Organizations’ Strategies to Implement Privacy by Design and Default

19
Organizations’ Strategies to Implement Privacy by Design and Default

core activities and business models of numerous enterprises’ revolve around gathering and sharing user-related data. However, there are often gaps around protecting user privacy and fostering trust that are forcing them to take reactive steps to catch up with customers’ privacy expectations and also comply with privacy regulations.

Any kind of system, process or infrastructure, if that uses personal data than this demand privacy. Throughout the development life cycle and identify possible risk to the rights and freedoms of the data subjects and minimize them before they can cause actual damage. strategies are a core set of eight privacy design strategy components among the privacy techniques and privacy design.

ISACA’s new publication, ‘Privacy by Design and Default: A Primer’, offers organizations and professionals the strategies and techniques to take a proactive approach to building in privacy considerations.

Also Read: Top 7 Cybersecurity Tips for a Safer Workplace

The book puts forward a core set of eight privacy design strategy components for any organization, which include:

  • Minimize: Any kind of personal data processed should be restricted to the minimal amount necessary. Such as, only requesting an individual’s birth year rather than the actual birth date should be sufficient for age-restricted services.
  • Hide: from plain view personal data and their interrelationships need to be hidden. The Payment Card Industry Data Security Standard (PCI DSS) requires that only the last four digits of a credit card number should be printed on a receipt.
  • Inform: Authority needs to be well-informed if a data subjects use a system. They should be informed about which information is processed, for what purpose and by what means.

Also Read: Top 7 Cybersecurity Tips for a Safer Workplace

The study walks through not only the key concepts and foundational principles behind privacy by design, but also topics including cybersecurity and privacy risk, privacy engineering, and privacy protection in IT system design. Timeline on key global privacy regulations—including the General Data Protection Regulation (GDPR) in Europe, Lei Geral de Protecao de Dados Pessoais in Brazil, and the Amended Act on the Protection of Personal Information in Japan—and their evolution also included in this latest publication. This challenges the conventional system thinking.

ISACA Privacy Professional Practices Associate, Safia Kazi says, “The privacy by design approach ensures that data can continue to be used by enterprises in a way that respects data subject privacy.” When an enterprise understands how it collects, stores and uses data, this leads to increased confidence and trust in the data on which it bases strategic decisions—and that enhances trust between the enterprise and its customers.

For more such updates follow us on Google News ITsecuritywire News