Privacy by Design by Legislation

Privacy is a key element in cyber security. Protecting personal data held and processed by cybernetic systems converges with other security principles, and may enhance data subjects’ and end-users’ trust in such systems, resulting in greater acceptance thereof.  Violations of privacy, on the other hand, will diminish trust, acceptance and efficiency of cyber systems. However, privacy and security are not fully congruent concepts, and at times, privacy requires taking measures that might limit the functionality and usability of technological systems.   How can a cybernetic system achieve the optimal combination of usability, security and privacy?

One answer is to take privacy and security into consideration from the very beginning and throughout the lifecycle of the technology in question. This is the idea of Privacy by Design (PbD).   PbD’s principles express the viewpoint that security is strengthened by PbD. The PbD approach to cyber-security was described by Ontario’s Information and Privacy Commissioner as a ‘paradigm shift’, from a zero-sum game where security is at the expense of privacy, to a positive-sum situation. For example, taking privacy into account when designing a new system would insist on minimal data collection without limiting functionality (‘Full Functionality’ principle), which requires that privacy not come at the expense of security or other product features.   The ‘End-to-End Security’ principle requires a design that will ensure the protection of data throughout their entire life-cycle.   The notion of Security by Design was suggested as the application of PbD to areas such as Enterprise Architecture and Software Security Assurance.  

However, it turns out that PbD is easier said than done. We identify one exception, which is when the law interferes and requires a PbD process. Given that at this point, many cyber systems are public or governmental, or are in fields that are typically regulated (such as the financial sector), PbD is especially relevant for cyber systems. Accordingly, we examine cases of PbD by Legislation, as opposed to PbD by market players.  We study a few cases from Canada and Israel. The goal is to identify the optimal conditions for a successful PbD for cyber systems. In Canada, the Ontario Lottery and Gaming Corporation is implementing facial recognition technology to identify addicted gamblers utilizing biometric encryption as a result of following the PbD approach.  In Israel, an example is a 2014 regulation as to the primary elections in political parties. The regulations set the exact manner in which a party can update its own registry of members, using the national registry of the population.  The process is to be conducted by the Ministry of Interior, after close inspection of various conditions, and in a way that is meant to assure that data is not leaked, that no excessive data is provided, and that integrity and data security are maintained.

The project’s goal is to identify the optimal conditions for a successful PbDbL.  The expected results are a better understanding of PbD, its cyber-security aspects, its challenges, and the conditions in which the ‘design approach’ may work, as well as identifying new challenges, to the extent we will find such, in the application of PbDbL. The expected conclusions would be relevant in determining the conditions under which the application of PbD to the design of cyber systems in general, and cyber security aspects more specifically, will succeed.