I recently had the chance to speak with former Ontario Information and Privacy Commissioner Dr. Ann Cavoukian about big data and privacy. Dr. Cavoukian is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD).
What’s more, she came up with PbD language that made its way into the GDPR, which will go into effect in 2018. First developed in the 1990s, PbD addresses the growing privacy concerns brought upon by big data and IoT devices.
Many worry about PbD’s interference with innovation and businesses, but that’s not the case.
When working with government agencies and organizations, Dr. Cavoukian’s singular approach is that big data and privacy can operate together seamlessly. At the core, her message is this: you can simultaneously collect data and protect customer privacy.
To gain insight into her process, here are some highlights of our interview:
On Privacy by Design
I really crystalized Privacy by Design after 9/11 because everyone was talking about the vital need for public safety and security, but it was always construed at the expense of privacy. Privacy forms the basis of our freedom. You want to live in a democratic society? You have to have moments of reserve, reflection, intimacy and solitude.
The position I took was public safety is paramount, but with privacy embedded into the process – privacy as a default setting. What that means is that if a company has privacy as the default setting, they can say to their customers, we can give you privacy assurance from the get-go. We’re collecting your information for this purpose, so they identify the purpose of data collection. We’re only going to use it for that purpose and unless you give us specific consent to use it for additional purposes, the default is that we won’t be able to use it for anything else.
Privacy Advice for Innovators
Recently, I spoke at a conference and told the developers to build privacy into their apps at the beginning stages of their development and they’re going to be golden. I had dozens of people come up to me afterwards telling me that they didn’t even know they were supposed to because it never appeared on their radar. It’s not they’re resistant to it, they hadn’t thought of it. And our biggest job is educating the app developers, the brilliant minds. My experience isn’t that they’re resisting the messaging, they haven’t been exposed to the messaging.
I’d like to mention, in partnership with Deloitte and Ryerson University, we just started offering Privacy by Design certification.
Add us to your favorite podcasting app:
Follow the Inside Out Security Show panel on Twitter @infosec_podcast