Privacy By Design as a Framework for Citizen Services
The ever-expanding world of technology has increased the ability for businesses and government agencies to sell products and deliver services online. That rise in the use of online delivery has meant a rise in privacy concerns.
In the case of businesses, they use technology to gain prospects, sell products or services, and track existing customers and how they interact with the business.
In the case of government agencies, they are increasingly moving to online service delivery for a multitude of citizen services, from registering births to renewing drivers licenses to paying taxes.
Businesses and governments share some common requirements for their online delivery, such as acquiring and retaining personal data. Sophisticated hardware and software are available that can store and process those data records. But that raises questions. What are the limits on data collection? How can customers and citizens be sure their data is safe?
Let’s look at the concept of privacy by design as a means of ensuring the safe collection and storage of customer information.
Following the Rules
Depending on the jurisdiction, there are regulations in place that define the collection and usage of private data. For instance, in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs the collection and use of data. In Europe, the General Data Protection Regulation defines the rules.
As businesses expand or gain customers from different jurisdictions, they need to be sure they are following the rules in each new jurisdiction.
Government agencies are held to a high standard; in providing citizen services they need to be mindful of the protections necessary for collecting and storing citizens’ information.
The solution is “privacy by design.”
Wherever a business or government entity operates, systems that employ a privacy by design approach will ensure they are following the principles of any jurisdiction by using system designs that support each and every privacy regulation.
Defining Privacy by Design
The principles of Privacy by design were developed by Ann Cavoukian, the former Information and Privacy Commissioner in Ontario, Canada. Her concepts stress that privacy is taken into account throughout the system engineering process, rather than try to follow different regulations in different countries or adapt only parts of systems for privacy concerns.
These are the seven foundational principles of her privacy by design framework:
1. Proactive not reactive; preventative not remedial. The system doesn’t wait to solve privacy infractions; it anticipates and prevents privacy invasion events before they happen.
2. Privacy as the default. The system includes the maximum degree of privacy and ensures personal data is automatically protected.
3. Privacy embedded in the design. The system has privacy built into every stage of design and architecture as well as in business practices. It’s not an add-on after the fact.
4. Full functionality – positive-sum, not zero-sum. The system accommodates all objectives rather than having to make a choice between privacy versus security.
5. End-to-end security – full lifecycle protection. Security is embedded throughout the lifecycle of the data. This includes secure retention through to the destruction of data.
6. Visibility and transparency – keep it open. The system’s parts and operations are visible and transparent, to users and providers alike.
7. Respect for user privacy – keep it user-centric. The user is empowered through measures like privacy defaults, appropriate notice, and user-friendly options.
Ensuring Privacy with CitizenOne
At Vivvo, we enable governments to deliver citizen services in a safe and secure way. Our CitizenOne platform also makes it easy for citizens to access, manage and use government services.
We start with citizen identity and access management as our foundation. CitizenOne delivers all the services needed to provide a better citizen experience and greater efficiency for our clients including a unique approach to identity-proofing and privacy and consent management.
Vivvo, as a leading digital government enabler, can help governments achieve their digital transformation goals and meet the high privacy and security standards required. Contact us today to schedule an in-depth discussion on your digital journey.