At the heart of Privacy by Design is risk management. It is a way of building systems based on classifying data that must remain private, and acknowledging that data breaches happen when basic security measures and procedures are not in place at all levels of an organization or its development workflow.
These risks are mitigated by compartmentalizing and isolating systems that operates on different types of data or have different risk levels, using least privilege when accessing data or systems, enforcing strong authentication procedures, and requiring encryption when data is moving between systems or being stored.
Lastly, security checkpoints are embedded into each area of an organization to ensure that policies are being enforced and that people have a chance to discuss how to ensure data remains private.
Lisa Ohman
Head of Security at Unbounce