Managing Privacy by Design in modern technology

Description

This course delves into the concept of Privacy by Design (PbD) and provides practical strategies for managing privacy considerations throughout the development and implementation of digital products and services.

Throughout the course, participants will explore the fundamental principles and frameworks that underpin Privacy by Design. They will gain a deep understanding of privacy laws, regulations, and standards, both at the domestic and international levels, such as the General Data Protection Regulation (GDPR). Students will also examine emerging trends and best practices in privacy protection, including privacy-enhancing technologies, consent management, data minimisation, and user-centric design.

The course places a strong emphasis on the application of Privacy by Design principles in real-world scenarios. Participants will learn how to conduct privacy impact assessments, develop privacy policies and practices, and establish privacy governance frameworks within organisations. They will explore strategies for embedding privacy considerations into the design and development processes, ensuring that privacy is integrated from the ground up rather than an afterthought. Additionally, the course covers the management of privacy risks and incidents. Students will learn how to identify and mitigate privacy risks in various technological contexts, including cloud computing, Internet of Things (IoT) devices, social media platforms, and mobile applications. They will also gain insights into effective incident response strategies, breach notification requirements, and the establishment of a culture of privacy within organisations.

Throughout the course, a multidisciplinary approach is emphasised, drawing upon legal, technical, and ethical perspectives. 

Note: The course curriculum may be subject to adjustments and updates to reflect the evolving landscape of privacy regulations and technologies.

Purpose of the Training

By the end of this course, participants will be equipped with a comprehensive understanding of Privacy by Design principles and the practical skills necessary to navigate privacy challenges in modern technology. They will possess the ability to develop and implement privacy-centric strategies, ensuring compliance with privacy regulations and building trust with users and stakeholders in an increasingly privacy-conscious world.

Course Content

• Data Protection Principles
  • o From OECD/GDPR et al
• Data Lifecycle approach and considerations
  • o Collection, Use, Secondary Use,  Storage, Disclosure, Access, Retention through to Disposal
• Low Maturity vs High Maturity approaches to Data Protection
  • o Different approaches and the return on investment

• Privacy by Design Principles
• Based on Ann Cavoukians' work
• Taxonomies of harm
• Based on Daneil Soloves' work
• Stakeholder Value sensitive design
• Understanding stakeholders
• Understanding tensions
• Making compromise
• Frameworks and Risk Models overview
• Legal/Compliance
• Standards
• Frameworks
• Data Protection Impact Assessments
• When to assess
• What to assess
• How to assess
• Examples
• Action plans
• Review
• Process and Data Orientated Strategies
• Minimise, Separate, Abstract, Hide
• Enforce, Demonstrate, Inform, Control
• Case studies
• Key risks with new technology types 
• Cloud, AI, IoT, Mobile/Geolocation,  Anthropomorphism, Automated Decisions,  Scale and Reach, Big Data (Volume, Velocity, Variety).