Skip to main content

Privacy By Design Software Guidelines

This document outlines the principles and best practices to embrace Privacy by Design as a cornerstone of responsible software development ensuring that user privacy remains a priority. 

Introduction

With increased digitization of Government processes and services, significant amounts of data are...

Scope and objectives

This Privacy by Design (PbD) guideline document outlines a framework to embed privacy considerati...

Privacy by Design Services Overview

What is Privacy by Design?

Privacy by Design is about creating a consistent framework and approach for proactively embedding...

Why it's Important to Build in Privacy by Design

Taking a privacy by design approach is an essential tool in minimizing privacy risks and building...

Principles of Privacy by Design

The 7 Foundational Principles of Privacy by Design are detailed below and are followed by the Fai...

Proactive not Reactive; Preventative not Remedial

The Privacy by Design approach is characterized by proactive rather than reactive measures. It an...

Privacy as the Default

Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data a...

Privacy Embedded into Design

Privacy by Design is embedded into the design and architecture of IT systems and business practic...

Full Functionality – Positive-Sum, not Zero-Sum

Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum ...

End-to-End Security – Lifecycle Protection

Privacy by Design, having been embedded into the system before the first element of information b...

Visibility and Transparency

Privacy by Design seeks to assure all stakeholders that whatever the business practice or technol...

Respect for User Privacy

Above all, Privacy by Design requires architects and operators to keep the interests of the indiv...

Privacy considerations in the software lifecycle

Privacy by Design (PbD) considerations should be integrated into each stage of the software devel...

Requirements Gathering and Analysis

Define privacy requirements [Mandatory] - Identify and document privacy requirements based on b...

Design

Privacy design principles [Mandatory] - Apply privacy principles such as data minimization, pur...

Development

Secure coding [Mandatory]  - Follow secure coding practices to prevent common vulnerabilities s...

Testing

Privacy testing [Mandatory] - Include privacy testing as part of the software testing process, ...

Deployment

Data protection safeguards [Mandatory] - Implement appropriate safeguards to protect personal d...

Operations and Maintenance

Privacy policies [Mandatory] - Regularly review and update privacy policies and procedures to r...

Upgrade or Decommission

Data Disposal [Mandatory] - Ensure that all personal data stored by the software is securely de...

Entry into force

This guideline shall come into force on the date of its signature by the Chief Executive Officer ...
Back to top