When do you have your best ideas? I have mine while on my bike, with the wind in my hair and dust (and often insects) in my mouth. This is when my mind wanders and I come up with my best plans. You might have your best ideas in the shower or brainstorming with your team; where and how is not important. What is important is that you consider privacy from that first moment when you start mapping your plan.
Do it right from the start and you will save valuable resources later. Integrate privacy considerations from the get go and you don’t have to worry about unexpected compliance and security risks after you’ve already invested your time and money in development. This principle is called Privacy by Design (PbD). If you understand the importance of both innovation and safeguarding the personal and confidential data of your customers, employees and business partners, you’ll understand the value of PbD.
The 7 principles of Privacy by Design, and how to nail them.
- Proactive not reactive. That old adage ‘prevention is better than cure’ rings true even when it comes to data protection. Don’t wait for a breach to happen. Stop them from happening in the first place. Establish and maintain practices to address poor privacy design, anticipating poor privacy practices and outcomes, and correcting any negative impacts before they occur in proactive, systematic and innovative ways. For example, do privacy impact assessments at the start and during the implementation of each new business process.
- Privacy as default setting. Personal information should be automatically protected in all ICT systems, business practices or processes. Privacy should be built into the system by default.
- Privacy embedded into design. Privacy should be taken into account in the design and architecture of information systems, the development of business practices and processes or other initiatives involving the processing of personal information. It is built in intentionally, not bolted on afterwards. How? It magically happens when privacy, good project governance, leadership and effective project management go hand in hand.
- Retain full functionality: positive-sum, not zero-sum. PbD employs a ‘win-win’ approach to all legitimate system design goals. By building privacy into the design and implementation of information systems, the goal of protecting an individual’s privacy and the goal that the system is aligned. No compromises needed!
- End-to-end security – full lifecycle protection. Appropriate security measures are essential to privacy – from start to finish. PbD ensures that all personal information is kept securely across its lifecycle from collection through to destruction.
- Visibility and transparency – keep it open. Visibility and transparency are essential to establish accountability and trust. Your processes and systems should deliver on the promises you make in your marketing, policies, privacy notices and contracts. Trust is the most powerful currency in business.
- Respect for user privacy. Above all, PbD requires architects and operators to protect the interests of individuals by setting strong privacy defaults, telling them how their information will be used, and empowering user-friendly options. Keep your customers happy and you will reap the rewards!
You might think, this sounds great, but where do I start? As they say, knowledge is power. As a first step make sure everyone in your organisation is aware of POPI and its privacy principles. Organise a training session or enrol in one of our e-learning programmes. You can’t implement privacy by design if you don’t know the rules for processing personal information.
Need help to get started? We would love to help. Get in touch.