Ultimate Privacy by Design MasterCourse (GDPR, CCPA etc)

!!!! 2020 – follows the guidelines of CIPT and CIPM certifications by IAPP (v.2020)

—————————————————————————————————————————–

5+ hours video content

60+ lessons

—————————————————————————————————————————–

Protecting private information has vital and obvious implications for everyday life, and the only way companies can successfully do this is to create a culture of privacy.

The only solution — the only way to change people’s behavior — is to embed privacy in the very fabric of the organization. That’s why Privacy by Design, a decades-old application design and development strategy, is now being discussed as a foundational strategy for entire organizations.

The original goal of Privacy by Design was developing best practices that ensured application developers were building privacy into their products from the ground up. Even if concern for customer or employee privacy wasn’t the highest priority, there was always profit — it is very expensive to re-engineer privacy into a product following a failure.

Today, these best practices are more important than ever. Increasing amounts of data have created an ever-expanding attack surface, and complex new regulations demand a foundational approach to privacy. In fact, Article 25 of the GDPR is titled “Data Protection & Privacy by Design and by Default.”

Organizations face an ever-growing number of attack vectors related to privacy, including the internet of things (IoT), government and business data over-collection and unread mobile app permissions such as allowing scanner apps to keep and sell the data they scan.

This course is not about the GDPR, though it can certainly be used as a process for data protection & privacy by design and default (Article 25 of the regulation). Most probably you are already enrolled in my bestseller “Build EU GDPR from scratch course” which goes for GDPR from all perspectives. This course is not meant to comply with any specific regulation, though use of the correct privacy-by-design process herein will help organizations comply with many regulations. This course is about how to build better processes, products and services that consider individuals’ privacy interest as a design requirement. It is about how to build things that people can trust.

There are four sections I have created. Section 2 provides introductory remarks, including an introduction to Ann Cavoukian’s 7 Foundational Principles of Privacy by Design, a short history of regulatory adoption and past challenges that privacy-by-design practitioners have faced. Given its 10-year history in the privacy professionals’ community, many readers may already be familiar with Cavoukian’s principles. This section also contains something most privacy professionals, outside academia, may not be aware of. Here I discuss what I feel is the impetus for why companies must build privacy into their processes, products and services and not rely on individuals’ self-help to protect their own privacy.

For those not familiar with the Solove Taxonomy of Privacy or the Hoepman Strategies, most probably the majority of you, Section 3 is a must. The two frameworks form the basis for identifying and mitigating privacy risks in the privacy model developed in that section. Section 4 describes how to analyze the privacy model built in Section 3.

In the analysis section, a risk model is built using the Factor Analysis of Information Risk with a focus on individual risks over organizational risks and tweaks in the terms and definitions for privacy beyond information security. Designers may never need to determine privacy risk explicitly but understanding the factors that influence privacy risk provides a deeper understanding of why the process is built the way it is. The last section, Section 5, details the design procedure, while using the other sections as reference