For many years now, I’ve been concerned about the bombastic claims of many organizations that they do “privacy by design.” While I’ve tried to channel some of that concern into a systematic and rigorous process through my book, training and talks, I felt there needed to be some better imprimatur of doing privacy the right way.
A few years back, bolstered by the inclusion of certification of “Data Protection by Design and Default” under Articles 42 and 25 of the General Data Protection Regulation, I began seeking the counsel of luminaries such as Daniel Solove and Ann Cavoukian on the design and promotion of a standard around privacy by design. I also joined the US Technical Advisory Committee on ISO/PC 317 Privacy by Design for consumer goods and services. While some early talks encouraged the creation of a standard, I knew to gain legitimacy, I couldn’t just proclaim it “Jason’s standard.” Even with my subject matter expertise, I knew that to gain traction, I needed to explore options for tying the standard to an organization. That exploration eventually led to the founding of the Institute you see before you and the gathering of many experts and knowledgeable people in the field.
We now open the door to others to become part of the, hopefully, growing organization.
Our short-term roadmap is simple but many hurdles exist:
2022
- Publish a Privacy Design Process Standard – this standard will help organizations build privacy in products, services and business processes.
- Draft a Privacy Design Standard – this standard will be a gold standard for products, services or business processes, showcasing their incorporation of privacy in a particular offering.
- Begin certification of organizations’ privacy design processes under the Standard.
- Open up to a community of professionals using and contributing to the standard
2023
- Publish the Privacy Design Standard
- Begin certification of products, services and business processes under the Privacy Design Standard
- Explore options for accreditation of the Institute under Article 43 of GDPR
- Grow our community and promote the standard throughout the international privacy professional community
2024 and Beyond
- Seek accreditation of the Institute under Article 43 of the GDPR
- Seek accreditation of the Institute as a credential organization by ANSI National Accreditation Board
- Explore options for accreditation of the Institute under Article 43 of GDPR
- Continue to certify organizations, products, services and business processes
- Continue to grow and expand the organization
I hope you’ll join us on this journey. Membership is free, but if you’d like to become an individual Ambassador, with a listing on our website and the ability to comment and contributes, for the Institute, fill out an application. If your organization would like to support the Institute, please feel review the Corporate Sponsorship options.
I’m looking forward to the years ahead and bringing more privacy to the world.
– R. Jason Cronk, Founder and Chair, Institute of Operational Privacy Design
January 1st, 2022