Template for applying privacy design and start the engineering process for technology projects. If your organization does not an established process consider this template as a starting point.
https://medium.com/@privacyvigilante
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Template for Privacy Design of Tech Projects
1. 1 Practical Privacy for Technology Projects
ProjectName–
PrivacyDesign
01/08/2024
2. 2 Practical Privacy for Technology Projects
Description
Add here a brief
description of the
project, feature, or
change to be developed
Add here a brief description of the first step of the process
involved
Repeat for second step
Third step
Fourth step
and fifth step if applicable
3. 3 Practical Privacy for Technology Projects
Privacy Design Process
Project Name – Privacy Design
Identify Critical
Characteristics
Value-Sensitive
Design
Determine
data practices
to scope out
Write high-
level
requirements
4. 4 Practical Privacy for Technology Projects
Applicable Policies
Project Name – Privacy Design
User Personas
6. 6 Practical Privacy for Technology Projects
Best Practices
Project Name – Privacy Design
Excluded Practices
7. 7 Practical Privacy for Technology Projects
Requirements (example) (high-level)
Project Name – Privacy Design
Requirement Description/Notes
*Review of TOS Needs review
Document possible administrative actions Create a description. List of site features. Elaborate impacts and
link to SOPs
Identify actions/areas of system that should not
be accessed (– needs further review)
From compliance POV and user privacy
*Logging of {activity xyz } Includes six-year retention per HIPAA
*Logging of {data actions, something else } Part of current requirements to log all data activity
Implement review process Requirement: Having ability and procedure defined
Mechanism for obtaining user consent Needs input from Legal regarding criticality. Determine opt-in vs
opt-out – appropriate and actionable
Notify user of {action, condition, event} This is a best practice. Notification options vary – TBD
*SOP for escalations Develop a process to handling escalations
* Denotes a must-have