The Future of Privacy Forum, a Washington-based think tank that promotes responsible data practices, recently posted its First Annual List of Privacy Ins and Outs. It’s a playful – but insightful – look at what’s hot and what’s not in the world of privacy for the year ahead.
I was delighted (and gratified) to see Privacy by Design (PbD) make the list of what’s “in.” 2010 was a great year for Privacy by Design – the made-in-Ontario framework for embedding privacy into the architecture of technologies and practices, right from the outset. Around the world, PbD continued to gather momentum and gain increasingly widespread support. We’re clearly at a tipping point.
So what can look forward to for PbD in 2011? I’m anticipating this year as the launch of the Privacy by Design decade – one that will assure the future of privacy. Here is my “Top 5” list:
1. A Generation of “Privacy Heroes”
Over the past few years my office’s annual PbD Challenge, our Developers Challenge (co-sponsored with Microsoft) and the PbD Ambassador program have begun to stimulate and recognize emerging leadership in the area of Privacy by Design. Armed with vision, technical expertise and respect for consumers and citizens, a committed pool of individuals and organizations, who we call “privacy heroes” – including researchers, academics, engineers, regulators, captains of industry, and privacy advocates – are emerging as forerunners in the implementation of Privacy by Design.
We look to these privacy heroes to expand the pool of PbD expertise, commitment, and innovation in 2011 and beyond, as the ranks of PbD supporters continue to swell. See details of our third annual event celebrating International Data Privacy Day – “Privacy by Design: Time to Take Control” to be held on the morning of January 28, 2011.
2. PbD as a Fundamental Component of Privacy Frameworks
There is a growing momentum to enshrine the Foundational Principles of PbD in privacy policies and regulatory frameworks. The U.S. Federal Trade Commission’s recent paper, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policy Makers, named PbD as one its key recommendations. Similarly, the European Commission’s (EC) recent consultation paper proposed PbD as a way to enhance the responsibilities of organizations.
Last year, international data protection and Privacy Commissioners unanimously passed and adopted, in full, a PbD Resolution that, among other things, encourages regulators to incorporate the principles of PbD in regulations and legislation within their respective jurisdictions.
In 2011, we can expect further movement toward embedding PbD into regulatory instruments, voluntary codes, and ”best practices” all around the world. Among other things, this will significantly expand the understanding of how the principles of PbD may be interpreted in specific contexts, and applied to particular industries and technologies.
3. PbD as a Fixture Within Public and Private Sector Ecosystems
The signs are already beginning to appear: market leaders are embracing Privacy by Design, and are, in turn, reaping the benefits. Recently, thought leaders Don Tapscott and Anthony D. Williams, authors of Macrowikinomics: Rebooting Business and the World, joined the ranks of strong voices in support of PbD, in an article urging companies to adopt its principles.
Organizations that act early stand to gain a sustainable competitive advantage from early adoption of responsible information practices, and enjoy savings of time and resources by building privacy in from the outset, rather than trying to retrofit an ill-fitting solution in after the fact.
4. Innovative Applications of PbD
2010 saw PbD grow from a conceptual framework to a practical methodology that organizations are implementing. Significant projects in the areas of Smart Grid and Privacy-Protective Biometric Facial Recognition, and mobile applications marked the beginning of real innovation in applying the principles of Privacy by Design.
With market leaders like Hydro One, GE, IBM, Intel, the Ontario Lottery and Gaming Corporation, and Bering Media paving the way, 2011 promises to be a banner year for new and innovative applications of PbD.
5. Consistent Alignment between Business Practices and Consumer Expectations
Many organizations have lengthy, “legalistic” privacy policies that are difficult for consumers to read, let alone understand. Nonetheless, many consumers assume – incorrectly – the fact that a site posts a policy means that it will not share their personal information. These expectations are certainly not well-founded, nor are they always consistent with current business practices.
Embedding privacy proactively will bring business practices into much better alignment with consumer expectations. While this process may be a long one, I think we can look forward to seeing some positive steps in this coming year. And that will be good for everyone – consumers and businesses – because when consumers trust that their personal information is being protected, they can continue to support the growth of new forms of web-based commerce, without fearing for their information.
This is what I see for the decade ahead. I invite all of you to get involved in helping to make this vision a reality by striving to implement innovative Privacy by Design solutions in your own organizations. And don’t forget to tell us about them! We’ll be happy to post them on our website.
For support and resources, see www.privacybydesign.ca.