Privacy by Design

When developing new products, services, or anything that may process data subjects’ PI, it is tempting to consider factors like privacy at the very end of the process. While this impulse is understandable, it guarantees that PI is receiving less protection than it would otherwise receive at best; at worst, privacy factors are never considered during the design process due to lack of attention or time, and PI is left unprotected.

Privacy by design ensures privacy factors are considered early in the development process. While the onus of implementing privacyby-design principles lies with the developers, strategists, and project managers who work on the various initiatives that may involve PI, privacy professionals can take certain steps to encourage privacy by design.

Less Mature

An immature privacy-by-design process might involve privacy considerations being an afterthought or only considered in the later stages of product development. When project timelines are short, privacy may not be considered at all. There will likely be no standardized steps for project leads to consider when implementing privacy by design, and project leads may not realize their initiative poses privacy risks at all.

More Mature

A mature privacy-by-design process would involve privacy considerations being integrated into every stage of product development, from ideation to retirement. Project leads are educated on what constitutes privacy risk and how minimizing those risks can inform the design of their system, tool, or process. Privacy professionals are consulted early and often throughout the process, and each project serves as a learning experience to improve privacy-by-design practices for the next project.

Recommended Next Steps

To encourage the adoption of privacy-by-design principles, privacy professionals should:

• Advocate for privacy to be included in product development from the outset.
• Create and implement privacy-by-design frameworks.
• Provide training and resources to staff on privacy-by-design principles and best practices.
• Collaborate with product development teams to ensure that privacy is considered throughout the product development process.
• Conduct privacy impact assessments at the outset of new projects and initiatives.
• Foster a culture of privacy and data protection to encourage project leads to consider privacy and/or consult with the privacy professionals in their organization.