<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}] is a [Privacy model] that was developed by the former Information and [Privacy] Commissioner of Ontario, Dr. Ann Cavoukian. [Privacy] by Design advances the view that the future of [privacy] cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must become an organization’s default mode of operation.


The objectives of [{$pagename}] — ensuring [privacy] and gaining personal [control|Law of User Control and Consent] over one’s information and, for organizations, gaining a sustainable competitive advantage — may be accomplished by practicing the 7 Foundational Principles.

In October [2010|Year 2010], [{$pagename}] was recognized as the global privacy standard in a landmark resolution by the International Conference of Data Protection and Privacy Commissioners in Jerusalem.  Since then, the 7 Foundational Principles of [{$pagename}] has been translated in over 30 official languages.

The objectives of [{$pagename}] — ensuring privacy and gaining personal control over one’s information and, for organizations, gaining a sustainable competitive advantage — may be accomplished by practicing the 7 Foundational Principles.

!! __1.__ Proactive not Reactive; Preventative not Remedial
The [{$pagename}] ([PbD]) approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy-invasive events before they happen. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred – it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.

!! __2.__ Privacy as the Default Setting
We can all be certain of one thing – the default rules! [{$pagename}] seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy – it is built into the system, by default.

!! __3.__ Privacy Embedded into Design
[Privacy] is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that it becomes an essential component of the core functionality being delivered. [Privacy] is integral to the system, without diminishing functionality.

!! __4.__ Full Functionality – Positive-Sum, not Zero-Sum
[{$pagename}] seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible to have both.

!! __5.__ [End-to-End Security] – Full Lifecycle Protection
[{$pagename}], having been embedded into the system prior to the first element of information being collected, extends throughout the entire [life cycle] of the [data] involved, from start to finish. This ensures that at the end of the process, all data are securely [destroyed|Data Disposal], in a timely fashion. Thus, [{$pagename}] ensures cradle to grave, [Data Management], end-to-end.

!! __6.__ [Visibility and Transparency] – Keep it Open
[{$pagename}] seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain [visible and transparent, to users and providers alike|Law of Justifiable Parties]. Remember, trust but verify.

!! __7.__ [Respect for User Privacy] – Keep it [User-Centric|Law of User Control and Consent]
Above all, [{$pagename}] requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it [User-Centric|Law of User Control and Consent].

[{$pagename}] is a set of [Laws] that should be considered when working with [Privacy].


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Privacy by Design|https://www.privacybydesign.ca/|target='_blank'] - based on information obtained 2013-04-10
* [#2] - [Nonconformist Innovation Podcast with Steve Tout|https://play.google.com/music/m/Dwfn6nhwwxjt36hdesranhz6j3y?t=Dr_Ann_Cavoukian_Executive_Director_The_Global_Privacy_By_Design_Center-Nonconformist_Innovation_Pod|target='_blank'] - based on information obtained 2019-07-06 
</pre>