What is... Privacy by Design?

In this series of posts, I introduce multiple concepts of DevOps in simple and clear ways. This one is Privacy by Design.

What?

Privacy by design addresses authorized access to privacy data.
It deals with privacy data (PII - Personal Identifiable Information), i.e. the lifecycle and governance of authorized data processing.

Principles (by OECD)

  • Collection limitation principle (data minimization principle): Individuals must be informed of and consent to the collection of their data.
  • Data quality principle : The data collected must be correct.
  • Purpose specification principle : The purpose of the data collection must be made clear to individuals before their data is collected.
  • Use limitation principle : Data must be used only for the purposes specified at the time of collection.
  • Security safeguards principle : The data collected must be protected against unauthorized access.
  • Openness principle (data transparency principle) : Individuals can contact the entity collecting their data to find out where it is collected and stored.
  • Individual participation principle : Individuals must know whether data about them has been collected and they must have access to it.
  • Accountability principle : The data collector is accountable for compliance with the privacy principles.

Controls

  • Anonymity
  • Authentication
  • Consent
  • Cookie
  • Data masking
  • Encryption
  • Minimization
  • Notify and inform
  • Obfuscation
  • Restrict
  • Separation

Comments

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×