When I first heard the term ‘privacy by design,’ my first thought was a cybersecurity tool in Millenial pink and maybe some clean lines. As a marketer, the second I hear the word ‘design’ I immediately begin thinking about how a product looks, what style of UX is being implemented, the go-to-market strategy and elements that are traditionally related to design. I realize I may have missed the mark on this term but I have come to embrace the idea of privacy by design and now believe it is an important part of the building of any tech infrastructure (and if it happens to be in Millenial pink that’s okay too.)
If privacy by design is not related to traditional design, what does privacy by design mean? In simple terms, privacy by design is essentially building proactive measures around privacy rather than being reactive. In essence, when developing a product or infrastructure, privacy should be built into your system by default instead of being an afterthought or something that is patched in after there is a leak or something goes wrong. This creates a proactive privacy environment by building a level of security into everyday products and tools so that the end-user can easily go about their day to day and not have to be reactive around privacy concerns.
Although this all sounds very simple in reality it isn’t. Although regulation changes are known well in advance, foundational principles aren’t always followed. If you are a cash strapped startup trying to make ends meet, building all of these principles into your product might not be a priority at that moment. This is problematic because as you scale, you may need to go back and do the work to land a key client or even just to be up to snuff with the regulation. At the end of the day, I always find it better to build the principles in from the outset rather than wait and potentially have to spend more money than it would have taken if you’d done it from day one.
I highly encourage product managers and developers to have the privacy conversation from day one with their products. Look at who you are potentially selling to, have a conversation with them around what checks and balances they need and figure out how to work that into your product. There is nothing more depressing than getting a meeting with a key client only to be told you can’t even plug into their system because your product doesn’t have X, Y or Z.
I will be the first person to admit I’m a bit of a privacy and cybersecurity nerd (seriously I could and have in the past talked about KYC and AML practices for hours on end!). If you aren’t like me and trying to build a product I’d advocate for having the privacy conversation with your team and ensuring that it is within your roadmap. A principle that has always resonated with me is Privacy as the Default. This should be prevalent within our tech infrastructure, privacy should be a top priority and as you build your security infrastructure remember is privacy the default?