Free Assessment: 113 Privacy by Design Things You Should Know

What is involved in Privacy by Design

Find out what the related areas are that Privacy by Design connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Privacy by Design thinking-frame.

How far is your company on its Privacy by Design journey?

Take this short survey to gauge your organization’s progress toward Privacy by Design leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Privacy by Design related domains to cover and 113 essential critical questions to check off in that domain.

The following domains are covered:

Privacy by Design, Consumer privacy, Dark web, Dynamic Host Configuration Protocol, End-to-end encryption, General Data Protection Regulation, Global Positioning System, Information and Privacy Commissioner of Ontario, Internet of Things, Internet privacy, Mesh networking, Netherlands organization for Applied Scientific Research, Personal Data Service, Privacy, Privacy-enhancing technologies, Privacy engineering, Security by design, Social Science Research Network, Surveillance capitalism, Systems engineering, Value sensitive design, Voluntary compliance, Zero-knowledge proof:

Privacy by Design Critical Criteria:

Read up on Privacy by Design failures and budget for Privacy by Design challenges.

– Do you follow privacy by design and privacy by default principles when designing new systems?

– Who will be responsible for documenting the Privacy by Design requirements in detail?

– What is the purpose of Privacy by Design in relation to the mission?

– Why are Privacy by Design skills important?

– What is Privacy by Design?

Consumer privacy Critical Criteria:

Review Consumer privacy goals and question.

– Does our organization need more Privacy by Design education?

– Does the Privacy by Design task fit the clients priorities?

Dark web Critical Criteria:

Consult on Dark web issues and suggest using storytelling to create more compelling Dark web projects.

– How do we ensure that implementations of Privacy by Design products are done in a way that ensures safety?

– Are assumptions made in Privacy by Design stated explicitly?

– How can the value of Privacy by Design be defined?

Dynamic Host Configuration Protocol Critical Criteria:

Incorporate Dynamic Host Configuration Protocol strategies and triple focus on important concepts of Dynamic Host Configuration Protocol relationship management.

– Are there any easy-to-implement alternatives to Privacy by Design? Sometimes other solutions are available that do not require the cost implications of a full-blown project?

– What other jobs or tasks affect the performance of the steps in the Privacy by Design process?

– How do we make it meaningful in connecting Privacy by Design with what users do day-to-day?

End-to-end encryption Critical Criteria:

Learn from End-to-end encryption decisions and assess what counts with End-to-end encryption that we are not counting.

– What management system can we use to leverage the Privacy by Design experience, ideas, and concerns of the people closest to the work to be done?

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Privacy by Design services/products?

General Data Protection Regulation Critical Criteria:

Face General Data Protection Regulation results and look at the big picture.

– In the case of a Privacy by Design project, the criteria for the audit derive from implementation objectives. an audit of a Privacy by Design project involves assessing whether the recommendations outlined for implementation have been met. in other words, can we track that any Privacy by Design project is implemented as planned, and is it working?

– What are your most important goals for the strategic Privacy by Design objectives?

– Is Supporting Privacy by Design documentation required?

Global Positioning System Critical Criteria:

Consider Global Positioning System strategies and oversee implementation of Global Positioning System.

– Who will be responsible for making the decisions to include or exclude requested changes once Privacy by Design is underway?

– How can skill-level changes improve Privacy by Design?

Information and Privacy Commissioner of Ontario Critical Criteria:

Check Information and Privacy Commissioner of Ontario governance and gather Information and Privacy Commissioner of Ontario models .

– What prevents me from making the changes I know will make me a more effective Privacy by Design leader?

– How can we improve Privacy by Design?

Internet of Things Critical Criteria:

Use past Internet of Things outcomes and devote time assessing Internet of Things and its risk.

– IoT-based offerings are no longer one-off product hardware sales. Instead, manufacturers will embark on new relationships with customers that last for the entire lifecycle of the hardware product. Through over-the-air (OTA) communications, firmware updates and feature enhancements can be delivered to IoT products for as long as they are installed. Given this shift, how should we price our IoT offerings?

– As an example; there are all kinds of innovative new applications and devices that promise to enable the connected home and vehicle, smart city and lifestyle, but how do we define what is IoT and what is not?

– How can we take rapid and informed action given the dramatic changes the IoT will make to our traditional business models?

– What is the value proposition for the customer (How well will the product or service solve the problem)?

– What are the critical success factors which will support the expansion and wide adoption of IoT applications?

– Is any form of notice provided to the individual prior to collection of information?

– Disaster Recovery Site–what happens if Contractors server is destroyed?

– What is the retention period for the data in the system?

– What safeguard measures are in place to ensure security?

– What are the best examples of the Internet of things?

– What does a good Internet of Things strategy include?

