Tech companies must build privacy and security into their solutions from the very beginning rather than tack it on as an afterthought – this was the resounding message today at a data privacy and security symposium held in downtown Toronto, hosted by Netskope.
Among the speakers was Ann Cavoukian, formerly Ontario’s Privacy Commissioner who is now executive director of the Privacy and Big Data Institute at Ryerson University.
She said that instead of leaving privacy and security as an afterthought, in her experience working with software engineers, it is easier and more effective to implement these considerations in the source code.
“If you can embed privacy as the default setting in every practice and program, whatever the default condition is, it will prevail 80 per cent of the time,” said Cavoukian. “If you can give that kind of assurance to your customers, they will thank you with their repeat business and attract new business opportunities.”
In order to promote this outlook in Canada, Cavoukian announced a “Privacy by Design” certification program that Ryerson University will be launching in partnership with audit firm Deloitte.
It’s a program that will be rolled out in the coming months to any company, including those in the channel, who want to meet a benchmark for security and privacy in the solutions they offer. It tries to take a proactive approach to preventing data loss.
“If they are providing a service or a product or distributing others, if they can demonstrate that the content of what they are working with complies with the requirement of Privacy by Design, then we would certainly consider them for certification,” said Cavoukian.
Meanwhile, for channel partners that feel as though they have less control over the technology coming down the pipe, Cavoukian has a simple suggestion: feature the best solutions.
“Offer them some sort of incentive,” she said. “Put them at the top of the list or highlight them on the service that you provide with an additional star with ‘privacy assurance provided’.”
Drawing on increasingly prevalent examples of companies who have faced class-action lawsuits and damaged reputation, Cavoukian said it’s time to stop asking how much security and privacy will cost.
“I tell them to think about how much money they would be saving,” Cavoukian said. “Security breaches are guaranteed.”