Privacy by design is conceptually simple. It is putting privacy into practice in system architectures and software development from the beginning and throughout the system lifecycle. However, system developers and privacy engineers responsible for implementing it face many simple but hard-to-answer questions. The first release of Fides, an open-source, human-readable description language, constitutes a step forward in offering a unified solution to these challenges.
It is challenging when it comes to determining where is the actual data in an enterprise; what types of information fall under personal data; and how to set up a data deletion process for structured as well as unstructured data. To address these challenges, a new approach privacy-as-code – privacy built into the code itself was formulated. The approach classifies data employing a method that ensures the privacy attributes of the data are obvious within the code structure.
Based on the data-serialization language YAML, Fides allows system developers and privacy engineers to write code with privacy baked into it. It is based on common definitions of types, categories, and purposes of personal data. Developers using this language can quickly identify where privacy-related information is at any point in software development. Equally, engineers will be able to glimpse whose data is in the system and its purpose.
The privacy-related characteristics and behaviors of code and databases are derived from a new privacy taxonomy. Fides’ privacy taxonomy is used to label and classify data, to swiftly fathom what, whose and why data is processed or shared. The taxonomy distinguishes four levels of hierarchy: data categories, data use, and data subject categories and data qualifiers. Each of those hierarchical levels can be broken down into a variety of subclasses of annotations that allow for the needed granularity.
Fides is the first step in building privacy into the language of the code. Its practical and standardized approach towards privacy management in system and software development has many potential uses. Now it is up to the community to ensure Fides become the tool for interoperability. Hence, the feedback from the community is crucial for achieving privacy by design at the very core of development processes.
Click here to read the original article published by IAPP.
Please give your feedback on this article or share a similar story for publishing by clicking here.
