How We Apply the 7 Principles of Privacy by Design

May 15, 2020 | Privacy & Security

Achieving great privacy outcomes does not happen by chance. It requires thoughtful, informed design. Most importantly, privacy management demands an interdisciplinary, systems engineering approach because it spans:

  • the entire data lifecycle—acquisition, use, storage, retention and disposal
  • multiple teams with differing objectives (e.g. product management and engineering, user support, sales and marketing finance, risk and compliance)
  • multiple control domains (e.g. technical, administrative, legal).

This systems engineering approach to privacy is known as Privacy by Design.

Privacy by Design is based on 7 principles

Privacy by Design is a methodology originally developed by Ann Cavoukian in 1995. It takes a broad view of a system and its data relative to seven principles:

  1. Proactive not reactive; preventive not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality—positive-sum, not zero-sum
  5. End-to-end security—full lifecycle protection
  6. Visibility and transparency – keep it open
  7. Respect for user privacy—keep it user-centric.

The longevity of these principles reminds us that consumers and their desire to protect their privacy is not new. The sheer number of data breaches confirms that implementing these principles is far from commonplace. 

Anonyome Labs implements each of the 7 principles

Anonyome Labs is founded on the principles of Privacy by Design. We apply its 7 principles to designing, building and operating MySudo app and Sudo Platform—our privacy enhancing technologies

Let’s take a closer look at how we apply these principles:

Proactive not reactive; preventive not remedial

Our Risk and Compliance team conducts regular internal data protection reviews to confirm we are delivering on our privacy commitments. We follow the development of emerging privacy regulations around the world, so we can plan for how we will meet or exceed them.

Privacy as the default setting

When a user accesses our products, we ask for very little information from them. If we don’t need the information to provide a service or meet an external regulation, we don’t ask for it, and therefore we can’t possibly misuse or inadvertently disclose that information. As well as this intrinsic privacy-by-default characteristic, our products allow our users to access other online services in a more private way via Sudos—customizable digital identities that intentionally differentiate from the user’s legal identity and therefore limit the disclosure of that highly sensitive information. 

Privacy embedded into design

Ever since we established our company in 2014, we’ve thought about the ‘data protection triad’ and how we could achieve:

  1. Data minimization—How will we limit the data we need to collect, process and store?
  2. Data security—How will we reduce the risk of that data ever being breached?
  3. Impact reduction—How will we limit the impact to our users if data is ever breached?

Like I said, we limit the personal information we collect from users for them to use our products. A user never has to provide their existing phone number, email address, or contacts when they register to use MySudo. For the information we do collect and process, we extensively use encryption and pseudonymization to protect the data.

Full functionality—positive-sum, not zero-sum

Each of our products is designed with privacy and data protection top of mind. There are no trade-offs or classes of service based on how much or how little personal data a user is willing to share with us, unless it is required for regulatory compliance (e.g., virtual cards). Further, our products help people increase their privacy when interacting with other online services as they shop, sell and socialize. 

End-to-end security—full lifecycle protection

We build our privacy enhancing products on strong security foundations so we can achieve the data protection triad described above. In most cases, we protect users’ data so that it is not even visible to our own employees. For example, we encrypt email and SMS messages from outside the MySudo system such that only the MySudo user can view them. Email, SMS messages and phone calls between MySudo users are always end-to-end encrypted.

We also carefully consider data retention. For MySudo, we have defined data retention periods for the user data we hold; indefinite retention is never acceptable. Sudo Platform customers can configure data retention requirements based on their business requirements.

Visibility and transparency—keep it open

Our privacy policy is as a way to build trust with our users. We are transparent about how we protect data. For the MySudo app, we also provide detailed security and privacy FAQs on our support site, which give more detail. We regularly update these FAQs in response to our users’ questions.

As well as private support requests, we also offer a collaborative community in which users can give feedback and suggest future product features.

Respect for user privacy—keep it user-centric

We are a company founded specifically to solve problems in privacy and cybersafety for consumers, with direct solutions for consumers via MySudo and for the consumers of our brand partners via Sudo Platform. Our users’ personal information and the content they create are not ‘our product’ and never will be. Internally, we have a great team of people who share the perspective of our most privacy-sensitive users.

If you ever have questions about Anonyome Lab’s privacy by design practices, please contact our responsive and helpful support team anytime.

You May Also Like…