Chapter 2. Personal Data and Privacy

Any architectural considerations regarding data-privacy protections begin the moment the data is collected. Privacy issues must be addressed at all stages of the data life cycle—from collection to storage to analysis to action (not to mention the periods when data is no longer being used: archival, purging, and destruction). We will start at the beginning.

Good practices in both information security and data collection are necessary, though not sufficient, to implement privacy protections. Parts II and III of this book will describe a set of useful practices and controls for implementing privacy protections. However, designing privacy protections is about limiting harm by authorized users—those that have been explicitly granted access to the data for some purpose. But what about unauthorized access to data? All of the privacy controls in the world are meaningless if they can be circumvented from the start. Information security, therefore, is about limiting unauthorized access to data, and is fundamental to building a privacy-protective system.

Meanwhile, all of the privacy controls in the world (and any information security built to protect them) are useless if administered to irresponsibly collected data. Protecting privacy means data must be handled responsibly at every step of the process that moves it from the initial point of collection to its ultimate home in a privacy-protected data store.

On the topic of data collection, consider this ...