1 / 14

Privacy by Design

Privacy by Design. Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August 2009. Information Commissioner’s Office. Regulatory Authority DPA, PECR; FoI; EIR Role of the Regional Offices

tallis
Download Presentation

Privacy by Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August 2009

  2. Information Commissioner’s Office • Regulatory Authority • DPA, PECR; FoI; EIR • Role of the Regional Offices • Cardiff, Belfast, Edinburgh • Enquiries • Stakeholder engagement • Input Scottish dimension to ICO

  3. Privacy by Design?

  4. Privacy by Design: Context • Recognised gap in development and adoption of privacy-friendly systems; • Lack of public trust and confidence; • Report launch – Nov’ ’08; • Ensure ‘privacy’ is always on the agenda; • Privacy and data protection compliance designed into systems at the outset.

  5. Privacy by Design: Defining Privacy Webster’s Dictionary: Privacy is: The quality or state of being hidden from, or undisturbed by, the observation or activities of other persons and freedom from undesirable intrusions.

  6. Privacy by Design: Why do a PIA? • To identify privacy risks to individuals; • To identify privacy and DP compliance liabilities for your organisation; • To protect your reputation. • To instil public trust and confidence in your organisation; • To avoid expensive, inadequate “bolt- on” solutions; • To inform your communications strategy; • Enlightened self-interest!

  7. Privacy by Design: When to do a PIA? At the start, when: • the project is being designed; • you know what you want to do; • you know how you want to do it; and • you know who else is involved... …but certainly before: • decisions are set in stone; • you have procured systems; • you have signed contracts; and • while you can still change your mind!

  8. Privacy by Design: How to do a PIA? • Initial assessment • Full-scale PIA • Small-scale PIA • Privacy law compliance check • Data protection compliance check • Review and redo!

  9. Privacy by Design: Initial Assessment • Prepare a project outline • Identify stakeholders • Look at other PIAs • Look at studies on the technology and processes • Decide the appropriate level of assessment

  10. Privacy by Design: Full-scale PIA 5 Phases: • Preliminary work • Preparation • Consultation/analysis • Conclusions • Review

  11. Privacy by Design: Small-scale PIA 5 Phases: (less formal) • Preliminary work (more specific) • Preparation (just as important!) • Consultation/analysis (less exhaustive) • Conclusions (part of a process) • Review

  12. Privacy by Design: Compliance Privacy Law: • Vires • HRA; PECR; Law of Confidence • Statutory prohibitions Data Protection: • DP Principles • Schedule Conditions • Exemptions

  13. Privacy by Design: Key Points • The PIA is a process to consider privacy risk; • It may not be appropriate in all cases; • It can be incorporated into the organisation’s current risk strategy or it can be stand-alone; • New and more manageable guidance!!

  14. www.ico.gov.uk 93-95 Hanover Street Edinburgh EH2 1DJ scotland@ico.gsi.gov.uk 0131 301 5071

More Related