How to mitigate privacy concerns?
Question: How should a digital identity ecosystem be structured to protect data and privacy, build trust and reduce identity fraud? How can privacy concerns associated with the handling of sensitive user data be mitigated?¶
The ToIP stack has incorporated Privacy by Design from the ground up. This means that it can be used to implement solutions compliant with all major global data protection regulations, including the EU General Data Protection Regulation (GDPR), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), or the California Consumer Privacy Act (CCPA). It can also be used to meet strict privacy and security protection regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA).
Privacy by Design is a framework, developed under the leadership of former Information and Privacy Commissioner of Ontario Ann Cavoukian, that proposes seven foundational principles:
- Proactive not Reactive; Preventative not Remedial
- Privacy as the Default Setting
- Privacy Embedded into Design
- Full Functionality – Positive-Sum, not Zero-Sum
- End-to-End Security – Full Lifecycle Protection
- Visibility and Transparency – Keep it Open
- Respect for User Privacy – Keep it User-Centric
The Trust over IP Foundation has many privacy experts, including a former Senior Advisor in the Office of the Information and Privacy Commissioner of Ontario, participating in the development of its standards. These experts also participate in or monitor the development of privacy frameworks around the world, including MyData Global, whose focus is “to make sure individuals are in a position to know and control their personal data, but also to gain personal knowledge from them and to claim their share of their benefits”.