Privacy by Design Flashcards
Define privacy
informed consent
Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.
How is privacy good for business?
- consumer trust and confidence
- customer loyalty
- brand reputation
- competitive advantage
Why design with privacy in mind?
Because retroactively adding privacy measures is much more expensive and complicated.
Privacy can be thought of as a set of trade-offs…
- privacy vs security
- privacy vs business goals
- privacy vs functionality
Why has privacy become such a big issue lately?
Because there is business in data collection.
- data more valuable; advertising
- better data analysis
- faster processing
- smart algorithms
- data aggregators
- cheaper sensors = more installed
- more input sources = more data
Benefits of data collection
- Know your customer and build a profile
- Offer personalised products, services, “experiences”
- Lower advertising costs
- Increase revenue through targeted offers
- Predict trends
- Enforce profit-enhancing price discrimination
Sources of online data & offline data
data aggregators can do this job for you
online
- IP address, cookies, click-stream data, deep packet inspection
- Tracking across many web sites or advertising networks
- Personal information from social media sites
offline
- credit histories
- retail data
- health histories
- electoral register
What are data aggregators?
Collect and process by data (e.g. Dunn Humby, Choicepoint).
The Issue of Privacy
Privacy intrusion has become easy, with cheaper sensors, being installed everywhere, smart algorithms and tracking technology everywhere.
Using only a few observations, user’s routines are easily identified.
The user is unaware of that scope.
Purpose of the CPO
- Chief Privacy Officer
- senior level executive
- responsible for managing the risks and business impacts of privacy laws and policies
- created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations
The 7 Privacy Principles
1. Think ahead — Proactive not Reactive
- Clear commitment at the highest levels
- Employ methods to recognise poor privacy design
- Anticipate poor privacy practices and outcomes before they affect your business
2. Privacy as the default setting
- Personal data automatically protected
- No action required
3. Privacy by Design
- Embedded in the design of IT systems and business processes
- Delivered without diminishing functionality
4. Full functionality – positive sum
- It is possible to have privacy AND achieve other business benefits
5. Full life-cycle, end-to-end security
- Privacy and security must be embedded from start to finish
- Securely retained
- Securely destroyed
6. Visibility and transparency
- Assure all stakeholders that you are operating to stated promises and objectives
- Offer independent verification
- Trust but verify
7. Respect for user privacy
- Keep it user-centric
- Strong privacy defaults
- Appropriate notice
- User-friendly options
Best defence against privacy attacks:
Don’t collect personally identifying data.
Outline privacy in the development cycle (6 steps)
- Make a privacy requirement
- Indentify flows of personally identifiable information
- Develop specific privacy requirements
- Incorporate privacy requirements into design
- Test/confirm
- Repeat
(Some) Recommendations
- Only information necessary to conduct the company’s business should be collected.
- Consent should be sought for each use or disclosure of their information.
- Consumers should not be forced into a choice between privacy and energy efficiency / conservation.
Privacy Enhancing Technologies (PET) aim to…
- Minimise data user data
- Give power to individuals over their data
