Privacy by design
Privacy by design is an approach whereby privacy and data protection compliance is designed into systems holding information right from the start, rather than being bolted on afterwards or ignored, as has too often been the case.
Privacy by design report
In 2008 we launched our privacy by design report (pdf).
Our privacy by design implementation plan (pdf) identifies themes and action points arising from the report, summarised below.
Planning for privacy by design
Organisations are not always considering or addressing privacy concerns throughout their systems’ lifecycle. Performing privacy impact assessments, managing privacy risks and promoting greater transparency can address this.
- Privacy impact assessment (PIA) handbook
- ICO technical guidance note on privacy enhancing tecnologies (PETs) (pdf)
- Enterprise Privacy Group paper on PETs (pdf)
- HIDE (homeland security, biometric identification and personal detection ethics)
- Privacy impact assessments - international study (Loughborough University) (pdf)
Engaging executive management
Executive managers not recognising their responsibility to protect individuals’ privacy can lead to a lack of suitable privacy investment as can the at times unclear commercial risks and benefits. ICO initiatives to combat this include:
Developing practical privacy standards
There is been a lack of uniform privacy standards, especially at international level, which is now beginning to change. The ICO works with data protection authorities, standards organisations and government and industry bodies internationally, to advise, discuss and develop new practical privacy standards.
- Data protection at EU level
- British Standards Institute (BSI)
- International Organisation for Standardisation (ISO)
- Biometrics working group
- BCS/ISAF personal data guardianship code
Good Practice and Guidance
The ICO has a range of guidance and practical advice for organisations and individuals. Our Data Protection Strategy explains our approach to minimising data protection risk.
- ICO data protection strategy (pdf)
- Privacy notices - code of practice
- Data sharing - code of practice
- Personal information online - code of practice
The study on the use of privacy impact assessments around the world were developed for the Information Commissioner by an international team of experts coordinated by the University of Loughborough. This is groundbreaking work and has provoked much interest with some government departments already wanting to use it.