Frequently Asked Questions

National institute of standards and technology currently recommends using AES (Advanced encryption standard) to encrypt and protect data sensitive data. AES is more secure than DES which is older and supports longer bit keys (128 up to 256 vs. 56). Making AES exponentially more secure and protected against brute force cracking

Companies can build customer trust in sharing their data by acting as a great steward for their user data by building robust monitoring and remediation processes for data collection/management. Being transparent in providing the disclosures in case users want to learn more. Being equitable and articulating the benefit of data collection/sharing

HTTPS which is an implementation of Transport layer security over HTTP protocol is the most protocol used to protect data communications between web applications and servers. TLS employs a combination of asymmetric and symmetric cryptography to achieve performance while maintaining security.

Expectation by a consumer that their data is protected, not used in a way that is not in line with the service being provided, notified in case the use case for their information changes and/or their data is exposed

Usercentricity, transparency, great stewardship, and proactiveness are the 4 main privacy by design concepts.

Data minimization: Collecting the minimal amount of information that is needed and deleting it when its utility is complete. Transparency: Being transparent on what data is collected & why, the benefit of collection, and giving the user an option to opt-out. Stewardship: Acting as a good steward of user data across its lifecycle (from how is it stored, to who has access to it, to who it’s shared with, and how it is used/managed) are three important privacy by design principles that would ease user concerns and build trust

Ideally from the onset of the product build

Assuming you are an established company/product. Understand what’s going on currently from a data collection/storage/sharing perspective. Check if this is in line with end-user expectations, and regulatory requirements. Remediate any issues/gaps and establish monitoring to catch gaps before they turn into issues proactively

Process of embedding privacy by design (to maintain user privacy and build trust) in the development process and the necessary tools/technologies associated with the process is privacy engineering. What data encryption standard to use and how to implement that? What types of data do we capture, and how can we identify/catalog them? Who uses this data, how often and why? Engineering process to accomplish any of these questions is privacy engineering.

Privacy by design is a framework that was developed in Canada and is the basis of various privacy regulations across the world (GDPR in Europe for example). It can be used to develop software/web applications that are user-centric with privacy embedded as a minimum requirement of product functionality

Privacy by design is the overarching framework to built applications that maintain user privacy. Privacy by default is a component of the framework

Business case for privacy: Although there is growing awareness of data collection practices among both consumers and regulators, there is a false sense of security among businesses on the need to embed privacy into engineering. A lot of businesses think that they don’t need to act because they are too small to get fined or for their customer data to get exposed through a breach. This makes it difficult to make a business case for privacy by design over all other business priorities. In reality, it is easier and cheaper to build privacy into the process while the product is being built rather than retrofit it once it is in production. Finally, privacy by design can be embedded in pieces starting with monitoring (know), then reduction of risk, and finally adding ongoing protection