Privacy by Design Framework

Described in great detail in this Smashing Magazine article, the goal of Privacy by Design:

The Privacy by Design framework prevents privacy-invasive events before they happen. Privacy by Design does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred; it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.

1. Privacy must be proactive, not reactive, and must anticipate privacy issues before they reach the user. Privacy must also be preventative, not remedial.
2. Privacy must be the default setting. The user should not have to take actions to secure their privacy, and consent for data sharing should not be assumed.
3. Privacy must be embedded into design. It must be a core function of the product or service, not an add-on.
4. Privacy must be positive sum and should avoid dichotomies. For example, PbD sees an achievable balance between privacy and security, not a zero-sum game of privacy or security.
5. Privacy must offer end-to-end lifecycle protection of user data. This means engaging in proper data minimization,  retention and deletion processes.
6. Privacy standards must be visible, transparent, open, documented and independently verifiable. Your processes, in other words, must stand up to external scrutiny.
7. Privacy must be user-centric. This means giving users granular privacy options, maximized privacy defaults, detailed privacy information notices, user-friendly options and clear notification of changes.

How CareHubs Works

We follow the Privacy by Design framework as a guide in our development practices to ensure user trust and prevent user information from being exposed in a way that they are not comfortable with.