When you’re designing an IT system, you don’t necessarily know where the vulnerabilities are. That’s why you need to carry out some solid risk assessment as part of the design process. That’s why you pen test before it rolls out.
The difficulty in assessing that risk is encapsulated in this famous Donald Rumsfeld quote: "... there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.”
Privacy is its own special beast though. While we recommend a robust security risk assessment, privacy is about more than just how secure the information is sitting in your systems and bubbling through your pipes. It’s about ensuring that if you spring a leak, the damage to people is minimal. It’s about designing things to only collect as much information as is necessary and to let people know what’s optional.
This kind of thinking isn’t always easy if you’re starting with a blank sheet of paper. That’s where privacy impact assessment shines. It comes in two models – Title Case or lowercase.
If you’re a big organisation, or this is a big project, capital letter Privacy Impact Assessment is the way to go. Dust off the Privacy Commissioner’s PIA Handbook and work over the project with a fine toothed comb. You want to do this partly to avoid complaints down the line, but mainly because good privacy is good business, and bad privacy can wreck you.
If you’re a nimble start-up and you think the risk to users is going to be minimal, a lowercase privacy impact assessment might be a better fit. You don’t need a formal, heavy document to have endless meetings about, you just want to know what you should be doing to design things properly. Our Getting Started tool should help here.
Privacy impact assessment forms a solid foundation for the concept of Privacy by Design. Privacy by Design aims to bake privacy into projects from day zero. It’s about finding the middle ground between ‘Move fast and break things’ and ‘move slow and hire lawyers’. It’s all about looking for win-win solutions that don’t trade off functionality for privacy or security.
The advantage of this approach is that you’re not caught scrambling to recode everything when someone points out a glaring privacy issue. Or worse, making a decision on how much privacy risk you can wear because you don’t have the resources to fix it properly. Instead, when somebody points it out, you can tell them you’ve already thought about that and draw their attention to the elegant solution.
Whatever approach you choose to take, you must remember to patch it. Privacy risks will evolve over time, so keep checking whether your initial assessment is still relevant.
This year we’re taking some time to look at our PIA resources and doing what we can to make them more user-friendly. If you think you’ve got some good ideas on how we can do this: get in touch!
This post was originally published on IITP’s Techblog.