Design for Privacy

Last updated: September 26, 2024

Overview

The Privacy by Design framework is widely recognized as an innovative model for proactively designing systems, business processes, and information ecosystems with privacy in mind. Building on the Fair Information Practice Principles [1], Privacy by Design advances a design-thinking mindset that makes it easier to meet evolving legal requirements and ethical obligations in a world that is data-driven and experiencing rapid technological innovation [2].

Privacy by Design is closely aligned with the UW’s values and Privacy Principles, centering respect for the well-being of the individuals whose data are used to fulfill our academic, research, and healthcare missions. It encourages the incorporation of privacy by default throughout the information lifecycle: from collection to creation to disclosure or destruction. As UW units develop new tools, systems, and services, Privacy by Design encourages the University personnel to understand humanitarian, ethical, and legal obligations when it comes to individuals’ privacy and to implement appropriate privacy practices.

The Privacy Office incorporates the Privacy by Design framework into the development of the guidance, workflows, and templates throughout the Take Action section of the website. The guidance on this page provides the resources to learn more about Privacy by Design.

Benefits

The Privacy by Design framework supports all areas of the University by:

  • Educating UW personnel about a design-thinking approach to implement privacy practices into third-party relationships, systems, and business processes.
  • Efficiently and effectively protecting individuals’ personal data.
  • Supporting efforts to minimize risk of harm to individuals while meeting legal and ethical obligations.

Where to start

The UW Privacy Office encourages UW units and personnel to integrate privacy into decisions when engaging third parties, implementing new or enhancing existing systems, and developing new or improving existing business processes. Doing so in the early stages is efficient and is more effective at mitigating risk and protecting individuals’ personal data than trying to retroactively incorporate privacy.

Step 1: Review UW’s Privacy Principles

The UW’s Privacy Principles are a helpful foundation to refer to when learning about Privacy by Design and beginning to think about the privacy practices that are relevant to your unit. Whether you are new or familiar with privacy concepts, they can be a helpful reminder of the UW’s priorities.

Step 2: Learn about the Privacy by Design framework

Learn more about Privacy by Design [pdf] to familiarize yourself with the seven foundational principles and strategies for implementing them. Gain insight into the strategy and approach the UW Privacy Office takes to design support resources and guidance.

Step 3: Refer to the Take Action menu to begin incorporating Privacy by Design

The privacy practices presented on our Take Action menu represent proactive steps UW personnel and units can take to operationalize Privacy by Design concepts within their third-party relationships, systems, and business processes.


References

[1] The Fair Information Practices Principles originated in a 1973 Federal Government report from the Department of Health, Education, and Welfare Advisory Committee, “Records, Computers and the Rights of Citizens.”
[2] The development of the Privacy by Design framework is credited to Ann Kavoukian, the former Information and Privacy Commissioner for Ontario, Canada.