Privacy by Design Does Not Sacrifice Security
Big Data needs big privacy, says privacy expert at SecTor Security conference.
Ann Cavoukian, executive director of the Privacy and Big Data Institute at Ryerson University in Toronto, is passionate about privacy. Previously she spent 17 years as information and privacy commissioner for the province of Ontario, Canada.
Speaking at the SecTor security conference in Toronto this week, Cavoukian detailed her approach for the tech- savvy audience.
"You can't have good privacy without strong security," Cavoukian said. "If you don't lead with strong security, you will never have data privacy."
It's important to understand that privacy does not equal security, and privacy is not about having something to hide, she added.
"If you're a law abiding citizen, you choose what information you want to share and with whom," Cavoukian said. "That's the essence of privacy; it's all about control."
Having a truly free and innovative society requires privacy for users, without fear of reprisal, she said.
From a technology perspective, Cavoukian espouses the view of Privacy by Design, a set of documents and approach that she has been working on for decades. Privacy by Design is about embedding privacy into the design of IT, into the application code, making it an inherent component of the program or system, she explained.
There are seven foundational principles of privacy by design.
- Security is proactive and not reactive
- Privacy is the default setting
- Privacy is embedded into design
- Full functionality is maintained with privacy
- End-to-end security is in place, with full lifecycle protection
- Visibility and transparency
- Respect for user privacy
Fundamentally Cavoukian emphasized that Privacy by Design is about proactively identifying and then protecting security in a manner where users get both privacy and security.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.
By Jeff Goldman
September 04, 2015
Data on the unencrypted laptop included patient names, medical record numbers and health information.