B. Privacy by Design Flashcards
What is privacy by design?
The concept that privacy is part of the design of products, systems, software, etc. and is built in my default.
Data minimization
collect only what you need
process oriented privacy design strategy
Commitment to processing personal information in a privacy-friendly way and ensuring that these commitments are honored.
Data oriented privacy design strategy
Focus on technical ways that data can be processed with the maximization of privacy in mind.
Privacy by Design
1) Integrates privacy protections into physical stems, technology products and business processes.
2) Ensures can be assured that privacy controls are in place from the outset of a project
Privacy by Design Foundational Principles
1) Proactive not Reactive
2) Preventative not Remedial
3) Privacy as the Default Setting
4) Privacy Embedded into Design
5) Full Functionality- Positive-Sum, not Zero-Sum
6) End-to-End Security - Full Lifecycle Protection
7) Visibility and Transparency - Keep it Open
8) Respect for User Privacy - Keep it User-Centric
Instituting Privacy by Design
1) Commit to the Program
2) Create a Privacy Standard
3) Perform Privacy Reviews of Products and Services
4) Perform a data flow analysis
5) Inform consumers of your privacy practices
6) Provide privacy controls for users
7) Provide users with access to data
8) Apply data retention and destruction policies
9) Secure sensitive data
goal setting
including privacy
document requiremments
documenting what you will do and what you won’t do – useful for testing after building
quality attributes
1) identifiability
2) confidentiality
3) availability
information needs
what is the least amount of data needed to accomplish this goal
high level design
comprises of:
1) quality attributes (identify, confident, available)
2) architectures: (usable front-end, compliant back-end)
3) design representation (design includes all nodes throughout system)
low level design/implementation
- reuses libraries, frameworks, APIs when possible from other parts of system for consistency’s sake
impose controls
1) architecture (decentralize operations)
2) secure (using abstraction/hiding)
3) supervise (enforcement of privacy policies)
4) balance (ensuring that solutions don’t incur further risks)
testing and validation
validating the requirements. comprised of:
1) unit testing
2) system testing
3) integration testing
4) manual testing