# Core Principles

Combine the foundational Privacy by Design (PbD) principles with Security-by-Design objectives into a unified set:

- **Proactive and preventative:** Anticipate and reduce privacy/security risks before they occur.
- **Privacy and security by default:** Systems must default to the most privacy-preserving and secure configuration.
- **Embedded into design:** Privacy and security are integral to architecture and not bolted on afterwards.
- **Positive-sum functionality:** Achieve privacy and security without unnecessary trade-offs to functionality.
- **End-to-end lifecycle protection:** Protect data across collection, storage, use, transfer, archive, and destruction.
- **Visibility, transparency, and accountability:** Maintain auditability, clear policies, and openness about practices.
- **User-centric and respect for privacy:** Provide clear notices, consent mechanisms, and user controls.
- **Least privilege and segmentation:** Limit access by role and segment networks/systems to reduce blast radius.
- **Continuous improvement:** Monitor, patch, audit, and reassess to adapt to new threats and legal updates.