1) Privacy by Design (PbD) is an approach to system design that emphasizes privacy and data protection through the entire lifecycle. The 7 PbD principles include making privacy the default, embedding privacy into design, and keeping systems user-centric and transparent.
2) To apply PbD, personal data should be separated from other business data and stored securely in a separate system. Standard protocols like SAML and OAuth2 should be used to share personal data securely.
3) When designing a personal data repository, transparency, data minimization, and giving users control over their data through a self-care portal are important considerations.
Report
Share
Report
Share
1 of 39
More Related Content
Privacy by Design as a system design strategy - EIC 2019
1. Privacy By Design as a System Design
Strategy
Sagara Gunathunga
Director, WSO2
sagara@wso2.com
2. About Me
● Director of Identity & Access Management at WSO2
● Mainly focuses on WSO2 Identity and Access Management (IAM)
offerings
● Core member of WSO2's effort in making its products and business
processes GDPR compliant
● PMC member and committer for a number of Apache projects including
Apache Axis2 and Apache Web Services
4. Global Privacy Outlook
D
Data
Protection Act
PIPEDA
Privacy Act of
1988
HIPAA,
COPPA,
CCPA, etc..
Information
Technology Act
Personal
Information
Protection Act
Personal Data
Protection Bill
POPI
9. Privacy by Design (PbD) Principles
1
2
3
4
5
6
7
Proactive not reactive - preventative not remedical
Lead with privacy as the default setting
Embed privacy into design
Retain full functionality(positive-sum, not zero-sum)
Ensure end-to-end security
Maintain visibility and transparency-keep it open
Respect user privacy-keep it user-centric
13. A Typical System of a Business Organization
Personal information is scattered all
over the system
14. A Typical System of a Business Organization
Personal information (user data) is
scattered all over the system
15. ● Number of systems to protect
● Number of systems to modify and replace to support privacy
standards
● Personal data removal needs changes in multiple places
● Increased chance of personal data breaches
A Typical System Of A Business Organization
16. Solution
Move all the personal information (user data) into a separate system
so that other applications can look-up user data on demand
17. ● Reduce development and maintenance cost
● Reduce development and maintenance time
● Reduce system complexity
● Reduce the chance of personal data breaches
● Can adopt to future expansions easily
Solution
24. Standard Protocols and Security Tokens
● Use standard transport security protocols and latested tools
○ TLS/SSL
○ Strong algorithm and key for hashing/encryption
● Use standard protocols
○ SAML
○ OAuth2/OIDC
○ WS-Federation
● Use standard security tokens over custom tokens
○ SAML tokens
○ JWT, OIDC IDToken
28. Provide Transparency
Be transparent on ‘why’ you need
specific PII data, how do you
going to store and process, how
long you retain those data.
Source : https://startwithwhy.com/
29. Provide Transparency
Source : https://startwithwhy.com/
Example, in a mobile application,
● Clearly show ‘location service’ icon when
the app utilize customer location.
● Clearly show ‘bluetooth’ icon when the
app communicate with another device
via bluetooth.
30. Minimize PII data collection and storing
● Make sure to capture absolutely necessary set of PII only for current
purposes.
● Consider data retention policy and implement data removal logic as a
core requirement.
● Preference on storing results instead of raw PII data.
● Try to depend on system generated ids for identification.
● Use hashing and encryption whenever possible on PII data.
31. Minimize PII Data Collection and Storing
Example :
In a restaurant recommendation
application, capture nearest city for
processing instead of exact
coordination of the user.
Example :
In a mobile application, use system
generated id to track usages data of
the application instead of mobile
number or IMEI id.
37. Solution
● Individuals can access, modify, and remove their personal
information
● Data processing activities can be informed and made
transparent
● Individuals can download a copy of their personal data
● Can have a medium to submit ‘forget-me’ requests