Privacy by Design


Privacy by Design (PbD) is generally regarded as a synonym for Data Protection by Design. However, its use as a specific term was first outlined in a framework in the mid-1990s by then-Information and Privacy Commissioner of Ontario, Canada, Ann Cavoukian, with seven foundational principles.

  • Data protection must be considered from the start of the design phase of system development.
  • Companies must be able to show compliance with privacy considerations in system design and system access, e.g., collect and store only the minimum amount of personal data needed.

Privacy by Design – The 7 Foundational Principles

This document, authored by former Information and Privacy Commissioner of Ontario Ann Cavoukian, provides readers with additional information, clarification, and guidance on applying the seven foundational principles of privacy by design. This guidance is intended to serve as a reference framework and may be used for developing more detailed criteria for application and audit/verification purposes.


About Author

Senior IT Risk Analyst, Information Security and Assurance | Fordham University A Certified Information Privacy Professional/United States (CIPP/US) and Privacy Manager (CIPM) privacy professional who is a versatile and creative writer, fusing a background in communications and academics with expertise in business writing to deliver quality, customized material spanning technical, marketing, policy, and social media content. Creative, resourceful, and flexible, able to adapt to changing priorities and maintain a positive attitude, strong work ethic, and humor.

Comments are closed.