Design Strategies to Implement Privacy in Practice

Design Strategies to Implement Privacy in Practice
The Eight Privacy Design Strategies

Last week, we discussed Privacy by Design and its seven foundational principles. The principles aim to help organisations embed privacy into their products and processes from day one rather than as an afterthought.

Privacy by design is increasingly relevant in a world with escalating privacy risks and concerns. It is also a foundation for many modern privacy laws, such as the European Union’s GDPR, which has wide-reaching implications for businesses worldwide due to its extraterritorial scope.

Adhering to privacy law and, ideally, implementing privacy best practices is crucial for businesses worldwide. However, a significant critique of privacy by design is that it lacks practical advice on implementing the principles in practice.

The closest privacy by design comes to practical guidance is a set of documentation standards for developers. While useful, this guidance only goes as far as explaining what documentation you should create rather than providing examples of design and architecture decisions that can address each principle.

In our previous article, we included tips and tactics to implement each principle. This week, we will supplement that information by summarising an overarching framework that developers can use to implement privacy in practice.

Strategies for developers implementing privacy in practice

Jaap-Henk Hoekman derived a framework for implementing privacy from the principles that underlie data privacy legislation.

The framework comprises eight convenient strategies, separated into two categories: data-oriented strategies and process-oriented strategies.

Data-oriented strategies are more technical as they directly focus on preserving privacy while processing personal data, while process-oriented strategies address the procedures for handling personal information. Each strategy includes a range of sub-tactics that help address how to approach implementing privacy in practice.

Data oriented strategies and tactics

There are four data oriented strategies. These strategies have a greater emphasis on software design and architecture decisions when compared to the process oriented strategies which follow.

Minimise: ‘Limit as much as possible the processing of personal data.’

Tactics include:

  • Select: determine which people and attributes are strictly necessary for processing. Restrict capturing data to only these fields.
  • Exclude: preemptively identify people and attributes that are not required. Exclude these fields, or immediately delete them, at the point of capture.
  • Strip: identify how long data is required. Automatically delete data once this time has elapsed.
  • Destroy: ensure data is entirely deleted and irrecoverable once the time period has elapsed.

Separate: ‘Separate (logically or physically) the processing of personal data as much as possible’ to reduce the likelihood of combining data.

Tactics include:

  • Isolate: collect and process personal information in separate databases or applications
  • Distribute: decentralise the processing of information across different physical locations and beyond the control of a single entity. Utilise the devices of the data subject for data handling and processing where possible.

Abstract: ‘limit as much as possible the detail in which personal data is processed’ … and the detail held over time as the need for specificity reduces

Tactics include:

  • Summarise: use more general attributes (e.g. age instead of date of birth)
  • Group: aggregate information for group profiles rather than individuals
  • Perturb: use approximations or adjust values with random noise

Hide: ‘Protect personal data, or make it unlinkable or unobservable. Make sure it does not become public or known.’

Tactics include:

  • Restrict: limit access to personal data to only those who ‘need to know’ and ensure it is strongly protected
  • Obfuscate: use encryption and hashing to avoid storing information in plain text and introduce complexity to decipher and interpret data
  • Dissociate: remove linkages between data and people
  • Mix: use anonymisation and mix information to hide the source of interrelationships

Process oriented strategies and tactics

The second set of strategies, which are process oriented, ensure data subjects are aware of their data use, in control of their data, and that the organisation is adhering to its privacy policies and documenting the approach where suitable.

Inform: ‘Inform data subjects about the processing of their personal data in a timely and adequate manner’ … to deliver transparency for all users.

Tactics include:

  • Supply: provide complete information about data handling (e.g. what data is processed, how it is processed, approaches to deletion and retention, third party data access, communication channels)
  • Explain: clearly explain data handling approaches and reasoning, in sufficient detail for all audiences
  • Notify: provide timely updates to users regarding data processing, sharing or breaches. Allow users to customise why and when they are notified

Control: ‘Provide data subjects adequate control over the processing of their personal data.’

Tactics include:

  • Consent: ask for explicit consent before any data is collected. Inform users in advance of what data will be processed, how and why it is processed.
  • Choose: allow users the choice of whether to provide data. Do not restrict functionality, except where necessary, on the basis of consent
  • Update: allow users to review and update their personal data
  • Retract: enable data subjects to delete (directly or through request) their personal information

Enforce: ‘Commit to processing personal data in a privacy-friendly way, and adequately enforce this.’

Tactics include:

  • Create: commit to privacy through establishing and executing a privacy policy
  • Maintain: implement technical and organisational controls, including awareness and training, to maintain the privacy policy
  • Uphold: verify, evaluate and revise the privacy policy regularly

Demonstrate: ‘Demonstrate you are processing personal data in a privacy friendly way.’

Tactics include:

  • Record: document all steps and decisions. Collect system logs and perform data protection impact assessments (DPIAs)
  • Audit: conduct audits of data handling processes and system logs
  • Report: produce reports and share them with the Data Protection Authority. Seek certification and benchmark your organisation against others.

If you would like to learn more about what we are building at Onqlave to help protect sensitive data, follow our updates via LinkedIn, sign up to our newsletter or feel free to get in touch with any of our team.