Privacy by Design

Privacy by Design is a concept that privacy measures and considerations are made throughout the entire process/ product development lifecycle. This approach helps to design more secure systems because privacy mechanisms are baked into the process as opposed to layered on top of a finished product built without privacy in mind. Privacy by Design features seven Foundation Principles:

  • Proactive not Reactive; Preventative not Remedial.
  • Privacy as the Default Setting.
  • Privacy Embedded into Design.
  • Full Functionality - Positive-Sum, not Zero-Sum.
  • End-to-End Security - Full Lifecycle Protection.
  • Visibility and Transparency.
  • Respect for User Privacy - Keep it User-Centric.

Recognizing privacy interests from the start can help reduces data security risks down the road as well as costs associated with remediation.

Project Scope

  • Describe the project, including objectives, users, programs, and any third-party components.
  • Create a data flow table. The table should show how data moves from one element of the project to the next, beginning with data collection to use to disclosures, if any.
  • Determine the sensitivity level of the data the project will incorporate. Some privacy regulations will define what types of personal information should be considered highly sensitive or moderately sensitive.

Risk Assessment

  • Conduct a preliminary Privacy Impact Assessment (PIA). A preliminary PIA will ask whether the description of the project and its anticipated use of data meets general privacy principles. If you know the project will be subjected to specific privacy regulations such as HIPAA, include those legal obligations in the PIA. For projects that are further beyond the initial design phase, a full-blown PIA that considers additional data security mechanisms may be better at identifying areas for privacy improvements. Note privacy advantages and risks when considering alternative approaches to a specific element or task of the project. This will help to discover serious versus minor risks, identify the appropriate level of security, and decide on cost-effective privacy measures.

Mitigation Methods

  • Review privacy risks and propose ways to mitigate the risks and any associated costs. It may be helpful to categorize which risks are mandatory to address before the project proceeds.
  • Re-evaluate the project in light of the identified privacy considerations and necessary changes. Sometimes an idea that seems novel may not be on the market because it is problematic with privacy concerns and regulations. It may be the case that the project isn't feasible or worthwhile if data cannot be used in a certain way that conflicts with privacy principles or regulations.


Note: Privacy by Design doesn't mean that projects need to incorporate the most stringent protections. Rather, it is about including privacy measures that are appropriate for the project and identifying those measures early on to make the project more feasible than trying to build security around an already developed product. If possible, perform testing of implemented privacy measures to ensure they are proper solutions for the risks they are meant to address.Identify how privacy issues will be monitored after the project is finished or throughout updates. This may include designating a privacy or compliance team to oversee or audit the project. Document the policies, procedures and guidelines related to the use and privacy compliance of the end product.