Bake privacy in products, services from the start: Cavoukian

Ontario privacy commissioner Ann Cavoukian is calling on technology-oriented organizations to make privacy a core functionality in the products and services they develop, instead of bolting it on after the fact in a band aid approach to protecting the end user.

That way, said Cavoukian, “it gets baked into your design architecture, it becomes part of your code.”

She issued the challenge to businesses along with the release of her annual report, entitled 2010 IPC Annual Report: Be Proactive. Avoid the Harm, that highlights the problems with taking a reactive approach to privacy and information access.

The privacy commissioner has been pushing into the public spotlight the concepts of Privacy by Design and Access by Design in an effort to make privacy and information access a natural and expected component of processes and technologies.

Traditionally, she said, there’s been what she calls a “zero-sum model” where privacy capabilities get the short end of the stick relative to business functionality, security or marketing.

“It has always been one or the other … We’re saying, ‘Reject that. Get rid of it,’” said Cavoukian.

Her message resounds well with Hydro One Networks Inc. The Markham, Ont.-based utilities provider has designed privacy into its smart grid and smart metre initiatives that help customers conserve energy.

Rick Stevens, vice-president of asset management at Hydro One said, practically, what privacy by design means for the organization is that such “non-functional” requirements still undergo the same due diligence at the initial planning stage.

“When we look at new uses of customer information, we spend time up front understanding the requirements for the information and looking at how we design systems upfront to ensure that customer privacy is maintained,” said Stevens.

While Stevens acknowledges that, in some organizations, privacy can get sidelined when “trade offs” are made, he believes that systems should nonetheless be built to be future-proof.

Another Canadian organization, The Ontario Lottery and Gaming Corp., based in Toronto, installed privacy-protective facial-recognition technology to identify members of the Voluntary Self-Exclusion program who want to be banned from entering gambling institutions, such as casinos. If no match is made with those in the database, then the facial image is automatically deleted.

Cavoukian wants organizations to share their privacy and information access initiatives so that, in turn, those best practices can be relayed to others. Already, Hydro One’s experience with its Smart Grid initiative is being applied in the U.S. with San Diego Gas & Electric, a utilities provider interested in baking privacy into its dynamic pricing program.

The message isn’t being confined to North America. This summer, the privacy commissioner’s office will release a whitepaper on how a utilities provider in Berlin, Germany, is embedding privacy and information access in its organization.

“We’re trying to get an EU presence, a U.S. presence, and we already have a Canadian presence,” said Cavoukian.

Follow Kathleen Lau on Twitter: @KathleenLau

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now