Ultimate Privacy by Design Master Course (GDPR, CCPA, Etc.)

Protecting private information has vital and obvious implications for everyday life, and the only way companies can successfully do this is to create a culture of privacy. The only solution—the only way to change people’s behavior—is to embed privacy in the very fabric of the organization. That is why Privacy by Design, a decades-old application design, and development strategy, is now being discussed as a foundational strategy for entire organizations. The original goal of Privacy by Design was to develop best practices that ensured application developers were building privacy into their products from the ground up. Even if concern for customer or employee privacy was not the highest priority, there was always profit—it is very expensive to re-engineer privacy into a product following a failure. Today, these best practices are more important than ever. Increasing amounts of data have created an ever-expanding attack surface, and complex new regulations demand a foundational approach to privacy. In fact, Article 25 of the GDPR is titled “Data Protection & Privacy by Design and by Default.” Organizations face an ever-growing number of attack vectors related to privacy, including the internet of things (IoT), government and business data over-collection, and unread mobile app permissions such as allowing scanner apps to keep and sell the data they scan.

This course is not about the GDPR, though it can certainly be used as a process for data protection & privacy by design and default (Article 25 of the regulation). Most probably, you are already enrolled in my bestseller “Build EU GDPR from the scratch course” which goes for GDPR from all perspectives. This course is not meant to comply with any specific regulation, though the use of the correct privacy-by-design process herein will help organizations comply with many regulations. This course is about how to build better processes, products, and services that consider individuals’ privacy interests as a design requirement. It is about how to build things that people can trust.

There are four sections I have created. Section 2 provides introductory remarks, including an introduction to Ann Cavoukian’s 7 Foundational Principles of Privacy by Design, a short history of regulatory adoption, and past challenges that privacy-by-design practitioners have faced. Given its 10-year history in the privacy professionals’ community, many readers may already be familiar with Cavoukian’s principles. This section also contains something most privacy professionals, outside academia, may not be aware of. Here I discuss what I feel is the impetus for why companies must build privacy into their processes, products, and services and not rely on individuals’ self-help to protect their own privacy.