Privacy by Design and Default
Published on: April 23, 2024
Data Privacy by Design and Default at Telesign
At Telesign we implement data privacy by design and default. This means we take data protection principles into account when designing any new product or service (‘data protection by design’), and that we only process the personal data necessary to achieve our specific purposes (‘data protection by default’). Not only is this an obligation under certain data privacy laws, but it is also considered best practice.
Data Privacy by Design
Data privacy by design is ultimately an approach that ensures privacy and data protection issues are considered at the design phase of any system, service, product, or process and then throughout the lifecycle.
At Telesign we develop and design our products and services with data privacy as a priority, in accordance with the seven Privacy-by-Design Principles1:
- Proactive not reactive, preventative not remedial. We attempt to anticipate privacy risks before they arise – not after a data breach – and build measures to reduce their likelihood and impact.
- Privacy as the default setting. End Users privacy must be protected by default, without their having to take any action. We give End Users the maximum privacy protection, e.g. explicit opt-in, safeguards to protect Personal Data, restricted sharing, minimized data collection, and retention policies. The less data we have, the less damaging a breach will be.
- Privacy embedded into design. We consider privacy in each phase of the development lifecycle: from planning, to development, to operations. Embedding Privacy-by-Design is not just for technical systems but also for business practices.
- Full functionality – positive-sum, not zero-sum. To the greatest extent possible, we will look for ways to deliver all of the functionality of our products and services without a compromise to the principles established in this policy. For us, Privacy-by-Design culture helps the business; it is an enabler, not a blocker.
- End-to-end security – full lifecycle protection. We implement appropriate security measures in all of our products and services to protect Personal Information. Information is secured through implementing security best practices, wherever possible, from start (collection/creation) till the very end (archived/deletion) of the information life cycle.
- Visibility and transparency – keep it open. We are clear and transparent with our End Users, Customers and partners about how we are processing Personal Information. Building trust is fundamental to the success of our business.
- Respect for user privacy – keep it user-centric. We aim to see privacy interests through the eyes of our users and make design choices that empower users to control their data.
Additional guidelines, considering these principles, are developed with the engineering and operations teams at Telesign to identify the specific points of integration of privacy into the engineering and operations processes, for example the privacy by design questionnaire which is completed at the onset of the development of any new product.
Data Privacy by Default
Implementing data privacy by default ensures that at Telesign we only process the personal data that is necessary to achieve our specific purpose. It links to the fundamental data protection principles of data minimization and purpose limitation, as discussed further in Data Protection Principles at Telesign.
To ensure data privacy by default, some of the steps we take at Telesign include the following:
- Specify the personal data we need for each specific purpose before we carry out any processing.
- Appropriately inform individuals of such processing.
- Only process the minimum personal data we need for the intended purposes.
- Implement defined retention periods for personal data.
- Ensure access to personal data is on a ‘need to know’ limited basis only and is regularly reviewed.
We adopt a ‘privacy first’ approach in everything we do, including with our default settings of systems and applications, and ensure individuals are provided with sufficient controls and options to exercise their individual rights.