7 Steps to Keeping Customer Data Safe

Embedding both privacy and security into IT systems is critical to business success, says a report by Oracle and Ontario's Privacy Commissioner

Written by Melissa Campeau

It can take years to earn your customers’ trust but you can lose it in an instant if you expose their private information.

Investing in the development of smarter network systems today can save you serious troubles down the road, says a new report, Privacy and Security: A Convergence of Paradigms, by Ontario’s Information and Privacy Commissioner Ann Cavoukian and Oracle’s Director of Product Management, Marc Chanliau. The report underscores the importance of incorporating both privacy and security into your networked technology. Though neither concept is new, when it comes to implementing IT plans, they haven’t always been considered together.

Read: It Pays to Hire People Who “Get It” About Data Security

“Security and privacy are integral to an organization’s priorities, project objectives, design processes and planning operations,” says Cavoukian. “By taking a proactive approach, it is indeed possible—and far more desirable—to embed both privacy and security.” She adds, “Why settle for one when you can have both? Gain a competitive advantage and make privacy payoff by embedding it along with security.”

Read: Security: Stop, Thief?

The new report outlines seven principles for developing an effective network that protects privacy and offers maximum security.

1. A system should be proactive rather than reactive. It should anticipate and prevent compromises to privacy rather than wait for risks to materialize.

2. Privacy should be the default setting of any network. An effective system will ensure personal data is automatically protected in any given IT system or business practice. So, even if a customer doesn’t apply any particular settings or take security precautions, his or her privacy will remain intact.

3. Privacy should be embedded into the design and architecture of IT systems and business practices, instead of being tacked on after the fact. This means privacy becomes an essential component of a network and is integral to the system, without reducing the network’s ability to function well.

4. A system should be designed with a win-win approach in mind, one in which both privacy and security are priorities, rather than strengthening one at the expense of the other.

5. End-to-end security is vital. Privacy should be embedded into the system before the first piece of information is collected and extended throughout the entire life cycle of the data.

6. Keep your privacy and security policies transparent. Assure your stakeholders your business is operating as it should be and include public verifications by third parties.

7. Most important, keep your customers’ needs in mind at all times. Use strong privacy defaults and employ user-friendly options at every opportunity.

Download Privacy by Design: A Convergence of Paradigms

Originally appeared on