Ann Cavoukain, Ontario’s privacy commissioner, is known for her long campaign urging the public and private sectors to build privacy into IT and business processes – the privacy-by-design approach.
With today marking the annual International Privacy Day, she and Oracle Corp.’s director Marc Chanliau have released a paper arguing that security by design
“Privacy must be incorporated into networked data systems and technologies, not as an afterthought, but rather, by default,” the paper says.
“The same is true of security. Both concepts must become integral to organizational priorities, project objectives, design processes, and planning operations. Privacy and security must be embedded into every standard, protocol and process that touches our lives.”
Rather than being separate principles, the paper says, they work together.
Data Privacy Day has been marked since 2008, which commemorates the 1981 signing of Convention 108, the first international treaty dealing with privacy and data protection.
The concept of security by design emphasizes the necessity of designing software systems that are secure from the ground up, says the paper, minimizing the impact of a system breach when security vulnerability is discovered.
That preserving privacy and ensures identity propagation across heterogeneous vendors.
By viewing the two concepts as complementary, the paper argues, organizations will recognize that both privacy and security need to be embedded by default into the architecture, design and construction of information processes and technologies.
The council also suggests the following to individuals:
Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you to verify who you are before you conduct business on that site.
Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
Own your online presence: When available, set the privacy and security settings on Web sites to your comfort level for information sharing. It’s OK to limit how and with whom you share information.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."