There have been myriad data breaches and security problems recently with private and public sector systems. As more sensitive data is passed through more hands — corporate and government — there needs to be an emphasis on security.
Although the Consumer Financial Protection Bureau is focused on financial data, its call for privacy protections to be built into systems from the beginning is valuable for all sectors. In the case of the CFPB, it has set out guiding principles of data privacy and security for the creation of new payment systems.
These new systems are aimed at reducing “pocket-to-pocket” payment times between consumers and businesses or other entities. The CFPB wants to ensure any new payment systems are secure, transparent, accessible, and affordable to consumers. The systems should also have robust protections when it comes to fraud and error resolution. […]
The CFPB wants to ensure that consumer protections are at the forefront as new and improved payment systems are developed. The protections recommended in today’s Consumer Protection Principles relate to privacy, transparency, costs, security, and consumer control. They also relate to funds availability, fraud and error resolution protections, and payment system accessibility.
This isn’t a new idea. For years, security and privacy experts have explained that it is far better to prioritize security and privacy from the beginning than to attempt to retrofit the systems later, when concerns are raised. For example, in 2012, the Federal Trade Commission urged “privacy by design” in its “Best Practices for Common Uses of Facial Recognition Technologies” report (pdf).
And the concept is widely accepted internationally, as well. In 2007, European Data Protection Supervisor Peter Hustinx urged privacy by design in the use of radio frequency identification (RFID) technology (pdf report). Ann Cavoukian, Ontario’s Information and Privacy Commissioner, has been promoting the privacy by design concept for years (pdf).