Creating a culture of privacy starts with you. Every day, we make choices at home and at work that impact our own privacy and the privacy of others.
As state employees, we have a responsibility to treat people's sensitive data fairly and protect the confidentiality of the data entrusted to us. We do this by following the Fair Information Practice Principles, or FIPPs. (Read more about the FIPPs and privacy in general on our website, it.nc.gov/privacy.)
Privacy by Design (PbD) is a set of seven principles developed by Dr. Ann Cavoukian to implement the Fair Information Practice Principles, creating a culture of privacy within businesses and organizations.
PbD takes a proactive approach to privacy that bakes privacy into every aspect of a project and makes privacy a concern for all those touching sensitive information throughout the information lifecycle as well as the project or system lifecycle.
The seven principles of PbD are:
- Proactive not reactive; preventative not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality – positive sum, not zero-sum
- End-to-end security – full lifecycle protection
- Visibility and transparency – keep it open
- Respect for user privacy – keep it user-centric1
If these principles seem familiar, it is not surprising. They are rooted in the Fair Information Practice Principles that underpin federal law as well as laws across the United States and around the world.
Having a culture of privacy means that we are baking privacy into all that we do. Even before our project starts, we are thinking about the privacy implications, how to mitigate privacy risk and how to incorporate privacy controls into our projects.
We are being proactive about privacy.
That means that privacy is the default setting and a given starting point for all that we do. We embed privacy into the design of projects. It is present from start to finish. We incorporate privacy in a way that enables multi-functional solutions, incorporates full lifecycle protection and is transparent. Most importantly, we respect user privacy and keep it user centric.
Why is privacy by design important? Not only does it support privacy and ensure that we decrease privacy risk, but it builds trust among the residents of our state and others who share their sensitive personal information with us.
Privacy may not be something you think about every day, but it should inform all your work actions.
Our ability to get correct, actionable data that the state needs to inform decision making depends on building and keeping the trust of those who provide us with their sensitive personal information.
Creating a culture of privacy and starting from the default position that privacy is important and is a consideration throughout the lifecycle of the project/system and the data itself starts with you. Your actions help the state and your agency to build and maintain consumer trust.
The state provides services to residents that they need, and in return, we require them to provide us with certain sensitive information in order to be able to provide those services.
Unlike many private companies, consumers rarely have the ability to choose not to do business with the state. This creates an imbalance of power and makes it even more important that we treat their data and their privacy with the respect that it is due and in accordance with law, policy and best practices, such as the Fair Information Practice Principles and the Privacy by Design principles.