The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Ann Cavoukian, Ph.D., Founder and Chief Executive Officer (CEO) of Global Privacy & Security by Design, former three-term Information and Privacy Commissioner for Ontario, Canada, and author of “Privacy by Design: The 7 Foundational Principles.” The thoughts below reflect Ann’s views, not the views of her employer or Microsoft, and are not legal advice. In this blog post, Ann shares insights on how to better protect people’s privacy.
Brooke: What are the seven foundational principles of Privacy by Design?
Ann: When I joined the Commission, I had to train my lawyers on the need to be proactive relating to privacy and security. I wanted something that would ideally prevent privacy harms from arising.
I created Privacy by Design at my kitchen table over three nights. Privacy by Design was unanimously passed as an international standard in 2010. In 2018, a new law in the European Union, the General Data Protection Regulation (GDPR), included Privacy by Design. It’s been translated into 40 languages and not a week goes by when I don’t hear from some jurisdiction around the world. Brazil also included Privacy by Design in their new privacy law.
There are seven foundational principles to Privacy by Design. The first one is you’ve got to be proactive to prevent the harms from arising. Be preventative, not remedial.
The second one is privacy as the default setting. You don’t have to wade through all the terms of service and legalese referenced in your privacy policy to find the opt-out box saying do not use my personal information for any purpose other than for the intended primary purpose of the data collection. We give you privacy automatically!
The third principle is privacy embedded into design. I always say bake it into the code and into all of your operations. Make it one of those essential features that is always present.
The fourth principle is to reject zero-sum models—privacy versus security or privacy versus data utility. It’s one interest over another. It’s win-lose: reject this! Positive sum releases better outcomes, with privacy and security going hand-in-hand.
The fifth principle is end-to-end security. You must have full lifecycle protection, from end to end, in this day and age of daily hacking.
The sixth principle is visibility and transparency. If you keep what you’re doing open to your clients and citizens, they will assist you by increasing the accuracy and quality of the information.
The seventh principle is respect for user privacy. If you focus on users, all of this will work to your advantage again and again.
Brooke: With new privacy issues, how can governments and people protect identity data?
Ann: The growth of surveillance has been massive and digital identities are being explored. This terrifies me, because if your identity is digital, it’s not in your hands. Someone, usually in government, is controlling it. I read an article about the push for mobile drivers licenses. The second half was about identity theft. They’re pushing the Biden government for funding because of the identity theft that’s going to arise. Are you kidding me?
Instead of focusing on identity theft, focus on protections you can engage in digitally. End-to-end encryption is huge. There’s biometric encryption, which encrypts your biometric—your fingerprints, your facial image, your iris scans—in such a way that no one can gain access to it. If someone successfully hacks into it, they don’t get your biometric identity but whatever was biometrically encrypted.
It should be the obligation of the government that is demanding data from you to protect it. To expect individuals to know how to protect their data is expecting too much. I want everyone to put the brakes on digital identity and have conferences on how we can protect this data with biometric encryption and why that’s better than regular encryption. We must explore all of this, and we must do it now.
Brooke: Have there been any unique threats to privacy in the past two or three years?
Ann: Because of the pandemic, people are being forced to reveal their private health status. If you were required to reveal vaccine information, that’s a huge infringement of your privacy. Medical data is the most sensitive personal information in existence, and it belongs to no one other than you and your physician. To require members of the public to reveal their vaccine status is appalling and that’s been one of the things I’ve been fighting. Fortunately, the pandemic is lifting, and the restrictions are lifting but the worst thing is that you’ll be compelled to reveal your health data.
Brooke: What are the biggest barriers facing organizations today regarding privacy?
Ann: Often, there’s a chief privacy officer but they’re not part of the higher-level management team. When I talk to boards of directors and chief executive officers, I say, “You have to bring the privacy operation as an essential component of working with security and reporting to the CEO or to someone just underneath the CEO.”
The other thing I ask is, “Do you have a data map at your organization?” When data first comes into your organization, people consent to the primary purpose of the data collection. But then the data flows throughout your organization in a variety of ways, where secondary uses are often made of the data. If you have a privacy map, you see how the data flows from one department to another. Are additional consents required because a use is secondary or are these uses intertwined with the primary purpose?
Brooke: Will governments around the world be able to keep up with emerging technology?
Ann: Absolutely not. They need to rely on private sector companies advancing in these areas. I searched for “biometric encryption” and 10 companies are leading on this globally so there are a lot out there that governments can access, but they’ve got to do that.
The Germans developed a term called “informational self-determination” that means it should be the individual who determines the fate of their personal information. It’s no accident that Germany is the leading privacy and data protection country in the world. They had to endure the abuses of the Third Reich and when that ended, they said never again will we subject our population to those kinds of abuses. They have enormous privacy laws at the state level. All these privacy commissioners at the state and federal levels get together for conferences twice a year. They’re amazing.
Brooke: What are the biggest privacy vulnerabilities?
Ann: A lot of times, it’s law enforcement. The police say there’s been this problem and we need access to your data. Companies generally just readily give it. I urge them not to do that. At first, they’re shocked when I say that. If law enforcement has a legitimate need for the data, namely probable cause, they can then make their case to a judge. The judge will give them a warrant and then you know it’s legitimate and have total authority to give it to them. You can’t be taken to court by customers because you had to do this. That’s the same with other departments that might come knocking at your door, like companies you’re doing work with or third parties. Any data collection and data disclosure must be authorized.
Brooke: Is there any good reason to infringe upon privacy to do surveillance on someone?
Ann: I don’t think there is any great reason. Law enforcement understandably requires information at times, but they should always go to court to get a warrant.
A facial recognition company was collecting 3.3 billion facial images scrubbed from the web and selling it to law enforcement agencies all over the world. The police were buying this up. When the chief of police in Toronto learned that his police officers were buying this data, he stopped it immediately. The company has been stopped now in Canada. I want other governments to do the same.
You can’t have this underhanded, quiet surveillance taking place by the government or by private sector entities. When people in government collect information, it’s supposed to be for a particular purpose and not for whatever purposes they want. Surveillance is abounding now, and surveillance is the antithesis of privacy. We must get it under control.
Learn more
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.