Question

Database Design and Management Question: Determine the best practices in design, data use, and storage to ensure legal compliance.

Answer 1

Privacy by Design’s foundational principles were originally developed by Ontario’s info and privacy commissioner, Anne Cavoukian. As delineated by Cavoukian, Privacy advisedly asserts that the long run of privacy can not be assured exclusively by compliance with regulative framework. Rather, privacy assurance should become associate organization’s default mode of operation.

There area unit seven foundational principles of Privacy advisedly that facilitate firms integrate privacy into all aspects of its business. These seven principles are:

1-Privacy because the default;

2-Privacy embedded into design;

3-Full practicality – positive-sum, not zero-sum;

4-End-to-end lifecycle protection;

5-Visibility and transparency; and

6-Respect to user privacy.

7-Proactive, not reactive; preventative, not remedial

These principles address the increasing complexity of data usage, processing and storage at all levels and stages of a business as well as the associated consequences and effects. By adopting these principles, companies can help ensure that privacy and information security become an essential components of its technologies and business practices from the outset.

HOW IS CUSTOMER DATA MAINTAINED, STORED, COLLECTED AND SHARED?

To build and integrate privacy protections into a business model, companies should first understand their business models and how they will interact with their customers at every step of each transaction in their business. A company should consider evaluating and documenting how it collects, stores, maintains, and shares, or otherwise uses consumer data in its various technologies and sectors of the business. By understanding the data and technology involved at each step of the way, companies will be more likely to identify potential risks they face and may be in a better position to address and respond to customer concerns and legal requirements.

In December 2010, the Federal Trade Commission issued a report entitled, “Protecting Consumer Privacy in an Era of Rapid Change,” which encouraged companies to adopt a Privacy-by-Design approach. One of the key principles identified in this report is that companies should automatically protect any consumer data by default and from the outset.

Protecting data from the beginning and at all entry points of such data will decrease a company’s burden associated with regulatory, legal and legislative compliance. Privacy by Design also encourages companies to handle data in a transparent and visible manner, so that any representations they make to consumers about their business practices can be validated.

CONDUCT RISK ASSESSMENTS

Once companies have conducted internal evaluations of their data practices, companies should assess the risks associated with collecting, storing, maintaining and using such data for their particular business purposes. Companies should weigh the factors and business interests in using certain customer data for certain business purposes against risks associated with having a potential FTC enforcement action enforced against a company for failure to abide by federal and state privacy and information security laws.

Due to the advent of privacy-related litigation and agency enforcement actions, which have imposed significant monetary and other damages, companies should take precautions to undertake such risk assessments.

STAY APPRISED OF LEGAL DEVELOPMENTS AND REGULATIONS REGARDING PRIVACY AND INFORMATION SECURITY

The privacy legal landscape has and continues to change dramatically and quickly. It is not an easy task to stay apprised of all legal, regulatory, and legislative developments and enforcements regarding privacy and information security. Therefore, companies should seek advice of privacy experts and attorneys to identify and mitigate potential privacy risks present in their businesses.

By identifying such risks early, companies can mitigate detrimental consequences by building into their infrastructure and business specific means of addressing such risks, whether it is through the implementation of certain information security policies or building technical reinforcements in how they capture, store and use client knowledge.