Last month, we made a run at a new topic with the post Who, What, Wearables: Consumer Privacy and Security. We’re following up with information on how corporations and General Counsel can better position themselves in the wearable world by incorporating privacy from beginning to end.
In a landmark resolution in 2010, the international Data Protection and Privacy Commissioners approved Dr. Ann Cavoukian’s, who at the time was Ontario’s Information and Privacy Commissioner, concept of “privacy by design” (PbD). This concept “ensures that privacy is embedded into new technologies and business practices, right from the outset as an essential component of fundamental privacy protection.”
There are seven principles to PbD, including being proactive not reactive, embedding privacy into design, end-to-end security and respecting user privacy by keeping it user-centric.
In 2011, the Federal Trade Commission recommended a trio of best practices, including PbD, a “key pillar of privacy work,” to companies.
In 2012, the Director of Legal Services/General Counsel and Legal Counsel from the Office of Ontario’s Information and Privacy Commissioner presented organizational approaches to PbD: Its adoption will build business and competitive advantages; it should be implemented across an entire organization, including IT systems, business practices and product design; and it encourages executives to understand customer and stakeholder expectation of privacy within their own context and industry.
In the 2016 resource “Developing a Privacy Compliance Program,” which includes how to implement a PbD approach, the legal authors advise that business teams need to understand that privacy is a business requirement and that they should consult the privacy team at the start of any project for an impact assessment and to identify potential privacy issues. They point to the FTC’s recommendations for business and policymakers, the 2012 report “Protecting Consumer Privacy in an Era of Rapid Change.” The authors also specifically note that the PbD calls for incorporating “substantive privacy principles into product design and development,” such as data security, reasonable collection limits, sound retention practices and data accuracy.
In addition to business and competitive advantages, there are other benefits to adopting a PbD approach as listed in the IAPP-EY Annual Privacy Governance Report 2016. The approach can help meet compliance obligations, reduce the risk of data breaches and also enhance brand and public trust, which is also very good for business. By contrast, a company can pay in the long run if it doesn’t adopt privacy by design.