privacy by default

Privacy by Default: It’s What It Sounds Like

7041 VIEWS

Privacy is an important feature in today’s software, and DevOps teams should be focused on it.

Privacy by Design, Privacy Enhancing Technology and Privacy by Default are all terms associated with privacy and software.

What do they mean, and how do they affect DevOps?

In my last blog post, I explained the meaning of Privacy by Design. In this post, I’ll discuss Privacy by Default and explain what it has to do with DevOps.

Privacy by Default and Privacy by Design

As I explained in my first blog, Privacy by Design is an approach to systems engineering which takes privacy into account throughout the whole engineering process.

So every new product developed should take Privacy by Design Principles into account.

On the other hand, Privacy by Default is more Ops-oriented.

It requires IT Operations to configure the privacy settings for its customers’ software in the strictest mode. To put it another way, no manual change to the privacy settings should be required on the part of the user.

This also implies a user’s consent must be provided when personally identifiable Information (PII) has to be shared with third parties (online, for instance).

So, Privacy by Default is an important part of the application of Privacy by Design in DevOps.

I will illustrate this with an example.

Privacy by Default: The social network example

Online social networks like Facebook are one of the best examples to illustrate Privacy by Default.

Imagine you have a social network account and you want to use one of its services.

The social network and its services say they are compliant with the Privacy by Default Principles.

To function correctly, the service only needs your name and email address.

It is not necessary for the service to publish your age, friends, location, etc. without your consent. If the service is compliant with the Privacy by Default Principle, it will only share your name and email address. All other PII will not be shared without the user’s consent.

If the social network service does share this PII, it is a serious breach of the Privacy by Default Principle, and it is not compliant with the Privacy by Default or Privacy by Design Principles.

To ensure this breach will never take place, the DevOps team should establish that in the service’s software, only the client’s name and email address should be accessible for third parties. And this should be a distinct user story—so every member of the DevOps team should have notice of this before going live.

Conclusion

Privacy by Default is an important part of Privacy by Design.

It requires the DevOps team to configure the privacy settings for its customers’ software in the strictest mode.

It also implies the user has to be asked for consent if the software wants to share data with third parties.
If this is not the case, the software is not compliant with the Privacy by Default Principle (and therefore, neither with the Privacy by Design Principle).


Cordny Nederkoorn is a software test engineer with over 10 years experience in finance, e-commerce and web development. He is also the founder of TestingSaaS, a social network about researching cloud applications with a focus on forensics, software testing and security. Cordny is a regular contributor at Fixate IO. LinkedIn


Discussion

Leave a Comment

Your email address will not be published. Required fields are marked *

Menu
Skip to toolbar