– Which user group(s) will have access to the system?

– If the Contractor installs, what shall this entail?

– What market segment(s) are served by the company?

– Do you need to address end-user safety concerns?

– Where does the network need to be in 3-5 years?

– Does the ecosystem enable end to end security?

– Is there a need/way to authenticate a thing?

– From whom is the information collected?

– How can we drive IoT at every level?

Internet privacy Critical Criteria:

Map Internet privacy goals and observe effective Internet privacy.

– How do senior leaders actions reflect a commitment to the organizations Privacy by Design values?

– Can Management personnel recognize the monetary benefit of Privacy by Design?

– Why should we adopt a Privacy by Design framework?

Mesh networking Critical Criteria:

Depict Mesh networking goals and report on setting up Mesh networking without losing ground.

– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Privacy by Design processes?

– Who needs to know about Privacy by Design ?

Netherlands organization for Applied Scientific Research Critical Criteria:

Devise Netherlands organization for Applied Scientific Research projects and revise understanding of Netherlands organization for Applied Scientific Research architectures.

– In what ways are Privacy by Design vendors and us interacting to ensure safe and effective use?

– What business benefits will Privacy by Design goals deliver if achieved?

Personal Data Service Critical Criteria:

Substantiate Personal Data Service issues and transcribe Personal Data Service as tomorrows backbone for success.

Privacy Critical Criteria:

Tête-à-tête about Privacy governance and probe using an integrated framework to make sure Privacy is getting what it needs.

– Have the it security cost for the any investment/project been integrated in to the overall cost including (c&a/re-accreditation, system security plan, risk assessment, privacy impact assessment, configuration/patch management, security control testing and evaluation, and contingency planning/testing)?

– A significant amount of data will be regularly received by the vendor (from nih, cms, and other government and non-government entities). is this data de-identified according to hipaa privacy standards as a matter of course?

– Based on our information security Risk Management strategy, do we have official written information security and privacy policies, standards, or procedures?

– Do we provide the right level of specificity and guidance for mitigating the impact of Cybersecurity measures on privacy and civil liberties?

– Do you design data protection and privacy requirements into the development of your business processes and new systems?

– Has identifying and assessing security and privacy risks been incorporated into the overall Risk Management planning?

– How will IoT applications affect users control over their own privacy and how will they react?

– What risks to privacy and civil liberties do commenters perceive in the application of these practices?

– Are there any data with privacy concerns to sharing (e.g., human subjects)?

– How important is Privacy by Design to the user organizations mission?

– Do you have a privacy policy and statement posted on your website?

– What new Security and Privacy challenge arise from new Big Data solutions?

– Will Technology Force Us to Choose Between Privacy and Freedom?

– How should any risks to privacy and civil liberties be managed?

– Who should be responsible for privacy the CSPs?

– Who cares about IT Security and Privacy?

– What Is Privacy?

Privacy-enhancing technologies Critical Criteria:

Closely inspect Privacy-enhancing technologies outcomes and ask what if.

– Do the Privacy by Design decisions we make today help people and the planet tomorrow?

– What are the business goals Privacy by Design is aiming to achieve?

– How do we keep improving Privacy by Design?

Privacy engineering Critical Criteria:

See the value of Privacy engineering projects and define Privacy engineering competency-based leadership.

– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Privacy by Design process. ask yourself: are the records needed as inputs to the Privacy by Design process available?

– How much does Privacy by Design help?

Security by design Critical Criteria:

Guard Security by design visions and describe which business rules are needed as Security by design interface.

– What will drive Privacy by Design change?

– What is our Privacy by Design Strategy?

Social Science Research Network Critical Criteria:

Systematize Social Science Research Network failures and devise Social Science Research Network key steps.

– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Privacy by Design models, tools and techniques are necessary?

– How do we Improve Privacy by Design service perception, and satisfaction?

Surveillance capitalism Critical Criteria:

See the value of Surveillance capitalism quality and get answers.

– Are there any disadvantages to implementing Privacy by Design? There might be some that are less obvious?

– What is Effective Privacy by Design?

Systems engineering Critical Criteria:

X-ray Systems engineering results and probe using an integrated framework to make sure Systems engineering is getting what it needs.

– If we can describe engineered systems in a way analogous to natural systems (global complexity emerging from local simplicity, for example), can we identify the parameters which obey the kind of power-law relationship we find in natural systems?

– The pp and the semp define the tasks and schedule for the project and the processes that will be followed to produce the deliverables. once the project is underway, how can you track progress against the plan?

– To apply complexity theory to engineered systems that we have not yet designed, can we predict these features within acceptable accuracy ranges?

– What happens if new needs (or more likely new requirements) are identified after the final needs or requirements have been developed?

