Many enterprises’ core activities and business models revolve around gathering and sharing user-related data, but there are often gaps around protecting user privacy and fostering trust—forcing them to take reactive steps to catch up with customers’ privacy expectations and comply with privacy regulations. ISACA’s new publication, Privacy by Design and Default: A Primer, gives organizations and professionals the strategies and techniques to take a proactive approach to building in privacy considerations.
Marketing Technology News: MarTech Interview with Jason Brown, Addressable Advertising Lead for WarnerMedia Ad Sales
Eight strategies to help organizations implement privacy by design and default
Privacy by design challenges conventional system thinking. It mandates that any system, process or infrastructure that uses personal data consider privacy throughout its development life cycle and identify possible risk to the rights and freedoms of the data subjects and minimize them before they can cause actual damage. Among the privacy techniques and privacy design strategies shared in Privacy by Design and Default are a core set of eight privacy design strategy components, including:
- Minimize: The personal data processed should be restricted to the minimal amount necessary. For example, only requesting an individual’s birth year rather than the actual birth date should be sufficient for age-restricted services.
- Hide: Personal data and their interrelationships should be hidden from plain view. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires that only the last four digits of a credit card number be printed on a receipt.
- Inform: Whenever data subjects use a system, they should be informed about which information is processed, for what purpose and by what means.
Marketing Technology News: CallMiner Acquires Audio Capture Provider OrecX
Privacy by Design and Default walks through not only the key concepts and foundational principles behind privacy by design, but also topics including cybersecurity and privacy risk, privacy engineering, and privacy protection in IT system design. It also includes a timeline on key global privacy regulations—including the General Data Protection Regulation (GDPR) in Europe, Lei Geral de Protecao de Dados Pessoais in Brazil, and the Amended Act on the Protection of Personal Information in Japan—and their evolution.
“The privacy by design approach ensures that data can continue to be used by enterprises in a way that respects data subject privacy,” says Safia Kazi, ISACA Privacy Professional Practices Associate. “When an enterprise understands how it collects, stores and uses data, this leads to increased confidence and trust in the data on which it bases strategic decisions—and that enhances trust between the enterprise and its customers.”
ISACA is also offering a companion course on privacy by design. This course provides learners with an introduction to privacy by design along with interactive scenarios and knowledge checks to test understanding of privacy by design concepts. Those who participate in this virtual, self-paced course will gain a holistic understanding of privacy by design, including its foundational principles and technology that can support it.
Marketing Technology News: DAS42 and AtScale Partner to Deliver Advanced Data Technology Solutions