Sign In

Communications of the ACM


The Challenges of Privacy By Design

pixelated portrait

Credit: Refat /

Heralded by regulators, Privacy by Design holds the promise to solve the digital world's privacy problems. But there are immense challenges, including management commitment and step-by-step methods to integrate privacy into systems.

The full text of this article is premium content


CACM Administrator

The following letter was published in the Letters to the Editor in the September 2012 CACM (
--CACM Administrator

While I largely agree with Sarah Spiekermann's Viewpoint "The Challenges of Privacy by Design" (July 2012), as Ontario's Information and Privacy Commissioner ( and originator of Privacy by Design (PbD, I want to make it clear that many organizations do understand the need to embed privacy in their systems and technologies and regularly ask my office's help in doing so.

I called 2011 "The Year of the Engineer" because of all the companies that had asked me to speak to their engineers and software designers about how to embed privacy, by design, into their operations. Ranging from major players like Adobe, Google, and RIM to smaller ones, all got the message that embedding privacy from the start is critical to their operations. Indeed, my message seemed well received and welcome.

The next stage of PbD evolution is to translate its "7 Foundational Principles" ( into more prescriptive requirements, specifications, standards, best practices, and operational-performance criteria. To provide guidance, we are presently writing a how-to paper on operationalizing PbD that should provide further implementation assistance in specific areas. It will supplement earlier papers like "Operationalizing Privacy by Design: The Ontario Smart Grid Case Study" (, a collaborative effort by my office, GE, Hydro One, IBM, and Telvent published in 2011 to demonstrate how PbD was being operationalized in a major smart-grid project.

Following and sharing the principles with technologists and senior management puts an organization well on its way to strong privacy. Translating them into concrete steps is not difficult yet ensures privacy is embedded into an organization's operations, by design. We have shown how it works with our partners in North America and Europe by embedding PbD into smart-meter and smart-grid designs. Another example is the Ontario Lottery and Gaming Corporation, which operationalized PbD in its face-recognition system for casinos and gaming facilities to identify participants of a voluntary self-exclusion program for problem gamblers while fully protecting the privacy of all other patrons (

The challenges of PbD are not as great as Spiekermann suggested; the engineers I have met have embraced the PbD principles, finding implementation not difficult. Perhaps all that is needed is to put PbD on engineers' radar screens and empower them to develop and adopt privacy best practices, share their implementation experiences, and provide recognition for innovative solutions.

Ann Cavoukian
Ontario, Canada

Displaying 1 comment

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account