87 Extremely Powerful Privacy by Design Questions You Do Not Know

What is involved in Privacy by Design

Find out what the related areas are that Privacy by Design connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Privacy by Design thinking-frame.

How far is your company on its Privacy by Design journey?

Take this short survey to gauge your organization’s progress toward Privacy by Design leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Privacy by Design related domains to cover and 87 essential critical questions to check off in that domain.

The following domains are covered:

Privacy by Design, Consumer privacy, Dark web, End-to-end encryption, General Data Protection Regulation, Information and Privacy Commissioner of Ontario, Internet privacy, Mesh networking, Netherlands organization for Applied Scientific Research, Personal Data Service, Privacy, Privacy-enhancing technologies, Privacy engineering, Social Science Research Network, Surveillance capitalism, Systems engineering, Value sensitive design, Voluntary compliance:

Privacy by Design Critical Criteria:

Map Privacy by Design adoptions and find out.

– Do several people in different organizational units assist with the Privacy by Design process?

– Do you follow privacy by design and privacy by default principles when designing new systems?

– Do Privacy by Design rules make a reasonable demand on a users capabilities?

– Do we all define Privacy by Design in the same way?

– What is Privacy by Design?

Consumer privacy Critical Criteria:

Look at Consumer privacy projects and inform on and uncover unspoken needs and breakthrough Consumer privacy results.

– Will Privacy by Design deliverables need to be tested and, if so, by whom?

– How do we go about Comparing Privacy by Design approaches/solutions?

– What threat is Privacy by Design addressing?

Dark web Critical Criteria:

Pay attention to Dark web failures and probe using an integrated framework to make sure Dark web is getting what it needs.

– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Privacy by Design models, tools and techniques are necessary?

– Will Privacy by Design have an impact on current business continuity, disaster recovery processes and/or infrastructure?

– Is the Privacy by Design organization completing tasks effectively and efficiently?

End-to-end encryption Critical Criteria:

Co-operate on End-to-end encryption projects and get out your magnifying glass.

– What are the success criteria that will indicate that Privacy by Design objectives have been met and the benefits delivered?

– What are the long-term Privacy by Design goals?

General Data Protection Regulation Critical Criteria:

Have a round table over General Data Protection Regulation engagements and find out.

– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to Privacy by Design?

– Does Privacy by Design appropriately measure and monitor risk?

– How do we go about Securing Privacy by Design?

Information and Privacy Commissioner of Ontario Critical Criteria:

Face Information and Privacy Commissioner of Ontario tactics and create Information and Privacy Commissioner of Ontario explanations for all managers.

– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about Privacy by Design. How do we gain traction?

– What tools and technologies are needed for a custom Privacy by Design project?

– What are the record-keeping requirements of Privacy by Design activities?

Internet privacy Critical Criteria:

Transcribe Internet privacy risks and revise understanding of Internet privacy architectures.

– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding Privacy by Design?

– How likely is the current Privacy by Design plan to come in on schedule or on budget?

Mesh networking Critical Criteria:

Analyze Mesh networking goals and create Mesh networking explanations for all managers.

– In the case of a Privacy by Design project, the criteria for the audit derive from implementation objectives. an audit of a Privacy by Design project involves assessing whether the recommendations outlined for implementation have been met. in other words, can we track that any Privacy by Design project is implemented as planned, and is it working?

– What will be the consequences to the business (financial, reputation etc) if Privacy by Design does not go ahead or fails to deliver the objectives?

– Among the Privacy by Design product and service cost to be estimated, which is considered hardest to estimate?

Netherlands organization for Applied Scientific Research Critical Criteria:

Audit Netherlands organization for Applied Scientific Research results and adopt an insight outlook.

– Think about the people you identified for your Privacy by Design project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?

– What are the Essentials of Internal Privacy by Design Management?

– How can we improve Privacy by Design?

Personal Data Service Critical Criteria:

Merge Personal Data Service visions and find out what it really means.

– How can you negotiate Privacy by Design successfully with a stubborn boss, an irate client, or a deceitful coworker?

– When a Privacy by Design manager recognizes a problem, what options are available?

– How will you know that the Privacy by Design project has been successful?

Privacy Critical Criteria:

Rank Privacy outcomes and forecast involvement of future Privacy projects in development.

– Does the information security function actively engage with other critical functions, such as it, Human Resources, legal, and the privacy officer, to develop and enforce compliance with information security and privacy policies and practices?

– A significant amount of data will be regularly received by the vendor (from nih, cms, and other government and non-government entities). is this data de-identified according to hipaa privacy standards as a matter of course?

– How do your measurements capture actionable Privacy by Design information for use in exceeding your customers expectations and securing your customers engagement?

– Are legal and regulatory requirements regarding Cybersecurity, including privacy and civil liberties obligations, understood and managed?

– What current legislation is directly linked to the organizations ability to maintain effective it security governance (e.g. privacy act)?

– Could you lose your service when an investigation into data loss of another customer starts to affect your privacy and data?

– Do you design data protection and privacy requirements into the development of your business processes and new systems?

– The real challenge: are you willing to get better value and more innovation for some loss of privacy?

– Do you provide opt-out controls that are visible and addressed within the privacy policy?

– Can We Quantitatively Assess and Manage Risk of Software Privacy Breaches?

– Do you have a privacy policy and statement posted on your website?

– Will the GDPR set up a one-stop-shop for data privacy regulation?

