Built for privacy

Protecting civil liberties is not usually top-of-mind for high tech start-ups. In information and communication technology (ICT), success has come from solving business problems, satisfying consumer wants and globalizing commerce. Yet, in a post-9/11 world, ICT stands at the centre of controversy about the limits to personal privacy.

The information age has spawned a host of potentially intrusive applications – from web-based networking sites to biometric screening and video surveillance. The question is whether these technologies can do their jobs without compromising an individual’s right to determine how personal information is shared.

Today the debate about privacy is becoming highly polarized. For some, horrifying terrorist attacks and near-misses mean that a loss of privacy is inevitable. It’s a price that must be paid for public security.  For others, the digitized capture, storage and use of personal information poses a serious threat. In the wrong hands it can lead to institutional coercion and inappropriate disclosure of private conduct. The divide between the two opposing camps has meant that privacy versus security is seen as a zero-sum game. And advanced technology is the battleground.

Enter Ontario’s Information and Privacy Commissioner. In the 1990’s Commissioner Ann Cavoukian coined the term Privacy by Design. Since then, Dr. Cavoukian and her team have partnered with industry leaders to build the concept into a credible business practice. Privacy by Design rejects the zero-sum equation and argues that breakthrough technologies can embed privacy safeguards and meet security standards at the same time. Privacy-enhancing technologies have design principles that are privacy-protective while making it unnecessary to trade off security goals. This approach places the onus on technology firms to identify risks and build in responsible controls that reduce the need for individuals to protect themselves.

Seven foundational principles are at the heart of Privacy by Design:

1. Proactive and preventative, not reactive
2. Privacy as the default
3. Privacy is embedded into design
4. Fully functional – positive-sum, not zero-sum
5. End-to-end life cycle protection
6. Visibility and transparency
7. Respect for users’ privacy

For new tech ventures, embedding privacy in technology architecture is a strategic way to create smart products, address customer concerns and deal with important compliance issues up front. Companies that take this integrated approach gain competitive advantage by being able to offer customers secure  environments and sound risk management as well as product functionality. This is a big plus whether you are a technology supplier or retailer.

At Privacy by Design: The Gold Standard, a  recent conference convened by the Commission, companies advised by MaRS and TechAlliance showcased their privacy enhancing technologies:

• Bering Media’s privacy architecture enables location-based advertising across any website without disclosing the identity or location of the subscriber
• CognoVision helps companies measure the effectiveness of in-store marketing and understand shopper behaviour through anonymous face detection and people-tracking software
• ConnectedN offers a private and secure “members only” social media platform that allows employees or members of a group to share their views with peers without identifying the original contributor
• PrivIT Healthcare provides client control over personal information through encryption processes that embed the ownership and access rights into the information at the time the data is collected
• Skymeter provides an in-vehicle road-use meter that preserves driver anonymity and restricts access to personal data while calculating fees based on when, how far and where a vehicle travels and parks

These companies showed that embedding privacy in technology is a differentiating factor that has marketplace value. So, it’s no surprise to learn that in the MaRS ICT practice, Privacy by Design in integrated into the advisory process for start-ups, from early stage to more mature ventures.

As the Privacy by Design movement has evolved, the message to technology companies is clear. Protecting personal freedoms makes good business sense.

For more information, check out www.privacybydesign.ca