Ann Cavoukain, Ontario’s privacy commissioner, is known for her long campaign urging the public and private sectors to build privacy into IT and business processes – the privacy-by-design approach.
With today marking the annual International Privacy Day, she and Oracle Corp.’s director Marc Chanliau have released a paper arguing that security by design
“Privacy must be incorporated into networked data systems and technologies, not as an afterthought, but rather, by default,” the paper says.
“The same is true of security. Both concepts must become integral to organizational priorities, project objectives, design processes, and planning operations. Privacy and security must be embedded into every standard, protocol and process that touches our lives.”
Rather than being separate principles, the paper says, they work together.
Data Privacy Day has been marked since 2008, which commemorates the 1981 signing of Convention 108, the first international treaty dealing with privacy and data protection.
The concept of security by design emphasizes the necessity of designing software systems that are secure from the ground up, says the paper, minimizing the impact of a system breach when security vulnerability is discovered.
That preserving privacy and ensures identity propagation across heterogeneous vendors.
By viewing the two concepts as complementary, the paper argues, organizations will recognize that both privacy and security need to be embedded by default into the architecture, design and construction of information processes and technologies.
To download the paper click here.
RELATED CONTENT
Another data loss at Human Resources Canada
Security and privacy aren’t just matters for organizations. As part of Data Privacy Day the U.S. National Crime Prevention Council reminds individuals to keep security software on their PCs and mobile devices current and to scan any external device – such as a USB memory stick – plugged into any device.
The council also suggests the following to individuals:
Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you to verify who you are before you conduct business on that site.
Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
Own your online presence: When available, set the privacy and security settings on Web sites to your comfort level for information sharing. It’s OK to limit how and with whom you share information.