Doing it by Design

It is always better to do it by design then have it happen by accident.

This is the clear message underpinning the concept of “Privacy by Design” as championed by Dr. Ann Cavoukian, the Information & Privacy Commissioner of Ontario, Canada. The concept of “Privacy by Design” , at its simplest, calls for privacy considerations to be built in to processes and technologies with a view to creating a “positive sum game” outcome in which all parties benefit from increased trust.

The principles of Privacy By Design have recently been endorsed by the International Conference of Data Protection & Privacy Commissioners, and is seen by the EU’s Data Protection Supervisor as a key tool for Information Privacy.

I’ve written and spoken at length in this and other forums about the relationship between Data Protection/Privacy and Information/Data Quality. For instance, the actual wording of Directive 95/46/EC refers to the Data Protection Principles as “Principles for Data Quality”, and if we consider Data Protection Requirements as statement of expectation and requirement it is clear how this would be the case. Failing to meet the requirements of the DP principles would be a failure to meet or exceed expectations, the classic definition of “non-quality”.

In the context of Privacy By Design it is interesting to reflect on the principles of Quality espoused by Deming and others. In particular, Dr. Deming was adamant that you had to design quality into your processes and that merely inspecting defects out was not an approach to quality as it merely added cost without addressing the risk of defects getting out into the wild. This principle of “building quality in at design” can be found in Quality Function Deployment.

Without planning for quality outcomes (privacy, data in right place, right format, fit for specific purpose), organisations invite the arrival of non-quality happenings (data breaches, decisions made on crappy data). By embracing an approach which requires you to have these considerations front and centre in your thinking as you embark on the planning of your activities, you are better placed to assess risks in a timely manner and implement effective and appropriate mitigations to those risks, thereby ensuring greater trust and quality all around.