Privacy by Design: An oxymoron, an impossibility or the way to go? A Big Picture seminar in Brisbane

| July 19, 2010
Privacy by Design incorporates privacy from the planning stage rather than tacking it on at the end.
What is privacy, REALLY?
What is ‘Privacy by Design’?
After the concept was first developed by the Information and Privacy Commissioner of Ontario, it has become the new framework for thinking globally.  Leaders in the European Commission; the European Data Protection Supervisor; the UK Information Commissioner and interests in the US such as the Department of Commerce all see great promise in this way of ensuring privacy is ‘built in’ not ‘built on’ later as a compromise.
A number of recent initiatives in Australia have included Privacy by Design as part of more comprehensive strategies to respect privacy. These include the health identifier being issued for all Australians.
I was asked to speak on this topic at a Big Picture Seminar organised by NICTA (National ICT Australia) in Brisbane.
Now it is out on video and is based on a PPT that is complete with links to wider references and includes a short video of UProve being used in Germany.  The talk went over well and I hear is being sought for replay on local TV.
Since then, Privacy by Design has come up again in the debate about Facebook and privacy, with regulators asking questions and a court case in Canada.  It was the subject of a short segment on the Channel 7 Morning show earlier in July which you can see (after a short ad) at "Facebook privacy policy poked".
The jury might be out, but in my view Privacy by Design is not an oxymoron.  It does take a clear mind and persistence to achieve, with rewards for all, including the financial bottom line.  But we have more to do!
Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information. He was also foundation President of the International Association of Privacy Professionals, Australia New Zealand,


  1. digitrusteu

    July 23, 2010 at 8:29 am

    Privacy by Design

    A great presentation. I particularly appreciate your "what is" and "what is not privacy", as it shows that all four comments on privacy presented by these four gentlemen on your first slide are beside the point.

    Nevertheless, how good the thinking is on the principles and the excellent examples that demonstrate how it can be done, I feel that the real issue is the ref to Peter Hustinx’s remark: "we need to operationalise the concept". Indeed we now need to work on methods and tools that are generic enough to be usable, incl. tools for system designers and software developers. Such efforts using security patterns were done in the SERENITY project led by SAP. Maybe similar things can be done for privacy.

    Jacques Bus

    • Malcolm Crompton

      July 24, 2010 at 1:15 am

      Jacques – many thanks for the

      Jacques – many thanks for the observations and the kind remarks.

      Peter Hustinx is absolutely right.  That plus ensuring that there are sufficient incentives to seek out and then deply the operationalisation.

      I would be interested to know more about the SERENITY project:  I am sure that we are exposed to the risk of re-inventing the wheel if we don’t look at how similar problems have been addressed in other scenarios.

      Interestingly, it could possibly be the ‘next step’ that the initiatives by Ann Cavoukian at could usefully address.



  2. Susiem

    October 4, 2010 at 7:41 am

    Designing software with privacy in mind

    Although, unfortunatley, I didn’t see the presentation, I am totally in agreement with the concept of using privacy as a variable when designing technology.

    Privacy is a human right and not an afterthought.

    If software designers do not take privacy into account when designing a product, then retro fitting it at a later date (say for example when legislation catches up and dictates that it be included) will be costly both in development and customer satisfaction terms, so software designers and architects should be made more aware of this initiative.

    Susan Morrow

    Head of R&D Avoco Secure