of the system.
4. Win-win functionality. Privacy-by-design is focused on providing the highest level of privacy and security possible. To facilitate this goal, the methodology avoids any dichotomous terminology such as privacy vs. security by instead adopting a win-win attitude and showing that there is no need to choose between the two when the organization’s goals would be best served by implementing both.
5. Full-lifecycle protection. One of the key elements of privacy-by-design is that privacy is embedded in the system from the conception of the product - even before data is first collected. This ensures that privacy becomes and remains an inseparable part of product functionality throughout the lifecycle, providing end-to-end protection for all data.
6. Commitment to transparency. Adopting a privacy-by-design mindset includes constantly checking that all business practices and technology operate in accordance with user expectations and knowledge. This includes maintaining transparency and providing documentation that guarantees that users are aware of all components, operations, and practices that affect their data.
7. User privacy is a priority. Privacy-by-design requires architects and operators to put their users first and protect users’ interests and needs, making sure that they are met by implementing measures such as privacy defaults, user-empowering options, and appropriate notice.

The GDPR’s Foundations of Privacy-by-Design

In addition to the above privacy-by-design principles, the GDPR has its own foundations, many of which embrace aspects of privacy-by-design:

1. Proactive Privacy. Article 25 of the GDPR states, “...the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organizational measures.”. Like the above seven principles, the GDPR also places an emphasis on taking a proactive approach to privacy.
2. Limited Usage. Unnecessary data collection leads to unnecessary risk. PII data should only be collected if it's clearly needed for a specific purpose, or as outlined in Article 5 of the GDPR “...collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.”.?It is your company's responsibility to ensure that the data you collect isn't used for more than its original intention.
3. Minimizing Data. Your company should ensure you're collecting the minimum amount of data necessary for your purposes. Additionally, you need to ensure that users are aware of and have agreed to the data collection and utilization. This requires you to clearly define and report your use of the data before you collect it from users. Article 5 of the GDPR offers the following guideline: “Personal data shall be…adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’).”
4. Limit Data Storage. The data you collect should only be stored for as long as it has a clear purpose. Users must be made aware that their data will only be stored for as long as necessary, and they should be given a clear idea of how long that may be. Article 13 of the GDPR requires that users be informed of “the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period.”
5. Accurate Data. It's critical to ensure the data you store is accurate and available for users to edit or delete in case of an error. Article 5 of the GDPR states that users’ personal data should be “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).”
6. Limited Access. Data needs to be stored privately, confidentially, and securely. This means ensuring that your customers' data is only accessible on a need-to-access basis by both humans and machines. In addition, you need to implement the necessary security measures to prevent data from being leaked, breached, or otherwise exposed. Article 32 of the GDPR requires controllers and processors to closely supervise anyone who can access the data, stating that “The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law.”
7. Company Responsibility. It's up to your company to demonstrate its compliance with the above criteria by maintaining a clear record of measurements, processes, and other activities that involve data collection and storage. As outlined by Article 5 in the GDPR “The controller shall be responsible for, and be able to demonstrate compliance…”

Implementing Privacy-by-Design - Customer Privacy at Every Stage

Although the practical steps of implementing a privacy-by-design framework are deeply individual and rely on your organization's own unique process and goals, the basic principle is always the same - begin considering privacy at every stage of the project lifecycle. While it's easier to break the process down into smaller and more practical guidelines, privacy should always be taken into consideration. This can include taking the following actions:

• During the design stage: Begin conducting routine assessments to assess the risk your customers’ data may face as it is collected and ensure that the collection process is secure.
• When users engage with the project: Notify users that their data is being collected in a secure and controlled manner, and offer opt-in options for end-users wherever possible.?
• Post user engagement or at the end of the project lifecycle: Implement measures to ensure that user data is removed once no longer needed or based on users’ request.

The Benefits of Implementing Privacy-by-Design

The benefits of Implementing privacy-by-design go beyond compliance; it is an undisputed business differentiator.?

• Ensure compliance by getting ahead of the legislative curve and minimizing compliance risk
• Reduce the likelihood of fines and penalties, including financial losses and/or liability associated with privacy breaches
• Build your brand by associating trustworthiness with your products and solutions, which gains a competitive advantage
• Gain customers’ trust by better managing post-breach incidents

Piiano and Privacy-by-Design

Complying with regulations and implementing privacy-by-design policies requires an architecture that can support this goal, also known as privacy-aware architecture. You'll need the collaboration of several departments within your organization to implement an architecture that can determine:

• What private data do you collect from users
• How and why you collect, process, and share user data
• How and where is the data stored and managed
• Who has access to each unit of data
• Which part of the data is exposed and to whom (for example, only allowing BI systems access to the part of the email address after the @, as BI systems don’t generally require access to emails)
• What policies and technical measurements apply to the data

You'll also need to ensure your architecture complies with your company's privacy policy. Identifying solutions that automatically align with these goals is challenging, but solutions such as the Piiano Vault automate many of the processes required for implementing privacy-by-design. A PII vault is an advanced data management and privacy protection solution that ensures users' sensitive data remains secure at all times by storing all extremely sensitive data in one highly secure location within your database.?

Piiano's vaults can support most data types and include privacy measures designed to prevent leaks originating from within your company or from outsiders. You can prioritize the data you want to store in the vault and increase the scope to meet your company's needs. In addition, vaults go beyond compliance, providing a higher level of protection that aligns with the goals of privacy-by-design.

Piiano Scanner is a sensitive data code scanner that allows quick scanning and identification of all the customers' sensitive data that your company collects. Within a few clicks, you can scan your GitHub repo and get a full list of PII, including a reference to the exact line of code and much more. This can boost your data security hardening since the first step is to know which data to protect.

Conclusion

Applying the principles of privacy ensures you comply with the many privacy regulations that require it and gives you the opportunity to adapt to a shifting compliance landscape. In addition, it gives your users the confidence they need to place their data in your hands in a world where users feel they have little control over their personal information. Implementing privacy by design relies on creating a framework that can support your privacy goals. This can be a DIY framework designed by your team, or you can use a dedicated product, like the Piiano Vault. Piiano’s solutions are designed to help organizations achieve their privacy goals without requiring any additional time or effort from the development team. The Piiano Vault translates privacy regulation and privacy-by-design principles into easy-to-integrate architecture that secures data and streamlines the compliance process so that you can focus on your core business.

For additional practical implementation tips, read our post: The practical guide to privacy by design architecture, or check our privacy professionals blog.