ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Why Privacy by Design Is a Stride Toward Consumercentric Design

Why Privacy by Design Is a Stride Toward Consumercentric Design

Sudhakar Sathiyamurthy, CISA, CRISC, CGEIT, CIPP, ITIL (Expert)
| Published: 10/9/2017 3:05 PM | Category: Privacy | Permalink | Email this Post | Comments (0)

Sudhakar SathiyamurthyData are emerging as forms of capital in every industry, and data are also the most coveted asset. The forces affecting business operations drive organizations to hunt and gather data, and, in due course, shape them into reservoirs and refineries of giant data. In a typical organization, data of all types, including personal information, free flow across physical and virtual clusters, reflecting lowered barriers to data movement. This free flow of personal information results in a degeneration in what consumers refer to as privacy-friendly business. It is not uncommon that data-rich organizations struggle with responding to covert attacks and information thefts on one side and cleaning up the mess of accumulated data on the other. In some ways, the organizational digital doctrine emulates the natural history metaphor, “the struggle for privacy and survival of the protected.”

Taking a closer look at some of these organizations would reveal that the core products and services that control and process the wealth of data would have traditionally satisfied the business need but have fallen short of addressing consumers’ right to privacy. Privacy by design, in a nutshell, aims to embed privacy and data protection principles into the products and services from the very design process when they are modeled and architected. However, in a real-world scenario, integrating privacy requirements into products and services is not a straightforward affair. Setting up a leading-edge program of privacy by design is often challenged by the following representative influences:

  • Tangible design and engineering strategies still remain unclear for many organizations.
  • Many legacy solutions are poorly suited to address the emerging class of privacy risk.
  • Products and solutions are sometimes rushed to market for competitive reasons without considerable thought to privacy.
  • Institutional knowledge of personal data elements and organizational data flow is sometimes limited.

While there are some known challenges to overcome, and privacy by definition is not consistent across geographies, privacy-friendly design is now the expectation of new generations of consumers who drive business dynamics. Privacy by design is a stride toward consumercentric design that empowers users to exercise their right to and over their own information.

My recent Journal article expands on this topic and outlines the key principles for modeling privacy by design, using blockchain technology as an example.

Read Sudhakar Sathiyamurthy’s recent Journal article:
Design With the End in Mind,” ISACA Journal, volume 5, 2017.


There are no comments yet for this post.