– What is the structure of the different information aspects on the interface?

– Once the project is underway, how can you track progress against the plan?

– What will happen if there is a loss of key staff or contractor personnel?

– Is the funding for the project secure, or is only part of it in place?

– Standards, goals, and appropriate processes been established?

– What is the geographic and physical extent of the system?

– Does the requirement have a verification method assigned?

– What policies are currently being implemented?

– Is there a commitment from the top down?

– How well should the system perform?

– How much architecting is enough?

– Is the schedule too aggressive?

– How does it all fit together?

– How confident are we?

– Right implementation?

– Where are we today?

Value sensitive design Critical Criteria:

Accumulate Value sensitive design failures and adjust implementation of Value sensitive design.

– What are the key elements of your Privacy by Design performance improvement system, including your evaluation, organizational learning, and innovation processes?

– How do we know that any Privacy by Design analysis is complete and comprehensive?

Voluntary compliance Critical Criteria:

Graph Voluntary compliance issues and cater for concise Voluntary compliance education.

– How can you measure Privacy by Design in a systematic way?

– What are the long-term Privacy by Design goals?

Zero-knowledge proof Critical Criteria:

Consult on Zero-knowledge proof outcomes and mentor Zero-knowledge proof customer orientation.

– What are your key performance measures or indicators and in-process measures for the control and improvement of your Privacy by Design processes?

– Do you monitor the effectiveness of your Privacy by Design activities?


This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Privacy by Design Self Assessment:

Author: Gerard Blokdijk

CEO at The Art of Service |

Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Privacy by Design External links:

Privacy by Design & GDPR – IONIC SECURITY

Privacy by Design GDPR

Whoami: VPN Service – Free Access – Privacy by Design

Consumer privacy External links:

Consumer Privacy Pledge | Privacy Policies | U.S. Bank

U.S. Consumer Privacy Notice from Bank of America

Consumer Privacy Pledge | Privacy Policies | U.S. Bank

Dark web External links:

Share this Rating. Title: Dark Web (2016) 2.5 /10. Want to share IMDb’s rating on your own site? Use the HTML below.

The Dark Web – Vox

The Dark Web – Official Site

Dynamic Host Configuration Protocol External links:

DHCP (Dynamic Host Configuration Protocol) Basics

What Is DHCP?: Dynamic Host Configuration Protocol (DHCP)

Dhcploc Overview: Dynamic Host Configuration Protocol …

End-to-end encryption External links:

[PDF]End-to-end encryption briefing –

What is End-to-End Encryption? – ProtonMail Blog

General Data Protection Regulation External links:

GDPR – The General Data Protection Regulation

General Data Protection Regulation (GDPR) – Google Cloud

Global Positioning System External links:

Global Positioning System

What is global positioning systems –

Transit Satellite: Precursor to Global Positioning System

Information and Privacy Commissioner of Ontario External links:

Information and Privacy Commissioner of Ontario – YouTube

IPC – Information and Privacy Commissioner of Ontario

Internet of Things External links:

Internet of Things ETF

Internet of Things Examples and Customer Stories | Microsoft

How to invest in the Internet of Things | Fortune

Internet privacy External links:

Internet Privacy Policy | Medi-Share

Internet Privacy | Computer Privacy | Microsoft Privacy

Internet Privacy Policy | CareCredit

Mesh networking External links:

915U-2 Wireless Mesh Networking I/O & Gateway › … › Multi I/O units

Personal Data Service External links:

Personal Data Service Request

Welcome to your personal data service | Mydex

Personal Data Service Request –

Privacy External links:

Privacy Policy Highlights – Who We Are – USPS

Google Privacy | Why data protection matters

Privacy Statement – CEFA

Privacy engineering External links:

Privacy Engineering

[PDF]An Introduction to Privacy Engineering and Risk …

Privacy Engineering – Home | Facebook

Security by design External links:

Security by Design – Detroit, MI –

Security by Design Principles – OWASP

Security By Design – Experience – Frank Hagel Federal Building

Social Science Research Network External links:

Social Science Research Network | USC Libraries


social science research network | The Stem Cellar

Surveillance capitalism External links:

Oliver Stone: Pokémon Go is Surveillance Capitalism – …

Systems engineering External links:

Systems Engineering and Operations Research

Industrial, Manufacturing, & Systems Engineering – UTA

Integrated Systems Engineering

Value sensitive design External links:

[PDF]Value Sensitive Design and Information Systems

CiteSeerX — Value Sensitive Design: Theory and Methods

Voluntary compliance External links:

Voluntary Compliance Agreement between the United …

Zero-knowledge proof External links:

What is a zero-knowledge proof? – Quora

Zero-knowledge proofs explained – ExpressVPN