Privacy by Design

Question 1

PbD is an approach that anticipates privacy issues and seeks to prevent problems before they arise.

In this approach, designers must assess the potential vulnerabilities in a system and the types of threats that may occur and then select technical and managerial controls to protect the system

Answer 1

Proactive, not reactive; preventive, not remedial

Question 2

This principle requires an organization to ensure that it only processes the data that is necessary to achieve its specific purpose and that PII is protected during collection, storage, use, and transmission

Answer 2

Privacy as the default

Question 3

Privacy protections should be core, organic functions, not added on after a design is complete.
Privacy should be integral both to the design and architecture of IT systems and to business practices

Answer 3

Privacy embedded into the design

Question 4

Designers should seek solutions that avoid requiring a trade-off between privacy and system functionality or privacy and security

Answer 4

Full functionality: positive-sum, not zero-sum

Question 5

This principle encompasses two concepts. Refer to the protection from time of collection through retention and destruction.

During this life cycle, there should be no gaps in the protection of the data or accountability for the data. The term security highlights that security processes and controls are used to provide not just security but privacy

Answer 5

End-to-end security-life cycle protection

Question 6

PbD seeks to assure users and other stakeholders that privacy-related business practices and technical controls are operating according to state commitments and objectives

Answer 6

Visibility and transparency

Question 7

The organization must view privacy and primarily being chracterized by personal control and free choice.

Answer 7

Respect for user privacy