Privacy by Design – Principles or Requirements?
After reading the white paper, “Privacy and Security by Design, A Convergence of Paradigms,” this week, I pinged a couple of associates on Twitter to see what they thought about Privacy by Design.  Steve Wilson replied to the effect that “We need more than principles.  We need implementable requirements.”
When I met with Ann Cavoukian yesterday, I asked her about that viewpoint.  She agreed that we need to step beyond principles to requirements to implementation.  She gave me a copy of a paper published last December by the PdB team, entitled, “ Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices.”  This paper doesn’t provide all the answers, but begins to explore how privacy is being implemented in 9 application area:
- CCTV/Surveillance Cameras in Mass Transit Systems
- Biometrics Used in Casinos and Gaming Facilities
- Smart Meters and the Smart Grid
- Mobile Devices & Communications
- Near Field Communications (NFC)
- RFIDs and Sensor Technologies
- Redesigning IP Geolocation Data
- Remote Home Health Care
- Big Data and Data Analytics
Interestingly enough, when Marc Chanliau shared with me a his unpublished report from which came the security content for the “Privacy and Security by Design” paper, it was gratifying to see the title he had selected for that larger report: “Requirements for Enterprise Security.”
There is much to do, but progress is being made.