Download presentation
Presentation is loading. Please wait.
Published byCarl Estes Modified over 9 years ago
1
Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August 2009
2
Information Commissioner’s Office Regulatory Authority –DPA, PECR; FoI; EIR Role of the Regional Offices –Cardiff, Belfast, Edinburgh –Enquiries –Stakeholder engagement –Input Scottish dimension to ICO
3
Privacy by Design?
4
Privacy by Design: Context Recognised gap in development and adoption of privacy-friendly systems; Lack of public trust and confidence; Report launch – Nov’ ’08; Ensure ‘privacy’ is always on the agenda; Privacy and data protection compliance designed into systems at the outset.
5
Privacy by Design: Defining Privacy Webster’s Dictionary: Privacy is: The quality or state of being hidden from, or undisturbed by, the observation or activities of other persons and freedom from undesirable intrusions.
6
Privacy by Design: Why do a PIA? To identify privacy risks to individuals; To identify privacy and DP compliance liabilities for your organisation; To protect your reputation. To instil public trust and confidence in your organisation; To avoid expensive, inadequate “bolt- on” solutions; To inform your communications strategy; Enlightened self-interest!
7
Privacy by Design: When to do a PIA? At the start, when: –the project is being designed; –you know what you want to do; –you know how you want to do it; and –you know who else is involved... …but certainly before: –decisions are set in stone; –you have procured systems; –you have signed contracts; and –while you can still change your mind!
8
Privacy by Design: How to do a PIA? Initial assessment Full-scale PIA Small-scale PIA Privacy law compliance check Data protection compliance check Review and redo!
9
Privacy by Design: Initial Assessment Prepare a project outline Identify stakeholders Look at other PIAs Look at studies on the technology and processes Decide the appropriate level of assessment
10
Privacy by Design: Full-scale PIA 5 Phases: –Preliminary work –Preparation –Consultation/analysis –Conclusions –Review
11
Privacy by Design: Small-scale PIA 5 Phases: (less formal) –Preliminary work (more specific) –Preparation (just as important!) –Consultation/analysis (less exhaustive) –Conclusions (part of a process) –Review
12
Privacy by Design: Compliance Privacy Law: –Vires –HRA; PECR; Law of Confidence –Statutory prohibitions Data Protection: –DP Principles –Schedule Conditions –Exemptions
13
Privacy by Design: Key Points The PIA is a process to consider privacy risk; It may not be appropriate in all cases; It can be incorporated into the organisation’s current risk strategy or it can be stand-alone; New and more manageable guidance!!
14
www.ico.gov.uk 93-95 Hanover Street Edinburgh EH2 1DJ scotland@ico.gsi.gov.uk 0131 301 5071
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.