The FTC has emphasized that “companies should adopt a ‘privacy by design’ approach by building privacy protections into their everyday business practices.” To that end, the FTC has stressed the need for fully integrated privacy measures that carry through the entire data lifecycle, employee training and oversight on privacy issues, and customized privacy practices scaled to the sensitivity of the [...] By the early ’90s, there was considerable public discussion about the merits of good privacy practices, some of which flowed from the anticipated coming into force of the European Data Protection Directive.19 The EU Directive sought to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data. [...] These documents “are generally written in legalese that is unintelligible to the average consumer.” As a result of the number and complexity of such notices, this situation is “typically overwhelming to the average consumer.” The result… is a lack of transparency into actual privacy practices and a diminished ability of consumers to make informed choices.”24 Increasingly, organizations that have a [...] Using PbD as a framework, the organization can think critically about how to develop doubly-enabling, win-win solutions that are applicable and appropriate given the size and nature of the organization, the personal information it manages, and the range of risks, opportunities, and solutions available. [...] Privacy Impact Assessments (PIAs) A PIA is one of many tools used to help organizations ensure that the choices made in the design of a system or process meet the privacy needs of that system, typically by way of a directed set of questions, based on privacy requirements.38 It can be an excellent entry point for applying the principles of Privacy by Design.
Authors
- Pages
- 36
- Published in
- Canada
