Privacy by Design
Privacy by Design (PbD) is a set of seven principles that help proactively embed privacy considerations and requirements at the beginning and throughout the design and development of products, solutions and services. Introduced by Dr. Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, PbD has become a globally recognized framework for the protection of privacy.
The framework, which has been adopted by numerous government and industry standards bodies around the globe as a best practice, is also incorporated in the EU General Data Protection Regulation (GDPR). Under the GDPR, data protection by design and by default are legal obligations whereby privacy must be taken into account throughout all data processing activities.
The benefit of PbD is that it helps support compliance, not just with the GDPR, but with many data protection laws and regulations because it demands going beyond the legal requirements and taking a holistic, big-picture approach to privacy protection.
Privacy by Design at Visier
Visier recognizes the importance of maintaining customer trust and preserving confidence, and has adopted PbD in how we design and develop our solutions and services. Visier continually strives to meet and exceed our customers’ expectations in not only how we provide the Visier solution and services, but also in how we operate from a compliance perspective. Below is a summary of actions we have taken to implement PbD:
|Privacy by Design Principle||What it means||How Visier applies this principle|
|Proactive not Reactive; Preventative not Remedial||Not waiting for privacy risks to materialize but aims to anticipate and prevent them from occurring in the first place.||Visier’s Privacy Director partners with Product and Solution Managers to create compliant solutions. Privacy assessments and reviews are integrated into the product development lifecycle of all new functions, features and content. This supports our ability to evaluate, prioritize and manage any privacy risks at the outset and throughout the development process.|
|Privacy as the Default||Individuals should not be required to take action to protect their privacy; it should be built into the system.||Privacy by default is part of our standard requirements for all functions and features. Visier’s Privacy Director is a stakeholder in the go no-go decisions for all new releases and before they become generally available. Customers configure the Visier solution and security model to meet their internal policies and requirements.|
|Privacy Embedded into Design||Privacy is an essential component and is not bolted on after the fact.||Privacy is proactively considered in the design of the Visier solution and integrated throughout our business practices and in how we operate our services.|
|Full Functionality — Positive-Sum, not Zero-Sum||Avoids the “pretense of false dichotomies,” such as a privacy/security trade-off; all legitimate interests are accommodated.||Visier endeavors to meet legitimate business objectives while at the same time ensuring privacy. By considering privacy early in the development process, we balance meeting our customers’ needs and expectations for a robust data-driven solution with data protection.|
|End-to-End Security — Lifecycle Protection||The appropriate level of security must be applied to protect personal data throughout the entire lifecycle of the data from collection and use to retention and destruction.||Visier implements appropriate security safeguards throughout the lifecycle of the data processed in the Visier solution including how we deploy, operate, and maintain our infrastructure. Visier undergoes an annual SOC2 Type II audit using an internationally recognized accounting firm.|
|Visibility and Transparency||Ensures that all parts and operations are visible and transparent to our customers.||Visier conducts and makes available independent third party audits and certifications addressing privacy and security. We are transparent in the technical and organizational measures taken and communicate the ways in which we protect and manage personal information in our Visier Privacy Statement. For more information about our privacy and data protection program, security practices, and vulnerability management program, see the Visier Trust site.|
|Respect for User Privacy||Users are the top priority and must be offered measures such as strong privacy defaults, appropriate notice and user-friendly options.||Visier enables customers to load, manage and control their data processed in the Visier solution and have the ability to configure the services to comply with privacy and security requirements applicable to them. The Visier security model empowers customers to manage their user’s access and provides controls for establishing appropriate permissions. The Visier Privacy Statement is presented upon initial user login and is easily accessible at all times within the Visier solution.|