Privacy by design, take the challenge

In the mid-’90s, publications by the Office of the Information and Privacy Commissioner of Ontario (IPC), such as Privacy Protection Makes Good Business Sense and Privacy: The Key to Electronic Commerce, argued that all organizations that collect, use and disclose personal information should proactively accommodate the privacy interests and rights of individuals throughout their operations. [...] Voluntary international FIPs, such as the 1980 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, have served as the blueprint for the development of national privacy laws, but in the mid-’90s the IPC began to recognize that they also inform the design of information systems. [...] My office has long supported the OECD Guidelines and, subsequently, the CSA Model Code for the Protection of Personal Information when it was finalized in 1995 to provide “the Canadian context and the new challenges of privacy protection in the information age.”2 3. Privacy concerns must be identified and mitigated early and comprehensively “Build in privacy from the outset” has been my longstandi [...] Volume II of the 1995 Privacy-Enhancing Technologies: The Path to Anonymity, of- fers a flowchart and discussion of “how the designer can take the user’s privacy into account during the different phases of the design process.” Perhaps the clearest expression of my early advocacy for this approach is found in my 1997 paper, Smart, Optical and Other Advanced Cards: How to Do a Privacy Assessment, wh [...] The focus of the conference was on the emergence and growth of privacy-enhancing technologies (PETs), which the Commissioner believes will pave the way for ensuring the future of privacy.