Following recent large-scale online data breaches, a new International Organization for Standardization (ISO) project committee, ISO/PC 317, Consumer protection: privacy by design for consumer goods and services, is developing guidelines that will enforce compliance with regulations and generate greater consumer trust.
Privacy of personal data is one of many issues related to the online consumer experience. The recent ISO Copolco 2018 Plenary Meeting included a workshop that considered the impact of data protection, artificial intelligence, the sharing economy and legislation on the online consumer experience.
“The majority of privacy breaches remain unchallenged, unregulated and unknown,” said Dr. Ann Cavoukian in her recent address during the ISO Copolco workshop. “Regulatory compliance alone is unsustainable as the sole model for ensuring the future of privacy. Prevention is needed.”
Ms. Cavoukian, a Canadian expert in online security, is helping to develop the ISO guidelines that will protect consumers’ personal information. In the wake of recent data breaches and privacy controversies, consumer groups have called for greater protections to safeguard people’s information when they are using the Internet. In addition, the new European Union General Data Protection Regulation (GDPR) came into force in May and requires companies to protect personal data, restricting the way they collect and use that data.
The new ISO guidelines will be the first set of preventative international guidelines to ensure consumer privacy is embedded into the design of a product or service and ensure protection throughout the entire lifecycle. Ms. Cavoukian pioneered the concept of “privacy by design,” a framework that seeks to embed privacy into the specifications of information technologies, networked infrastructure and business practices. She leads the Privacy by Design Centre of Excellence and is a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University in Toronto. Privacy by design is now recognized as a core part of the GDPR and forms the basis of the ISO standardization work now underway. Implementing the standard will help companies comply with regulations and avoid potentially devastating data breaches that erode consumers' confidence in online services.
“Giving consumers back their privacy is good for business, a win-win for consumers and business alike,” Ms. Cavoukian told the ISO Copolco workshop.