Privacy by Design

We find the beginning of serious data privacy protection discussions starting long ago, as in the 1990s when Dr. Ann Cavoukian, the Information and Privacy Commissioner of Ontario, Canada, developed Privacy by Design (PbD). The premise of PbD is compliance with privacy standards and stresses privacy assurance cannot be guaranteed through compliance alone. Instead, companies must adopt Privacy by Design as their default mode of operation throughout the organization.

The context of Dr. Cavoukian’s compliance standards implements a philosophy of prevention instead of reacting to invasive privacy rights violations after the damage is done. The primary reason Privacy by Design does not integrate punishment for violations or steps for resolving issues is based on the concept of preventing infractions before they occur.

Acceptance of Privacy by Design Spreads Globally

At the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem in October 2010, regulators approved a resolution distinguishing Privacy by Design and its components as fundamental to privacy protection.

The assembly encouraged organizations to implement Privacy by Design as their de facto default mode of operation. Their recommendations suggested the inclusion of Seven Foundational Principles in the privacy policy and legislation from Data Protection Authorities and Privacy Commissioners into areas under their control and start research into Privacy by Design.

The Seven Foundational Principles of Privacy by Design

From the development of the concept of Privacy by Design by Dr. Cavoukian, The Seven Foundational Principles of Privacy by Design have become an indispensable source for persons and companies worldwide.

The goal of Privacy by Design is ensuring personal data privacy protection and having control over the dissemination of one’s individual data, and organizations’ ability to realize an advantage over their competition following the Seven Foundational Principles:

  1. A proactive approach to privacy violation events, with emphasis on prevention. Privacy by Design builds in measures designed to prevent violations before they occur. Remedial measures have not been included in Privacy by Design because the goal is prevention, making the measures unnecessary.
  2. Privacy is the de facto modus operandi. Privacy as a default mode of operation describes fully the intention of Privacy by Design, which is full and automatic personal privacy data protection regardless of interaction by individuals or businesses.
  3. IT system design and subsequent business practices inherit all measures of Privacy by Design as part of its core functionality without affecting operations or integrity.
  4. Privacy by Design’s framework allows for open and constructive dialog considering legitimate interests with a positive can-do attitude. PbD removes barriers of opposition by showing possibilities of incorporating different ideas to benefit everyone.
  5. Embedding Privacy by Design into the full system before starting operations ensures robust data security to last throughout its life cycle. Data is secured from beginning to end and destroyed according to strict intervals.
  6. Full transparency and Visibility. In demand by stakeholders is full access to standards and procedures designed to fulfill stated promises and objectives, substantiated and verified by users and providers.
  7. Privacy by Design insists on due respect for user privacy. Data protection for users requires a user-friendly approach designed to protect the interests of persons by adding measures such as default privacy and suitable notice when necessary.

Need for Privacy

Almost daily the news breaks with another major data breach. Each breach is more brazen, and the world needs to come to terms with this unfortunate fact. Privacy by Design contains strong measures to protect against threats faced in the world today and concerted efforts to protect user data can minimize the effects of these crimes against society.

Learn more about Privacy by Design GDPR.

Ready for the next step?

In just minutes, we’ll show you how to improve your customer authentication experience, stop fraud and save money.


Ensure that every solution you use is safe, secure and compliant with ever-changing GDPR, PSD2 and other personal data standards and regulations. Our authentication solutions take care of that for you.

Meet Industry Standards

Ready for the next step?

In just minutes, we’ll show you how to improve your customer authentication experience, stop fraud and save money.