Introducing the Design Process Standard (v 1.0)

January 11, 2023

It’s been four years in the making! We started the IOPD in January 2021 (after sitting around and ruminating on it since 2019) and while it took a few months to get the ball rolling once the Institute officially formed, the Standards Committee spent a little over a year through 2021 and 2022 drafting, discussing, editing, reediting, soliciting and responding to public comments, and we eventually created the 1st iteration of what we hope will become a gold standard in Privacy by Design.

We’d like to thank members of Standards Committee: Denise Schoeneich, Stuart Shapiro, Kim Wuyts, Keith Harmon, and Tarana Damania for all of their hard work.

We’d also like to thank Board member Janelle Hsia who served as an unofficial committee member, as well as Kelea Ilac, our tireless administrator.

We are currently on the hunt for organizations that would like to adhere to the standard and apply as an early adopter for certification. If you’re interested or know a company who would be interested, please contact us.


This is only the first of two planned standards:.


Visual diagram showing the relationship between the design process standard and the product, service and business process standard and how the former feeds into the latter.

This standard covers the design process by which an organization designs it products, services or even other business process. The goal of this standard is to ensure privacy is a forethought in the design. The second standard, which we’ll be working on this year, will cover the end result – the product, service or business process – ensuring that it does, in fact, reduce privacy risks to an acceptable level. In theory, any product, service or business process designed and developed using the design standard, should result in meeting the subsequent standard, though the latter will have more rigorous risk tolerances included. On that note, we expect the upcoming standard to be a little hard to develop in achieving consensus on what the tolerance should be.


There is still lots of work to be done and we’d love your help! Here are some of the opportunities to get involved with the IOPD:

    • Become an Ambassador – Help spread the word and showcase your involvement with the Institute.

    • Help us find some first-mover companies that want to apply the standard to their organization. Contact us if that’s your company or you know one that would be a good fit.

    • Get nominated to be one of our Advisors or a member of the Standards Committee. Normally we take nominations from existing advisors, ambassadors and committee members, so reach out to one you know today. We’re looking for advisors that can help grow the organization and promote the standard in the privacy and broader communities. For the standards committee, we’re looking for experienced privacy professionals with a solid understanding of systems engineering, privacy threat modeling and related concepts.

    • Help recruit sponsoring organizations. If your business is interested in sponsoring the IOPD please get in touch. We’re on the hunt for forward thinking businesses that want to be on the forefront of privacy in the modern age.

Get in Touch!

We are seeking to fill two unpaid positions as members of the IOPD Board of Directors. Terms run for 2 years from appointment. Appointments may be renewed.