Great paper on designing for privacy from a Dutch security/crypto professor.
– Collect as little as possible
– Separate data collected for different purposes, and make it hard to combine with other datasets – Store only vague aggregate data if you can
– Put strong access controls on personal data
– Tell people you’re collecting data about them, and give them a chance to make changes – Make sure people control data about themselves.
For all the talk about how important this is, it’s rare to see really constructive advice on how to do it.
(Same with Anonymous and the like: they’d win so much if they focused a bit of energy on helping people or building useful things. Retaliation may discourage bad behavior, but you need good things to replace it else the bad stuff just comes back.)
“Data collection should be minimised, for example by not storing individual rows in a database table for each and every individual, and the number of attributes stored should correspond to the purpose.
Data collected for one purpose should be stored separately from data stored for another purpose, and linking of these database tables should not be easy.
When data about individuals is not necessary for the purpose, only aggregate data should be stored.
Personal data should be properly protected, and strict access control procedures should limit access to authorised persons only.
A data subject should be informed about the fact that data about her is being processed, and she should be able to request modifications and corrections where appropriate.
In fact the underlying principle of information self-determination dictates the she should be in control.