I Have Seen the Future, and It Is “Privacy by Design”
OK, that may be a little bit of an overstatement, but every company raising venture capital should be aware of the new concept of “Privacy By Design,” as it is the future of privacy in terms of SaaS privacy and software privacy.
Here are 3 simple things you should know about “Privacy By Design”:
1) “Being Adopted” in the US (Invented in Canada). This methodology (if you can call it that) was actually conceived by the Information and Privacy Commissioner of Canada (Ann Cavoukian), but the US Federal Trade Commission is joining in. While this is not the law (yet) in the US, the FTC is trying to get companies to think about adopting Privacy by Design when they are sued by the FTC for privacy violations, and it is being addressed/referenced in draft privacy legislation in the US…not too hard to connect the dots. Also, it is already global (and has been translated into multiple languages), which is really a great thing.
2) Build Privacy Into Software Development. As soon as I read this, I thought, OK, this is how privacy should be addressed in SaaS and software. (it should be thought about during design of the software and not an afterthought…which it too often is) To me, this is merely part of the evolution of privacy as part of the software development process, as at first privacy was not that big of an issue for software companies (therefore, developers did not spend a lot of time thinking about it). Times are a changin’ (or arguably have changed), so think about designing privacy into your SaaS or software solution. (BTW, if you don’t think about it now, you probably will be in the near future)
3) It is All About “Default Settings.” Part of the 7 Foundation Principles of Privacy by Design is that the default setting should be set to protect privacy (i.e. the user has to do nothing, and their privacy is protected). I totally agree with this principle, and I think the FTC confirmed this in the Google Buzz consent order (in 2011).
Look, I know this can and will get super complicated, but every company raising venture capital should think about the fact that (a) some form of Privacy By Design will make it into US law pretty soon, (b) you can build privacy into your software development process, and (c) you should configure your software by default to protect privacy, I think you are going to be ahead of the pack. So if I were you, I would learn from what IBM, Microsoft, Oracle, and the FTC are already doing in terms of Privacy by Design, as this sure looks like the future of privacy to me for SaaS and software companies.
Disclaimer: This post is for informational and educational purposes only, and is not legal advice. You should hire an attorney if you need legal advice, which should be provided only after review of all relevant facts and applicable law.