By: Ann Cavoukian, Ph.D.
Privacy by Design (PbD)
Privacy by Design (PbD) is a framework I developed in the ’90s to shift the conventional method of privacy protection from a reactive regulation and compliance model to a proactive preventative model. Fast forward to today – advances in technology have become faster and more robust; our lives seem to change month to month instead of year to year. Accordingly, it is not only important, but imperative that individuals and organizations embed privacy proactively – making it the default.
The objectives of PbD – ensuring privacy and gaining personal control over one’s information and, for organizations, gaining a sustainable competitive advantage – may be accomplished by practicing the following 7 Foundational Principles:
- Proactive not Reactive; Preventative not Remedial
- Privacy as the Default Setting
- Privacy Embedded into Design
- Full Functionality – Positive-Sum, not Zero-Sum
- End-to-End Security – Full Lifecycle Protection
- Visibility and Transparency – Keep it Open
- Respect for User Privacy – Keep it User-centric
PbD Ambassador Program
In October 2010, International Privacy Commissioners and Data Protection Authorities unanimously passed a landmark resolution recognizing PbD as an essential component of fundamental privacy protection and encouraged its widespread adoption.
To recognize those individuals and organizations adopting the principles of PbD, I have developed a PbD Ambassador Program.
Individual Ambassadors
Individual Ambassadors are comprised of an exclusive, but growing, group of privacy thought-leaders committed to ensuring the ongoing protection of personal information. These individuals advance the case for embedding privacy-protective measures in technology, processes, and physical design.
Organizational Ambassadors
The Organizational Ambassador designation recognizes organizations that have embraced the principles of PbD and have embedded them, not just into selected projects, but into the very operation of the organization itself. It represents the gold standard of commitment to the protection of personal information.
PbD and OBI
I applaud the Ontario Brain Institute (OBI) for recognizing the need for improved data analytics in neuroscience and consequently, for undertaking the development of an extensive brain research database called “Brain-CODE” (Centre for Ontario Data Exploration). The sharing of that information is incredibly important as it provides researchers with tools that can help us better understand brain diseases and disorders.
Similarly, the protection of patients’ personal information is unquestionably important. That is why the only solution is a positive-sum, ‘win-win’ solution. In other words, to achieve a successful outcome, the OBI must ensure the proper collection, use, and disclosure of personal information, and that is exactly what they are doing.
The OBI has leveraged the 7 Foundational Principles of PbD in a variety of ways, for example, by consulting with my office prior to project launch (proactive), by collecting data only with express consent (respect the user), and by disclosing data only in de-identified format (full lifecycle protection).
In recognition of the OBI’s commitment to incorporating the principles of PbD into the overarching program, I have designated the OBI an Organizational Ambassador.
Congratulations to Dr. Donald Stuss and the entire OBI team!
