Today I payed very close attention towards a presentation held by Dr. Ann Cavoukian (Information and Privacy Commissioner of Ontario) at the Computer Science Club of the University of Waterloo/Canada where she explains „how to design software that properly protects users privacy“. She has also published the book entitled „Who Knows: Safeguarding Your Privacy in a Networked World.“ about these questions (see a Review).
She differentiates the terms „Privacy“ and „Security“ and emphasizes that security and privacy are NOT a zero-sum-game but can be designed to be a win-win-situation. I summed up her core statements graphically below.
The 7 Laws of Embedded Privacy (Click image to zoom!)
Interestingly she also refers to the german law of informational selfdetermination and refers to germany as a leader in data protection. She speaks about identity theft, and that there would be much less problems with it, if data was encrypted in databases.
See her full presentation captured on video here:
Get the Flash Player to see this video using Flash Player.
Why do I blog this? I think public and private IT has to find the best solution to protect the data of users to secure their business & future. I like to compare this with automobiles which got airbags to increase the security, the same kind of „airbag“-solution seems to be necessary for data-protection. Noone needs to get injured in his/her „privacy“ if there happpens to be some data-leakage or data-theft if some kind of encryption-airbag protects the users data in a data-crash-scenario.