“Privacy by Design” Should Be a Focus for Enterprises during Privacy Awareness Week

Last updated: 15 May 2018

May 13, 2018 marks the beginning of Privacy Awareness Week (PAW). Started by the Asia Pacific Privacy Authorities (APPA) in 2006, PAW is an initiative designed to raise awareness of issues surrounding privacy and data protection. Members of APPA observe PAW each year in May by staging events and activities for individuals, businesses and government entities.

It’s business as usual for many APPA members as they prepare their PAW campaigns. The same cannot be said about Australia, however.

2018 stands out for the Land Down Under in its observance of PAW. This is so for two reasons. First, 2018 marks 30 years since the Australia passed the Privacy Act 1988. This piece of legislation regulates how government agencies and some private businesses handle personal information.

Second, 2018 is the year when several pertinent data protection regulations are scheduled to take effect. These standards include the Notifiable Data Breaches (NDB) scheme, which came into force in February 2018. It requires organizations responsible for protecting Australian citizens’ data to report a security breach to the Australian Information Commissioner if certain conditions are met. Similarly, the European Union’s General Data Protection Regulation (GDPR) is set to activate on May 25, 2018.

These regulations along with the occurrence of PAW mark a significant boost in attention for security and privacy globally. Privacy management software provider OneTrust even goes so far as to say that regulations like GDPR and NDB constitute a paradigm shift. In the words of OneTrust Advisory Board member Ann Cavoukian, privacy is no longer a best practice or school of thought. It’s not even optional anymore.

“Privacy must be proactively incorporated into networked data systems and technologies, by default,” said Cavoukian, as quoted in a OneTrust blog post. “The same is true of security. Both concepts must become integral to organizational priorities, project objectives, design processes, and planning operations.”

Cavoukian here articulates the idea that GDPR has transformed privacy and security into security by design. It’s an approach to security through which enterprises build security controls and privacy protections into their IT management processes. As such, the method is more proactive than other approaches, most notably retroactive auditing of systems for security vulnerabilities.

Security by design is quickly becoming the essential data security approach for enterprises given the onset of NDB and the fast-approaching deadline for GDPR compliance. With that said, enterprises should seize upon PAW to automate the deployment of security controls into their infrastructure. They can do so by attaching security to the data itself with encryption, securing (and owning) encryption keys, implementing strong authentication of users and things and following the other steps identified in Gemalto’s Secure the Breach Manifesto. Enterprises can then build on this momentum to emphasize to their customers the extent to which privacy has become a part of their everyday business during PAW. They should also articulate the value of privacy/security by design and what it means for the business to all employees and executives.

For more information about Privacy Awareness Week and how enterprises can leverage it to emphasize security by design along with other key messages, click here. To learn about Gemalto’s solutions to help Secure the Breach, visit safenet.gemalto.com.