Privacy by Design

"Privacy by Design" is the latest must-read document produced by the Information Commissioner's Office.

After a brief consultation period, the Information Commissioner's Office (ICO) has published its report on Privacy by Design to address the general lack of data protection and privacy safeguards. The report was prepared by Enterprise Privacy Group on behalf of the ICO and examines why good privacy practices are not being applied, what can be done to remove these barriers and how to build good privacy principles into all stages of the information systems development and data management life cycles.

Although the concepts relate to an organisation-wide approach for public or private bodies, everything is relevant to the development of an individual web application. Like any form of security the report recommends that measures - privacy enhancing technologies (PETs) - are built in from an early stage and not added on as an after thought. The report also advocates the use of privacy impact assessments (PIAs) and designing privacy protection into the business case for projects - all good stuff.

Update later on 28th November 2008: Bob Lewis has published an article today in Computer Weekly on how to respond to a data security breach and thus protect the people whose data has been lost and, where possible, the organisation's reputation and data. The useful suggestions should be tailored to your own organisation's requirements. For a web site or web application it may be difficult to identify when a breach has occurred and what data has been lost - this is where logging and monitoring can be of assistance. But remember, if you don't collect the data in the first place it can't be misplaced.