You feel the same way about trusting your data to any company as you do about putting your money into a bank. You need us to keep it safe, and you trust us to keep it private. You also need a way to know what you have in your “data account” with us so you can check it to make sure it’s accurate, and you need a way to be able to fix it if it’s wrong. We get it. Putting your data into our company is to you like money in the bank – it’s important – and we’ve got that covered! Here’s how…
At the core of our software development processes, we have implemented “Privacy by Design” as a corporate best practice.
Ken Greenwood, CTO, HITC
The Seven Principles of “Privacy by Design”
What are the principles behind our Privacy-by-Design aka PbD process? Well here you go….
Proactive not Reactive
We think about data privacy first – right at the beginning of our software design process —not after a data breach. We consider this principle as a kind of a mood-setter for the rest of PbD. We say “ABTP” – Always Be Thinking Privacy!
Privacy by Default
We are not like Facebook or Google. We think we’re actually supposed to give you the maximum privacy protection as a baseline. We use explicit opt-in; we employ safeguards to protect your data beforehand; we implement restricted sharing, minimized data collection, and retention policies right from the start. Privacy by Default therefore directly lowers the data security risk profile: the less of your data we have, the less damaging a breach will be should it occur. This is the hardest one for high-tech companies like Facebook and Google to get their heads around.
Privacy Embedded into Design
We think privacy is supposed to be embedded into the design of IT systems and business practices. Talk to a typical software developer, and he’s most worried about completing core functionality for the product. Data security techniques such as encryption and authentication are usually put on the backburner in the rush to get features coded. And testing for the most common hackable vulnerabilities in software is also often neglected. This principles tells our designers that they need to implement privacy as a core feature of our products.
Full Functionality – Positive-Sum, Not Zero-Sum
We believe that PbD will not compromise our business deadlines or goals. We believe we can have implement privacy and grow revenue. We’re not sacrificing one for the other – privacy garners trust, and trust drives growth.
Full Lifecycle Protection
Privacy protections apply to all phases of the data and follow the data wherever it goes. We apply the same PbD principles from the time the data is first created, when it is shared with others, and through all of its phases until it is finally archived. We implement an appropriate level of encryption and authentication to protect you data till the very end when it finally gets deleted.
Visibility and Transparency
We call this KIO – Keep It Open. This is the principle that helps us build your trust. We believe that information about our privacy practices should be kept out in the open and written in non-legalese, just like what you are reading here. We should have a clear redress mechanism for you, and lines of responsibility for your redress need to be implemented in our organization to ensure you have the power to correct your data.
Respect for User Privacy
Our final principle just makes it very clear to us that you own your own data. The data held by us – the organization – must be accurate, and you – the consumer – must be given the power to make corrections. You are also the only one who can grant and revoke consent on the use of your data.
A Security Expert Behind the Wheel
CTO and Co-Founder, HITC
Since the beginning of my coding career, security has been at forefront of my mind in every project I have participated in. I have worked in security at a national bank and participated in the implementation of security in scores of projects.
At HITC, as CTO I set security policy for the corporation. I set the Privacy By Design policy into place right at the outset of our very first project to set the tone for our development.
At HITC, we have established a PbD culture to keep your data as private and as safe as we can!