Lesson 3The importance of privacy in project management
- Notion 15 - Why does privacy matter for project management?
- Notion 16 - What is considered user personal data?
- Notion 17 - Privacy legislation in the EU
- Notion 18 - Data protection principles
- Notion 19 - The legal ramifications of violating privacy
- Notion 20 - Privacy by Design: matching design with privacy needs
- Notion 21 - Consent is the magic word
- Notion 22 - The role of the project manager in ensuring privacy
- Notion 23 - Conducting a Privacy Impact Assessment
- Notion 24 - How can data protection lead to more sustainable project management?
- Notion 25 - Quiz
Notion 20
Privacy by Design: matching design with privacy needs
Target skills
In order to help you to comply with the law, there are some practices you have to apply. The most important one is Privacy by Design.
What is it and why is it important?
The term “Privacy by Design” means nothing more than “data protection through technology design”. The underlying idea is that data protection in data processing procedures is best respected when it is already built into the technology at the time of its creation.
GDPR (General Data Protection Regulation) compliance demands ‘prior consent’. Customers must now provide their explicit consent before organisations can collect, store, and use their personal data. This is important for designers and developers to keep note of this during the development processes, to be at all times updated on GDPR laws and any changes done, and to make user consent and GDPR to be a topic of interest to them.
The seven principles of Privacy by Design
The seven principles were developed in” Privacy by Design in Law, Policy and Practice” by Ann Cavoukian, former Information and Privacy Commissioner for the Canadian province of Ontario.
1. Proactive not Reactive; Preventative not Remedial
The Privacy by Design (PbD) approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.
2. Privacy as the Default Setting
We can all be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default.
3. Privacy Embedded into Design
Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, without diminishing functionality.
4. Full Functionality — Positive-Sum, not Zero-Sum
Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible to have both.
5. End-to-End Security — Full Lifecycle Protection
Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end.
6. Visibility and Transparency — Keep it Open
Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify.
7. Respect for User Privacy — Keep it User-Centric
Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric.