Privacy by Design or Privacy by Default (PbD) is not a new concept. However PbD received renewed attention when the GDPR added PbD as a legal requirement. PbD refers to the process of building in technical, organizational and security measures at the beginning stage of product development and throughout the product lifecycle.
A look inside PbD at Red Hat
Instead of developing a product and then asking: Is this product secure? Do we respect privacy rights? PbD requires developers to ask and answer these questions at the start and throughout the development process. PbD also requires developers to collaborate with colleagues from other areas of the business who have expertise in privacy and security compliance.
PbD fits in very well with Red Hat’s commitment to the open source way. Asking questions in a collaborative nature and on a continuous basis are key tenets of open innovation at Red Hat.
Privacy Engineering by Design
One PbD tool we use to build in privacy to our development process is our Privacy Impact Assessment, also known as a PIA. The PIA is a process which assists developers at the early stages in identifying and mitigating privacy risks associated with the collection and use of personal data.
The PIA tool begins with a self assessment that asks a lot of questions about the planned project or product. This initiates a process of review by individuals trained in privacy and security. The process is collaborative and creates an on-going dialogue about privacy with respect to the product, system or application at hand.
Collaboration Across Departments
New or updated privacy laws are being introduced and enacted in states, regions and countries across the world (see our March Blog on this topic). The result is a rather complicated web of privacy laws which vary depending on geography, industry and the type of personal data at issue.
As we hinted above, collaboration is a key part of PbD at Red Hat. At Red Hat, we have a team dedicated to monitoring and evaluating new privacy laws and assessing how such laws impact our our offerings and our PbD tools, such as the PIA process. The team is made up of individuals who focus on privacy and data security from departments such as InfoSec, IT, Engineering, Customer Engagement and Legal.
Understanding privacy issues within and across an organization helps build a foundation that keeps data security and privacy in the conversation throughout the development lifecycle. Raising and addressing privacy considerations in the design phase also helps Red Hat offer products and services that meet the needs of our customers.
Visit our Trust Red Hat page to stay connected on topics such as security, compliance and privacy.
About the authors
Jamie Parker is a compliance and privacy expert within Red Hat's products and technologies organization. She is passionate about data protection and privacy. Before joining Red Hat, Parker spent 12 years at Cisco Systems transforming business processes. Her focus was policy governance, regulatory compliance, internal audit, customer data protection, and privacy.