Privacy by Design (PbD)
Data Privacy refers to maintaining secrecy or keeping control of data access. Data Privacy is a legal process/situation which helps in establishing standards and norms about accessibility, but technology transformed from being ‘protection against intrusion into private places’ to ‘protection against intrusion into people’, to ‘information self-determination’.
Privacy Vs Security:
Due to the terms ‘Privacy’ & ‘Data Protection’ often used interchangeably and data protection also meaning security, there is a misconception on Privacy and Security are not so different.
While data security is about safeguarding any type of data from unauthorized access, destruction, or loss of integrity, privacy is applicable only to personal data and entails several information principles, one of which is security.
Personally Identifiable Information (PII):
Personal data is any information that relates to an identified or identifiable individual. PII or personal data may contain direct identifiers (passport info, driver’s license number, etc.) that can identify a person uniquely or quasi-identifiers (race, gender, religion, etc.) that can be combined with other quasi-identifiers to successfully identify an individual.
Personal data can include anything about a person regardless of such data being factual or opinionated, whether subjective or objective, quantitative or qualitative, captured in any digital format.
Sensitive Personal Data:
Certain types of personal data relatively a higher degree of harm caused if compromised, are classified as sensitive personal data and data privacy regulations in most countries require additional protection for such data.
The harm caused to individuals from violation of privacy:
The harm caused as a consequence of a privacy violation is increasingly playing an important role in ascertaining the severity of a breach or violation, and hence useful attributes while designing for privacy. Some of the common harms that manifest are as follows:
|01.||Discrimination||Removing an employee from the list of promotions on basis of data not relevant for a job promotion.|
|02.||Identity Theft||Unauthorized Fund Transfer due to password leak.|
|03.||Disclose in public – a private fact||Internet browsing history.|
|04.||Automated Decision||Enabling AI to deny interview calls to a fresher based on his profile evaluation without giving that individual an opportunity to intervene and clear out things with HR.|
Privacy By Design:
Privacy by Design (PbD) is an approach for the design and development of a digital solution that requires privacy to be embedded right from the design stage and then throughout the development lifecycle so that privacy becomes an integral part of core functionality as opposed to an afterthought.
Principles of Privacy By Design:
- Proactive not Reactive, Preventive not Remedial: The PbD supports proactively identifying privacy risk events in advance and taking necessary preventive steps rather than being reactive and putting in remedial measures once an event occurs. It anticipates and prevents privacy-invasive events before they happen. During the design, all privacy-related aspects must be taken into account, and based on a privacy risk, nothing should be left to be addressed for being caught during inspection or after encountering a data breach.
- PbD does not wait for privacy risks to materialize nor does it offer remedies for resolving privacy infractions once they have occurred – it aims to prevent them from occurring.
- Privacy as the Default Setting: Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected to the least risky for the individual. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy – it is built into the system by default. Explicit action may be required by users only to reduce privacy, not to improve.
- Privacy embedded into the design: Privacy by design must be embedded into the design and architecture of IT systems and business practices. It’s not an add-on. It is a mistake-proof approach and expects privacy-enhancing features are built in a manner so that they cannot be bypassed.
- Full functionality – Positive Sum, Not Zero-Sum: Designing for privacy often impacts other functional aspects such as user experience, performance, security, etc and in such cases, a right trade-off analysis is expected to be carried out in each stage. If you are sacrificing functionality for privacy, then you are doing it wrong.
- End to End Security
- Visibility and Transparency
- Respect for user privacy
Applicability of Privacy Principles:
The process of PII is guided by core data privacy principles which act as pillars of privacy. Some of them are as follows:
- Lawfulness, fairness, Transparency: There must be pre-identified grounds/ laws for the processing of personal data for a specific purpose. Some of these grounds are – To fulfill a contractual requirement, Consent of data subject, public interest, etc. Fairness means that processing must be done in such a way that people would reasonably expect and not in the ways that have unjustified adverse effects on them. According to the principle of transparency, the data subject should be provided with information about the processing at the right time, in a comprehensible form which is typically in the form of a privacy notice. No processing should happen on personal data that is not known to the individual.
- Purpose Limitation: According to the principle of purpose limitation, personal data should be processed for specified, explicit, legitimate purposes.
- Data Minimization: Data minimization requires personal data to be adequate, relevant, and limited to what is necessary in relation to the purpose for which they are processed.
- Accuracy: According to the principle of accuracy, personal data shall be kept accurate, and up to date and every reasonable step must be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed are erased or rectified without delay.
- Storage Limitation: Personal data must be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Design of databases must take into account ease of deletion of data when no longer required.
- Security: Ensuring Confidentiality, Integrity, and Availability of personal data is one of the key principles of privacy. Appropriate security measures – technical and organizational – are expected to be deployed taking into account the state of art, the costs of implementation, and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
- Accountability: According to the principle of accountability, the organization is responsible for ensuring compliance with the privacy laws and there must be appropriate measures and records in place to be able to demonstrate compliance.
Implementing PbD in Privacy Engineering:
Privacy Engineering is a systematic process of implementing the principles of PbD that we have learned, within the life cycle of Information Systems entrusted with personal data processing. I’ll discuss this topic later in detail.