Respect for User Privacy

Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric!
The best Privacy by Design results are usually those that are consciously designed around the interests and needs of individual users, who have the greatest vested interest in the management of their own personal data.

Empowering data subjects to play an active role in the management of their own data may be the single most effective check against abuses and misuse of privacy and personal data. Respect for User Privacy is supported by the following FIPs:

• Consent – The individual’s free and specific consent is required for the collection, use, or disclosure of personal information, except where otherwise permitted by law. The greater the sensitivity of the data, the clearer and more specific the quality of the consent required. Consent may be withdrawn at a later date. Forms for data collection should include a consent check box.
• Accuracy – personal information shall be as accurate, complete, and up to date as is necessary to fulfill the specified purposes.
• Access – Individuals shall be provided access to their personal information and informed of its uses and disclosures. Individuals shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
• Compliance – Organizations must establish complaint and redress mechanisms, and communicate information about them to the public, including how to access them.
• Respect for User Privacy goes beyond these FIPs and extends to the need for human-machine interfaces to be human-centered, user-centric, and user-friendly so that informed privacy decisions may be reliably exercised. Similarly, business operations and physical architectures should also demonstrate the same degree of consideration for the individual, who should feature prominently at the center of operations involving collections of personal data.