PRIVACY BY DESIGN

What is Privacy By Design?

Privacy by Design refers to the philosophy and approach of embedding privacy into the design specifications of various technologies, processes and business models. Privacy by Design proposes to build the principles of Fair Information Practices into the design, operation and management of all levels of business practices.

The US Federal Trade Commission Specifically Identifies “Privacy By Design” as a Best Practice for US Companies

In an FTC Staff Report titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” the agency clearly indicated that “…companies should adopt a “privacy by design” approach by building privacy protections into their everyday business practices.

Such protections include:

  • Providing reasonable security for consumer data;
  • Collecting only the data needed for a specific business purpose;
  • Retaining data only as long as necessary to fulfill that purpose;
  • Safely disposing of data no longer being used;
  • Implementing reasonable procedures to promote data accuracy;
  • Implementing and enforcing procedurally sound privacy practices throughout organizations;
  • Assigning personnel to oversee privacy issues from the earliest stages of research and development;
  • Training employees on privacy issues; and
  • Conducting privacy reviews when developing new products and services.

As the Federal Trade Commission notes about the Privacy By Design principles … ‘the time has come for industry to implement them systematically.”

**Source: FTC Staff Report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (Dec. 2010)

Recent FTC Commentary and Testimony Supports the Push for “Privacy By Design”

In recent addresses to industry and Congress, FTC Commissioner Edith Ramirez urged companies to implement the “Privacy By Design” recommendations issued by FTC staff in December 2010.  Commissioner Ramirez advocated for the widespread move to “Privacy by Design” when she noted that businesses must “fundamentally rethink a wide range of privacy issues and offer best practices for industry…The first key recommendation is ‘Privacy by Design.’”

“Privacy By Design” Written Into Law by the Commercial Privacy Bill of Rights”

Senators John Kerry (D-MA) and John McCain (R-AZ) recently introduced their “Commercial Privacy Bill of Rights” requiring businesses that collect, use, store or transfer consumer information to implement “Privacy By Design” when developing products.

The full text of the “Privacy By Design” provision in the ‘‘Commercial Privacy Bill of Rights Act of 2011’’ includes this reference to the concepts:

SEC. 103. PRIVACY BY DESIGN.

Each covered entity shall … implement a comprehensive information privacy program by incorporating necessary development processes and practices throughout the product life cycle that are designed to safeguard the personally identifiable information that is covered information of individuals based on—

(A) the reasonable expectations of such individuals regarding privacy; and

(B) the relevant threats that need to be guarded against in meeting those expectations; and maintaining appropriate management processes and practices throughout the data life cycle.

Redpoint Guidance on Privacy By Design

Redpoint recognizes that Privacy and Data Security are not “bolt-on” considerations anymore.  The protection of personal and confidential information must increasingly happen at the inception and creation stage of business process and product development.

Due to our organizational structure and professional expertise, we are uniquely able to assist businesses in addressing privacy and data security issues early.  Our clients are the early adopters of “Privacy By Design,” the clear future of privacy and data protection.