Privacy by Design Awards 2024
Published 3 May 2024
Published 3 May 2024
Read the keynote address prepared for delivery by Privacy Commissioner Carly Kind for the CyberCX and Tech Council of Australia Privacy by Design Awards on Thursday 2 May 2024.
Introduction
- It was so clear to me that he has a real, personal connection to this issue, which I also am a passionate advocate for.
- And I’m so honoured to have the opportunity to address you on the occasion of the Privacy by Design Awards.
- That even as we, as individuals and communities, are shaped by technology, we also have the power to shape technology.
- I’d then like to share a few brief thoughts on what’s next when it comes to privacy and power.
The lifecycle of privacy by design
True privacy by design isn’t about a single feature or gimmick. In the words of the European Data Protection Supervisor, privacy by design has ‘a visionary and ethical dimension’.
It’s about ensuring privacy is at the forefront of the entire design lifecycle. It is not a piecemeal approach but one that encompasses legal, governance and societal responsibilities.
So, what does this look like in practice?
Privacy by design begins with leadership
- As with everything in business, privacy by design begins with leadership.
- Organisations should be making the case for privacy from the get-go, and they should be doing that in the C-suite.
- As our Australian Community Attitudes to Privacy Survey has shown, consumers place a high value on privacy when choosing a product or service, with it ranking only after quality and price.
Think about privacy from the start
- You need to think about privacy right from the start, right from your first meeting.
- Think about whether the community would consider what you’re intending to do as fair and reasonable.
- Don’t be the guys who are just preoccupied with whether you
can, think first about whether you should. - This is a fundamental shift in approach, and provides confidence that, like a safety standard, privacy is built into products and services from start.
Build consideration of privacy into research and design
- As we move through the product lifecycle, organisations should be building in consideration of privacy into their user research, and throughout the research and design phase.
- We know that when individuals have the chance to exercise agency around their privacy, they often will.
- Proposed changes to the Privacy Act will seek to address the clarity of collection notices and consent requests, to improve consumer comprehension.
Carry privacy into deployment
- Privacy should then be carried right through from research and design, to deployment.
- Encryption, at rest and in transit, is one part of the puzzle when it comes to reasonable steps to protect the privacy and security of personal information.
- Services and products that involve the collection of personal identity information can create serious privacy risks and harms.
- The OAIC will be the independent privacy regulator for the scheme and will enforce its privacy safeguards.
Continuous improvement and monitoring is essential
- Finally, then, what does privacy by design mean once your product has gone to market?
- If you have done all of the above, then you can be congratulated for engaging in best practice privacy.
- But continuous improvement and monitoring is essential.