Privacy By
Design Certification


Privacy by Design Certification is offered by the Privacy by Design Centre of Excellence at Ryerson University in Toronto. Companies that have achieved this certification are meeting the highest standards of a globally recognized privacy standard.

THE 7 FOUNDATIONAL PRINCIPLES OF CERTIFICATION

  • PRINCIPLE

    1

    PROACTIVE, NOT REACTIVE; PREVENTATIVE, NOT REMEDIAL

     

    The Privacy by Design (PbD) framework is characterized by the taking of proactive rather than reactive measures. It anticipates the risks and prevents privacy invasive events before they occur. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to identify the risks and prevent the harms from arising. In short, Privacy by Design comes before-the-fact, not after.

     
  • PRINCIPLE

    2

    PRIVACY AS THE DEFAULT SETTING

     

    We can all be certain of one thing – the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice, as the default. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual in order to protect their privacy – it is already built into the system, by default.

     
  • PRINCIPLE

    3

    PRIVACY EMBEDDED INTO DESIGN

     

    Privacy measures are embedded into the design and architecture of IT systems and business practices. These are not bolted on as add-ons, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is thus integral to the system, without diminishing functionality.

     
  • PRINCIPLE

    4

    FULL FUNCTIONALITY: POSITIVE SUM, NOT ZERO SUM

     

    Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through the dated, zero-sum (either/or) approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is indeed possible to have both.

     
  • PRINCIPLE

    5

    END-TO-END SECURITY: FULL LIFECYCLE PROTECTION

     

    Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved – strong security measures are essential to privacy, from start to finish. This ensures that all data are securely collected, used, retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end.

     
  • PRINCIPLE

    6

    VISIBILITY AND TRANSPARENCY: KEEP IT OPEN

     

    Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. The data subject is made fully aware of the personal data being collected, and for what purpose(s). All the component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify!

     
  • PRINCIPLE

    7

    RESPECT FOR USER PRIVACY: KEEP IT USER-CENTRIC

     

    Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. The goal is to ensure user-centred privacy in an increasingly connected world. Keep it user-centric.

     

Certified Companies

TELUS Communications

Ruby Corporation

Canadian National Insurance Crime Services (CANATICS)

How To Get Certified

  • Step 1

    Apply

    Ryerson University

    The Privacy by Design Certification process begins when your organization submits a Privacy by Design application which can be found here. The Privacy by Design Centre of Excellence reviews your application, and afterwards, your information is forwarded to our assessment partner to begin the assessment process.

    Apply at Ryerson.ca
  • Step 2

    Assess

    We have partnered with our assessment partner to asses services for the Privacy by Design Certification. Assessment services will be carried out under a separate agreement where the product(s), services(s) and/or offering(s) being certified will be assessed. A report will then be issued based on the assessment methodology and scorecard technique developed exclusively for Privacy by Design Certification which examines the organization’s adherence to Privacy by Design. The criteria are based on the 7 Foundational Principles of Privacy by Design:

    1. Proactive not Reactive; Preventative not Remedial
    2. Privacy as the Default Setting
    3. Privacy Embedded into Design
    4. Full Functionality – Positive-Sum, not Zero-Sum
    5. End-to-End Security – Full Lifecycle Protection
    6. Visibility and Transparency – Keep it Open
    7. Respect for User Privacy – Keep it User-Centric
  • Step 3

    Certify

    Upon completion of the assessment, an assessment report will be forwarded to both your organization and the Privacy by Design Centre of Excellence for review. After examining the report, Ryerson's Privacy by Design Centre of Excellence will issue a decision as to whether certification will be granted. Successful applicants will be granted the use of our Certification Shield on any material related to your certified products, services or offerings and will be listed on our website so that customers can independently validate your certification.

    Successful applicants who have been granted the use of our Certification Shield will demonstrate to the public and consumers alike their commitment to privacy. Our shield is a validation of an organization’s privacy framework, showing that an organization is well-equipped to meet the needs of today’s privacy conscious consumer.

  • Step 4

    Notify

    Certifications are valid for a three-year period, but must be renewed annually. We will remind you well in advance of your anniversary period with all the details on how to keep your certification current.

  • Step 5

    Attest

    An important part of renewing your certification is an attestation form in which your organization attests that there has been no change which would affect your certification.

  • Step 6

    Renew

    When Ryerson is satisfied with your attestation and upon payment of the renewal fee, your Privacy by Design Certification is renewed for another year.

Learn More About Getting Certified


If you have questions about us, the certification process, or Privacy by Design in general, we’d love to hear from you. We’re always ready to hear from like-minded people who want a future filled with privacy, security, freedom, innovation and prosperity.