Presentation on theme: "Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August."— Presentation transcript:
Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August 2009
Information Commissioner’s Office Regulatory Authority –DPA, PECR; FoI; EIR Role of the Regional Offices –Cardiff, Belfast, Edinburgh –Enquiries –Stakeholder engagement –Input Scottish dimension to ICO
Privacy by Design: Context Recognised gap in development and adoption of privacy-friendly systems; Lack of public trust and confidence; Report launch – Nov’ ’08; Ensure ‘privacy’ is always on the agenda; Privacy and data protection compliance designed into systems at the outset.
Privacy by Design: Defining Privacy Webster’s Dictionary: Privacy is: The quality or state of being hidden from, or undisturbed by, the observation or activities of other persons and freedom from undesirable intrusions.
Privacy by Design: Why do a PIA? To identify privacy risks to individuals; To identify privacy and DP compliance liabilities for your organisation; To protect your reputation. To instil public trust and confidence in your organisation; To avoid expensive, inadequate “bolt- on” solutions; To inform your communications strategy; Enlightened self-interest!
Privacy by Design: When to do a PIA? At the start, when: –the project is being designed; –you know what you want to do; –you know how you want to do it; and –you know who else is involved... …but certainly before: –decisions are set in stone; –you have procured systems; –you have signed contracts; and –while you can still change your mind!
Privacy by Design: How to do a PIA? Initial assessment Full-scale PIA Small-scale PIA Privacy law compliance check Data protection compliance check Review and redo!
Privacy by Design: Initial Assessment Prepare a project outline Identify stakeholders Look at other PIAs Look at studies on the technology and processes Decide the appropriate level of assessment
Privacy by Design: Full-scale PIA 5 Phases: –Preliminary work –Preparation –Consultation/analysis –Conclusions –Review
Privacy by Design: Small-scale PIA 5 Phases: (less formal) –Preliminary work (more specific) –Preparation (just as important!) –Consultation/analysis (less exhaustive) –Conclusions (part of a process) –Review
Privacy by Design: Compliance Privacy Law: –Vires –HRA; PECR; Law of Confidence –Statutory prohibitions Data Protection: –DP Principles –Schedule Conditions –Exemptions
Privacy by Design: Key Points The PIA is a process to consider privacy risk; It may not be appropriate in all cases; It can be incorporated into the organisation’s current risk strategy or it can be stand-alone; New and more manageable guidance!!