Privacy by Design

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

Video Transcription
Welcome to module 3.12 privacy by design.
During this module will discuss the basics and objective of privacy by design. Or PBD.
We'll explore the seven principles of PBD and analyze privacy by design in practice.
So privacy by design is a concept developed back in the 90s by Doctor and Cava Kian
in Ontario Canada
to address the ever growing and systemic effects of information and communication technologies and of large scale network data systems.
So that statement is going to make a whole lot more sense. After review the seven principles here,
there's Dr ANne and I like this photo of her because of the customized license plate she has in her office. It doesn't look like it's had much use. That would be neat to see that in action.
So PPD objective,
Ensuring privacy and gaining personal control over one's information and for organizations to gain a sustainable competitive advantage. So you can see the objective very much aligns with a lot of the privacy goals that we discussed in Module two.
So the first principle of PBD is
proactive, Not reactive preventative, not remedial privacy by design comes before the fact, not after
the second principle privacy as the default setting, no action is required on the part of the individual to protect their privacy. It is built into the system
by default.
Third principle privacy embedded into design, privacy is integral to the system without diminishing functionality.
Fourth principle
full functionality positive. Some not zero sum privacy by design avoids the pretense of false dichotomies, such as privacy versus security, which we spoke about during the security module,
demonstrating that it is possible to have both.
Fifth principle and to end security. Full lifecycle protection privacy by design ensures secure and and management of information.
six principal visibility and transparency. Keep it open.
Its component parts and operations remain visible and transparent to all users and operators.
Seventh principle, respect for user privacy, keep it user centric requires architects and operators to offer such measures as strong privacy defaults, appropriate notice and empowering user friendly options.
So one thing I wanted to point out is, G D P R is very consistent with P with P B D. Article 25 has data protection by design and by default identified their emphasizes privacy protection by default throughout the GPR and recital 78 appropriate technical and organisational measures.
So what does this mean? What PBD is embedded into G D P. R and will likely be for future privacy regulations. So for those of you who are relatively new to PBD or maybe aren't completely up to speed on GDP are strongly encourage you to review the principles and when you're looking at
new regulations that are coming out or if you're considering
a painting on regulations, I would strongly encourage you to look at the impacts of PBD and how that would impact any any legislation or how that decision would be applied to your organization if that regulation came to fruition.
So PPD in action.
So if you're developing software or have the internet of things going on your network, social media sites, websites, electronic forms Crn, which our client relationship management systems,
you definitely want to have PBD be top of mind during these items. For example, Internet of Things has proliferated a lot of home and work networks out there.
And uh, it's important to note that not all are created equal. There are some privacy
by default, for example, and other privacy settings that simply just are not available in certain internet of things. So it's important to make sure that you review those before you potentially plug them into your network or you have properly trained your end users on some of the pros and cons of using
said devices when you're creating electronic forms, for example,
uh have a redaction like when you're typing a password and when you're typing in a sensitive information, maybe having that information redacted and having a little I next to it so you can review that information and unmask that information so it can't be viewed by someone
uh watching the information being typed in is important
separation of consumers from one region from another. For example, EU consumers may not have data captured as non EU consumers. So this is a workflow statement here when you're developing how information flows, how it's been captured from a website, it's important to note that you're not necessarily inter mixing uh
information from
Maybe one individual's data from a highly regulated area to another.
And and that shows that you're taking that privacy consideration in
by designing of capturing that information versus trying to prescribe it. After the fact
quiz question, privacy by design originated in what country?
Well, the answer is Canada.
In this module, we discussed the origins and objective of PBD, we analyze the seven principles of PPD and reviewed PBD in practice examples.
Up Next
Data Subjects Part 1
Data Subjects Part 2: US
Data Subjects Part 3: EU
Information Requests Discussion with Monica Reichert
Incident Management