Explanation for Privacy By Design
Dr. Ann Cavoukian, the Ontario, Canada Information and Privacy Commissioner, first introduced the concept of privacy by design in the 1990s. This concept asserts that privacy cannot be maintained solely through compliance with regulations, but that companies should promote consumer privacy throughout their organization and at every stage of the development of their products and services.
The original privacy by design concept involves seven principles: (1) privacy measures should be proactive, not reactive, seeking to prevent privacy invasions before they happen; (2) privacy should be the default setting; (3) privacy should be imbedded into the design, not a later add-on that diminishes the functionality of the product; (4) privacy by design should include full functionality, including both full privacy and security; (5) end-to-end security, including the secure destruction of information once its use is complete, should be the norm; (6) visibility and transparency are important to support independent consumer verification; and (7) products should be kept user-centric by offering measures such as strong privacy defaults, appropriate notice, and user friendly options.
In 2012, the Federal Trade Commission (FTC) released their “Recommendations for Business and Policymakers.” In this report, they recommended that companies handling consumer data implement privacy by design concepts and build in privacy protections at every stage of product development. The FTC included reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy in their recommendations for privacy design concepts.