PRIVACY BY DESIGN TRAINING
THE RUDE REFRIGERATOR
The term “Privacy by Design” was coined by Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, Canada and now Executive Director of the Privacy and Big Data Institute at Ryerson University. According to Cavoukian, “Privacy by Design refers to the philosophy and approach of embedding privacy into the design, operation and management of information technologies and systems, across the entire information life cycle.”
This Privacy by Design training vignette contains a video (~4 minutes) that demonstrates in a humorous way why it is essential to consider privacy issues when designing products and services. The video explains the types of issues that can arise and the importance of addressing them early on in the design process. This course will be helpful to emphasize privacy concerns to engineers and designers of programs, software, websites, and other products or services. It will also be useful for the entire privacy compliance team.
The U.S. Federal Trade Commission (FTC) has advised organizations to embrace Privacy by Design: “Although many companies already incorporate substantive and procedural privacy protections into their business practices,industry should implement privacy by design more systematically. A number of commenters, including those representing industry, supported staff’s call that companies ‘build in’ privacy, with several of these commenters citing to the broad international recognition and adoption of privacy by design. The Commission is encouraged to see broad support for this concept, particularly in light of the increasingly global nature of data transfers.”
The EU General Data Protection Regulation (GDPR) mandates data protection by design and default in Article 25. The GDPR requires that data controllers “shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”
The GDPR also requires that the “controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.”
What does Privacy by Design entail? To effectively design for privacy, one must identify and assess the various privacy issues that might arise. Doing so can be challenging because privacy is a broad and complex concept.
This course coupled with our longer (~15 min) Privacy by Design training course will provide a framework to help spot privacy issues and understand privacy implications in the early stages of product design, before problems arise.
Please Contact Us to Evaluate this Program or Others
We can provide you with a login so you can evaluate the programs.
About TeachPrivacy and Our Training Philosophy
TeachPrivacy was founded by Professor Daniel J. Solove, the leading expert on privacy and data security law. He is deeply involved in the creation of all training programs because he believes that training works best when made by subject-matter experts and by people with extensive teaching experience.
According to Professor Solove: “Great training isn’t about slickness or tricks. It is about teaching. The goal is to make people understand, care, and remember. Great training is made with genuine passion – to make people love training, it must be made with love. Excellent substance is essential. The material must be explained clearly, understandably, and concretely. The content must be short and to the point – and it must be engaging. Slickness and gimmicks can’t compensate for lackluster substance.”
TeachPrivacy provides privacy awareness training, information security awareness training, phishing training, HIPAA training, FERPA training, PCI training, as well as training on many other privacy and security topics.
Professor Solove is a law professor at George Washington University Law School. He has taught privacy law every year since 2000, has published 10 books and more than 50 articles, including the leading textbook on information privacy law and a short guidebook on the subject. His LinkedIn blog has more than 1 million followers. Click here for more information about Professor Solove.