– Will Technology Force Us to Choose Between Privacy and Freedom?

– What are the privacy compliance requirements in the cloud?

– What are the usability implications of Privacy by Design actions?

– How should any risks to privacy and civil liberties be managed?

– Who should be responsible for privacy the CSPs?

– Do we have designated Privacy Officers?

Privacy-enhancing technologies Critical Criteria:

Boost Privacy-enhancing technologies failures and gather practices for scaling Privacy-enhancing technologies.

– Does Privacy by Design systematically track and analyze outcomes for accountability and quality improvement?

– To what extent does management recognize Privacy by Design as a tool to increase the results?

Privacy engineering Critical Criteria:

Grasp Privacy engineering quality and know what your objective is.

– Who is the main stakeholder, with ultimate responsibility for driving Privacy by Design forward?

– Who sets the Privacy by Design standards?

Social Science Research Network Critical Criteria:

Concentrate on Social Science Research Network engagements and acquire concise Social Science Research Network education.

– Are there any easy-to-implement alternatives to Privacy by Design? Sometimes other solutions are available that do not require the cost implications of a full-blown project?

– What is our formula for success in Privacy by Design ?

Surveillance capitalism Critical Criteria:

Review Surveillance capitalism governance and define Surveillance capitalism competency-based leadership.

– Does Privacy by Design include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?

– Which Privacy by Design goals are the most important?

Systems engineering Critical Criteria:

Ventilate your thoughts about Systems engineering quality and work towards be a leading Systems engineering expert.

– The pp and the semp define the tasks and schedule for the project and the processes that will be followed to produce the deliverables. once the project is underway, how can you track progress against the plan?

– How do we achieve sufficient predictability in developing the system so as to enable meaningful costed and time-bounded, resourced plans to be formed?

– How do you know that your project team members are following the documented cm processes to establish the baseline and control changes to it?

– Does the project require agreements related to organizational data sharing that havent yet been created?

– What will take the place of magnitude in our attempts to discern a power-law relationship?

– What is the detailed set of functions and properties of a given interface?

– What are the elements and the high-level capabilities of the system?

– Has organization developed a plan for continuous improvement?

– Are the requirements mapped to one or more user needs?

– Who will use the systems engineering plan (sep)?

– What are the flows between parts of the system?

– What policies are currently being implemented?

– Is there a commitment from the top down?

– How do we compare with the competition?

– Is the schedule too aggressive?

– How does it all fit together?

– Deliver interim releases?

– How confident are we?

– Right business case?

– Where are we today?

Value sensitive design Critical Criteria:

Generalize Value sensitive design adoptions and don’t overlook the obvious.

– What are the disruptive Privacy by Design technologies that enable our organization to radically change our business processes?

– Can we do Privacy by Design without complex (expensive) analysis?

Voluntary compliance Critical Criteria:

Debate over Voluntary compliance strategies and acquire concise Voluntary compliance education.

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Privacy by Design services/products?

– How do we Improve Privacy by Design service perception, and satisfaction?

– Why is Privacy by Design important for you now?


This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Privacy by Design Self Assessment:


Author: Gerard Blokdijk

CEO at The Art of Service | http://theartofservice.com



Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Privacy by Design External links:

The Privacy by Design Toolkit – YouTube

[PDF]Applying Privacy by Design Best Practices to SDG&E’s …

GDPR Privacy by Design made simple

Consumer privacy External links:

U.S. Consumer Privacy Notice from Bank of America

Consumer Privacy Pledge | Privacy Policies | U.S. Bank

The California Consumer Privacy Act

Dark web External links:

Dark Web News – Official Site

What Is the Dark Web? | Experian

Dark Web Monitoring & Identity Theft Protection – ID Agent

End-to-end encryption External links:

PreVeil | End-to-End Encryption for Secure Communication

General Data Protection Regulation External links:

[PDF]General Data Protection Regulation (GDPR)


Information and Privacy Commissioner of Ontario External links:

Information and Privacy Commissioner of Ontario – YouTube

Information and Privacy Commissioner of Ontario – …

Internet privacy External links:

Internet Privacy Policy | CareCredit

Internet Privacy | Computer Privacy | Microsoft Privacy

Golden Frog | Global Internet Privacy and Security Solutions

Mesh networking External links:

Sprint Business – Mesh Networking and WiMAX

Mesh networking made easy – Open Garden

Mesh Networking Specifications | Bluetooth Technology …

Personal Data Service External links:

Personal Data Service Request

Welcome to your personal data service | Mydex

Privacy External links:

Privacy Rights Clearinghouse

ZenMate – Internet Security and Privacy at its Best!

Protecting Student Privacy | U.S. Department of Education

Privacy engineering External links:

Privacy Engineering – Inspiring Innovation

Privacy Engineering | CSRC

Privacy Engineering – Home | Facebook

Social Science Research Network External links:

Social Science Research Network (SSRN)

SSRN: Social Science Research Network – University of …

Social Science Research Network (SSRN) | Edmond J. …

Systems engineering External links:

Integrated Systems Engineering

Industrial & Systems Engineering | College of Engineering

Intelligent Systems Engineering: Indiana University

Value sensitive design External links:

Value Sensitive Design – P2P Foundation

CiteSeerX — Value Sensitive Design: Theory and Methods

Voluntary compliance External links:

Voluntary Compliance Agreement between the United …