If you have a business, or a business idea in contemporary times, you will have to deal, one way or another, with user data. Do you want to have a webpage for your business? Would you like to know the preferences of your potential clients? Privacy by Design is the integration of data processing procedures to every stage of business practices. In this article we will explore the different guidelines that govern the world of Privacy by Design: The European guidelines that hold the standard, and how Privacy by Design works in Colombia.
European guidelines
The European Data Protection Board has established the most complete guidelines regarding Privacy by Design and by Default as set forth in the European Union’s GDPR (1).
The principles that protect data subjects’ freedom and rights by design follow two fundamental criteria:
- Accountability
- Effectiveness
What does it mean?
Every party involved in processing personal data should create safeguards and systems following the principles of confidentiality, integrity and availability, that can attest to the correct implementation of technology standards within the industry.
Likewise, the elements of design that should be taken into account, from the most general to the most specific, throughout the lifecycle of the data are:
Privacy Strategies: insulation, minimization and abstraction of data.
Design Patterns: preconceived solutions that are applied to multiple, common problems derived from security or processing risks.
Privacy Enhancing technologies (PETS): software and hardware solutions, methods or knowledge that achieve a specific privacy or data protection functionality.
Examples:
- Algorithms that allow encryption of data and anonymization of the users,
- Plug-in blockers; and
- Spam filters
Colombian Regulation
Although privacy by design is not expressly required for data processing under Colombian law, the key mandatory elements of policy-making that are tied in with the accountability principle make Privacy by Design an essential part of data and privacy regulation in Colombia.
The Colombia Data Protection Authority, SIC, lunched a series of guidelines which specify the requirements companies should follow in order to fully comply with the accountability principle which, in itself, embeds the methodology of Privacy by Design in privacy policies, such as:
△ Developing a culture of privacy awareness within the organization.
△ Identify and specify the requirements that limit and condition the lifecycle of the data.
△ Evaluate privacy guidelines and create privacy risk-assessment plans that enable the development of preventive countermeasures.
△ Establish systems that ensure confidentiality and data minimization.
△ Assign resources and staff that can assess and certify the correct execution of the privacy principles in the data processing.