Cyber for MEL

Privacy by Design

June 20, 2022 by Andrea Kornfeld

Planning required before collecting data

Before you start collecting data, it is important to plan and think about what data will be collected and whether there are risks with collecting that data. If you are working with a vulnerable population, it is crucial that you keep their personal information secure, or you could be putting them at risk.

To build trust and be transparent with project participants, project participants have the right to know what data will be collected about them, how it will be used, who it will be shared with, and when it will be destroyed. Data should only be collected with opt-in consent of the data subject.

To collect data responsibly, there is a lot of planning involved. There are also numerous complexities. Many countries have legal and regulatory requirements related to collecting personal data.

What is privacy and why does it matter?

Privacy is “the right to have some control over how your personal information is collected and used.” -IAPP

If you are working with a vulnerable population, you could be putting someone’s life at risk if their personal information is shared. For example, if you are working on a project related to HIV, and there is stigma in the community towards people with HIV, there could be a very negative impact to project participants with HIV if someone in the community found out they have HIV.

Another reason why it is important to protect personal information is to protect people from financial risks. Personal data is often used to gain access to one’s finances. To prevent identity theft, it is best not to share personal data.

There are some ethical considerations on how personal and sensitive data is collected and how it is used. In Jordan, The UN World Food Programme has a project called Building Blocks to help Syrian refugees. Refuges use an iris scan to authenticate into a virtual wallet to pay for food. This raises some huge ethical concerns. Why should anyone have to give up a scan of their iris for food? There should have been opt-in consent to participate in the iris scan program. What happens if the UN’s database of irises gets hacked? People are not growing eyes!

What is Personally Identifiable Information (PII)?

According to NIST, Personally Identifiable Information (PII) is “Information that can be used to distinguish or trace an individual’s identity—such as name, social security number, biometric data records—either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).”

How do you implement privacy on your project?

Review your program objectives and activities and determine:

  • What types of data will be collected? Why are you collecting it?
  • Will PII or sensitive data be collected?
  • Who will be collecting it? (your organization or another organization)
  • How and with whom will the data be shared? Where will it be published?
  • Who is responsible for data during each step of the information life cycle?
  • Who will have access to the data during each step of the information life cycle?

Think about the risks for each type of data collected:

  • Who might try to improperly use each type of data?
  • How could they gain access to it?
  • What would happen if they were successful?
  • Are there groups who would consider this data vulnerable?
  • Is there wide spread surveillance in the country you are collecting data?

For additional see risk management questions, see the Electronic Cash Transfer Learning Action Network - Privacy Impact Assessment [1]

Evaluate and mitigate the risks identified above. Create a data management plan before any data collection begins.

Only collect the data that are relevant to your project and implement data minimization. According to ISACA, data minimization is “Personal data shall be: adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimization).”

If you don’t need to collect PII or other sensitive information, don’t collect it.

Benefits of data minimization

  • Data minimization reduces the risk of a data breach happening. If you don’t collect sensitive data, you don’t need to worry about sensitive data being breached by accident or stolen.
  • Legal compliance with GDPR and other global privacy laws
  • If you collect less data, you need to store less data. This will reduce your ecological footprint, reduce data storage costs, and increase performance of data storage tools.

Tools and resources to help you design your survey

References

Privacy matters, privacy is what allows us to determine who we are and who we want to be.
- Edward Snowden

Privacy by Design

  1. Planning required before collecting data
  2. What is privacy and why does it matter?
  3. How do you implement privacy on your project?
  4. Benefits of data minimization
  5. Tools and resources to help you design your survey
  6. References