I have dedicated most of my career to the pursuit of proactively protecting privacy – ensuring that privacy is built into business and technology architecture, by design. During the 1990s, I developed Privacy by Design, consisting of 7 Foundational Principles, which was unanimously passed as an International Standard in 2010, forming the framework for the proactive protection of privacy – a model of prevention. Since then, Privacy by Design has been translated into 39 languages, giving it a true global presence. Although significant strides in privacy protection have followed, ongoing data breaches and violations of consumer privacy have been escalating, pointing to the need for stronger protection.
If you’re reading this, chances are you have ubiquitous access to the internet, a smart phone, a laptop, and freely share your personal information through a variety of online services. The sheer volume of data that we share on a daily basis is staggering. From bank account passwords, to credit card details, to credentials for newspaper subscriptions and social media feeds – it is nearly impossible to quantify the bits and bytes of personal data floating around in the ether of the cloud and other networks of communication.
The 7 Foundational Principles of Privacy by Design (PbD) that I developed over twenty years ago still hold true today: privacy measures must be proactive, not reactive; privacy should be the default setting; privacy should be embedded directly into design, cohesively, right from the outset; privacy considerations should offer full functionality; privacy designs should offer strong security, with full lifecycle protection; visibility and transparency should be paramount; and privacy systems should be user-centric, above all. When our data is being shared, if sufficient technologies have been put into place to respect data privacy, right from the beginning, we can take great comfort that our privacy is being strongly protected. But when 1 billion email accounts are made vulnerable, or 800,000 children’s voice recordings made via teddy bears are exposed, or when it is reported that online fraud costs Canadians $1B per year, we quickly come to realize just how little privacy is actually being embedded in enterprise development.
What can be done?
With the advent of cloud networks, universal sharing of information and disruptive technology that upsets the status quo of privacy systems, companies think they have no other option than to participate in this collaborative digital environment. Today, digital data is nearly as pervasive as the oxygen we breathe, but it does not follow that this ocean of shared data should be captured in identifiable form and held within vulnerable hubs, ripe for malicious parties to access. Further, the traditional boundaries that once kept data in check are now dynamic, rather than static. The privacy architecture of yesterday is no longer sufficient in this growing world of fluid, accessible information.
Businesses today should follow the example of companies like SecureKey, whose efforts to develop a collaborative, federated ecosystem are a clear display of the privacy-centric digital economy of the future, in which the end-user reigns supreme. Beyond adhering to the 7 Foundational Principles of PbD – by building privacy into every angle of one’s business, right from the outset – SecureKey clearly demonstrates how a collaborative environment of like-minded enterprises focused on privacy, can greatly benefit today’s digital society.
It is only in collaborative partnerships that the digital rights and privacy of end-users can truly be put first. Enterprises must work together to address the ubiquitous sharing of information, rather than attempt to address privacy alone. They must become active participants in digital exchanges where privacy and end-user validation are not attributes of the systems architecture, but integral to their function.
In this day and age of ubiquitous computing and online connectivity, no business can afford to stand alone when building the digital systems of the future. No business, consumer or government can exist in isolation in our information-saturated age. The 7 Foundational Principles of Privacy by Design, however, coupled with apparatus rooted in collaboration, can help to ensure that privacy prevails and is positioned as the first consideration.