Skip to main content
Page load in progress

Privacy by Design

Privacy by Design (PbD) is a concept developed in the 1990s by Dr. Ann Cavoukian, Ontario’s Information and Privacy Commissioner.


What is Privacy by Design?

Dr. Ann Cavoukian, Ontario’s Information and Privacy Commissioner promoted this as an approach to designing privacy into any workstream, at the start rather than bolting on something as an after-thought or, worse, ignoring it altogether, ie. build in don’t bolt on.

There are seven foundation principles for Privacy by Design which are centred on making Privacy part of every project, doing it proactively and early and keeping the interests of users, ie. the person whose privacy is at the centre of the project, uppermost.

Benefits of taking a ‘privacy by design’ approach

Taking a PbD approach is vital in mitigating privacy risks and building transparency and trust. Doing this early on ensures that it is done effectively and efficiently by making sure the design of the initiative takes into account what will be required to achieve this safely.

Designing projects, processes, products or systems with privacy in mind at the outset can lead to benefits which include:

  • potential problems are identified at an early stage, when addressing them will often be simpler and less costly
  • increased awareness of privacy and data protection across Customs and
  • Customs, and any external partners, are more likely to meet legal obligations and are less likely to breach the Privacy Act.

How does Customs undertake Privacy by Design?

The starting point is for a project to undertake Privacy Threshold Assessment, which allows the team to look at their project and see what it means in terms of personal information. This may lead to the project undertaking a Privacy Impact Assessment (PIA).

A PIA captures the details around personal information, the risks the project may raise on this information, the mitigations that will be designed to control the risks as well as looking at the proportionality of the solution in terms of what, if any, intrusion on a person’s privacy balanced by the benefits the project provides.