Incorporating Privacy by Design in a Software Development Life-cycle

Author : Raajveer Loyal

Cybersecurity Live - Boston

With digital transformation being a key driver in how data is used and shared across systems to help drive innovation as well as improve customer experiences, privacy continues to be an important concern.

The introduction of new privacy regulations such as GDPR in Europe and the soon to be launched CCPA in California have been designed to protect consumer’s privacy rights. It can be said that data privacy and security are integral to each other, so these two important factors should remain at the forefront throughout the software development life cycle.

Key Principles behind Privacy by Design:
Renowned data security expert Ann Cavoukian developed the concept of “Privacy by Design,” which calls upon privacy to be considered throughout the entire engineering process, with a formal framework published in 2009, in which she stated that:

“Privacy must be incorporated into networked data systems and technologies by default. Privacy must become integral to organizational priorities, project objectives, design processes and planning operations. Privacy must be embedded into every standard, protocol and process that touches our lives.”

New call-to-action

The framework itself has been adopted by several governments as well as industry bodies around the world. Additionally, it was included within the GDPR regulation. The seven key principles behind the Privacy by Design framework are:

  1. Proactive – Not Reactive – Preventative not Remedial – Instead of waiting for privacy risks to occur, aim to prevent them occurring in the first place.
  2. Privacy as Default – Privacy should be in-built into a system; an individual should not have to act in order to maintain his or her privacy.
  3. Embedding Privacy into Design — Privacy is an essential component when it comes to core functionality and should not be considered as an after-thought.
  4. Full Functionality – All legitimate interests should be accommodated. Avoid the pretense of having a privacy/security trade-off.
  5. End-to-End Security Lifecycle — Privacy extends throughout the lifecycle of data from collection to retention and at the end of the process.
  6. Visibility and Transparency – Ensuring that component parts and operations are visible and transparent to both the providers and users.
  7. The Respect of User Privacy – The interest of the user should be the top-most priority, and measures should be in place to offer strong levels of privacy, as well as user-friendly options.

The Adoption of a DevOps Model within Privacy By Design:
A lot of organisations are moving to a DevOps model, adopting practices which incorporate software development and IT operations in order to shorten a software development lifecycle, which then enables continuous integration, as well as continuous delivery.

While at its heart the principles of Privacy by Design are about design, it is important that privacy considerations are taken into account throughout the entire development, testing, and deployment process. This would involve adding privacy checks, tests and gates throughout the software development lifecycle. This also means embedding privacy into your security as best practice.

Liberating Sensitive Information:
The recent World Economic Forum Global Risk Report detailed the greatest risks to the global economy, and for organisations that are on the receiving end of these threats the impact can be profound. Protegrity can help organisations liberate sensitive information by protecting the data itself, whilst maintaining referential integrity of datasets, learn how in our e-book: Privacy By Design: Balancing Defence -In-Depth With Advanced Analytics.

*** This is a Security Bloggers Network syndicated blog from Blog – Protegrity authored by Raajveer Loyal. Read the original post at:

API Poll

Step 1 of 5

Do you have an API security project in 2022?