Marilyn Prosch, Privacy by Design: A Case Study of the Mobile Millennium Traffic Pilot

Marilyn Prosch, Privacy by Design: A Case Study of the Mobile Millennium Traffic Pilot

Comment by: Steve Wicker

PLSC 2010

Workshop draft abstract:

This research study will take Commissioner Cavoukian’s 7 Foundational Principles of Privacy  by Design (2009) and the activities in Porter’s Value chain (1985) that relate to the collection, use, storage, retention and destruction of personal information to study how they have been applied and to develop guidance for organizations and businesses in the collaborative technologies industry. Our focus on the value chain follows on the work of Morgan et al. (2009) that examines the notion of corporate citizenship and suggests that in order for it to be effective, companies need to minimize harm and maximize benefits through their activities and, in so doing, take account of and be responsive to a full range of stakeholders. This parallels Cavoukian’s Privacy by Design, positive-sum approach. A pioneering concept, Privacy by Design ensures the protection of privacy by embedding it into the design specifications of information technology, business practices and infrastructure – thereby making privacy the default. Specifically, Morgan et al. (2009) call for a “next generation” approach to corporate citizenship that is embedded in structures, systems, processes and policies across the company’s value chain.

David and Prosch (2009) assert that designing privacy into the value chain model is a practical, business view of organizational and privacy issues.  This puts privacy where it belongs in an organization – everywhere where personal information exists.  They conclude that further research is needed to consider the internal stakeholders communications among the various departments within an organization with the goal of better communications and shared values, and we believe the value chain approach helps to further this engagement along.  Also, federated environments necessitate that organizations can “trust” their third parties providers.  Research and case studies are needed regarding how these organizations can create value and competitive advantages by PbD implementation and voluntarily sharing these experiences.