PERSPECTIVE
A Strategy for Operationalising Privacy by Design
Inga Kroener and David Wright
Recent controversies surrounding privacy have sparked a move by regulators towards the idea of privacy by design (PbD), a concept pioneered by Ontario Information and Privacy Commissioner Ann Cavoukian. Industry has also started to recognise the importance of taking privacy seriously, with various PbD corporate initiatives currently underway. However, some commentators have criticised PbD for being too vague. Using three case studies and a range of best practice examples of PbD, privacy impact assessments (PIAs) and privacy-enhancing technologies (PETs), this paper addresses the gap between the abstract principles of PbD and their operationalization into more concrete implementation guidelines for software engineers.