Ryerson, Deloitte partner to offer privacy certification
Setting a new standard in privacy protection
Protecting the personal and confidential data of customers, employees and business partners is becoming an increasingly challenging task. Organizations want to innovate and adopt new technologies to drive insights and better decision-making for trending and analysis, and they need to differentiate themselves in an extremely competitive marketplace where speed-to-market is an imperative. At the same time, they must comply with stringent privacy regulations that can vary in each jurisdiction where they operate.
Add to those challenges the emergence of an environment in which knowledge workers feel the need to share information more readily — increasing the likelihood of security and privacy breaches — and newly fluid organizational boundaries that make it difficult to track how, where and by whom information is being stored, managed and accessed.
In this complex electronic business environment, determining how to best protect the privacy of those who have entrusted you with their personal information can be a formidable undertaking.
That’s where Privacy by Design comes in. It’s an internationally recognized framework based on the premise that privacy should be proactively embedded into the design, operation and management of IT systems, networked infrastructure and business practices. And thanks to a new partnership between Deloitte and Ryerson University, you can take that to the next level: certification.
Having your privacy practices verified by an independent party not only demonstrates your commitment to privacy but also gives you a strong competitive advantage.
Here are the details:
Privacy by Design is about building privacy into the design, operation and management of a given system, business process or design specification. It’s based on seven foundational principles:
- Be preventative, not remedial. Anticipate and prevent invasive events before they happen, not scramble to manage after a breach.
- Lead with privacy as the default setting. Ensure personal data is automatically protected; don’t require users to take extra steps to do so.
- Embed privacy into the design. Privacy measures should be fully integrated components, not added on later.
- Retain full functionality. Privacy and security are equally important; neither should be compromised for the other.
- Ensure end-to-end security. All data should be securely held while it’s needed and destroyed when it’s not.
- Maintain visibility and transparency. Assure stakeholders that business practices and technologies involved are transparent to the end-user and subject to independent verification. Remember: it’s not your data.
- Respect user privacy. Individual interests must be supported by strong privacy defaults, appropriate notice and user-friendly options.
Treating privacy as a business issue avoids the risk of reputational damage should a privacy violation occur, and it is much easier and more cost-effective to build the right privacy and security defaults into a new technology from the outset than have to introduce costly retrofits.
Certification has its rewards
Ensuring privacy and security through every phase of the data lifecycle has become critical for avoiding legal liability, preserving customer confidence and reducing the likelihood of fines and penalties from privacy breaches. There is no such things as 100 percent privacy or security, but the Privacy by Design approach focuses on prevention, vigilance and resilience. And because Privacy by Design maps to accepted fair information practices and international privacy standards, regulatory compliance is almost assured no matter where in the world you operate.
How it works
Ryerson handles applications and issues certificates, while Deloitte’s privacy and information security professionals conduct the initial assessment. Far from a tick-the-box compliance exercise, this involves testing your privacy controls against a well-defined set of measurable criteria and illustrative controls, developed by Deloitte professionals. We’ll also assess the strength of your practices against internationally recognized privacy principles.
Proven protection, competitive edge
Organizations can’t afford not to protect the privacy of their customers, employees and business partners. By subjecting your privacy controls to a multi-disciplinary team of privacy and security experts, you can demonstrate good due diligence and vigilance by limiting any potential liability and reputational damage associated with privacy infractions.