Op-Ed: 6 factors to embed privacy at the heart of business

People often trade their privacy for some perceived benefit — for example, giving up their name, address, and possibly birthday to win a prize of some kind. With Privacy Awareness Week recently passed (1 to 7 May 2023) — which is designed to raise awareness of privacy issues and the importance of protecting personal information — it could be argued consumers across Australia will have an increased interest given the turbulent year the country experienced with data breaches in 2022.

It goes without saying that customers count on businesses and retailers to ensure their information is kept safe and handled securely. However, over the past 12 months in Australia, this trust has been broken, and organisations have fallen short of preserving the privacy of consumers.

This year’s Privacy Awareness Week theme was “back to basics”, which is where the conversation feels it needs to be, given recent events. Despite understanding that privacy is fundamental to our existence, we continue to ask the question: how do we protect it in the modern, fast-paced e-commerce world?

How do we best design digital identity systems with privacy at the heart?

For consumers, it could be argued that there are never enough times to be reminded of the steps they can take personally to protect their privacy when dealing with online retailers. Consumers protecting themselves in a fast-paced, complex digital world require a multifaceted approach that includes both proactive and reactive measures. From using strong and unique passwords, avoiding public Wi-Fi networks, and remaining cautious of phishing scams, the list of what to remain vigilant of seems endless.

However, one of the practices that consumers are becoming increasingly aware of is to limit the amount of personal information shared, avoiding giving out sensitive information too broadly, especially as effective digital identity solutions enter the mainstream.

In Australia, we are in the process of rolling out ConnectID nationally, the identity exchange that both improves identity verification and protects privacy.  As a national ecosystem that seamlessly connects Australia to trusted organisations, the exchange combines precision with privacy, only sharing exactly what is needed, when it is needed, with the right people. Designed to drive productivity and trust in Australia’s digital economy, ConnectID is backed by some of the largest organisations nationwide.

That said, designing an effective digital identity system with privacy at its heart has required careful consideration of several key factors, including:

VIEW ALL

• Privacy by design: The identity system should be designed with privacy as a core principle, not an afterthought. This means that privacy considerations should be integrated into every aspect of the design and development process, from the initial planning stages to implementation and ongoing management.
• Data minimisation: Collecting only the necessary information to authenticate an individual can help to reduce the risk of data breaches and minimise the amount of personal data stored. This means that the identity system should not collect and store data that is not necessary for the intended purpose.
• Strong encryption: The identity system should use strong encryption methods to protect the data that is collected. This ensures that even if data is intercepted, it will be unreadable and unusable without the appropriate decryption keys.
• User-centric approach: The identity system should be designed with the user in mind, ensuring that individuals have control over their personal data and can choose what information is shared, how it is shared, and with whom it is shared.
• Decentralised approach: A decentralised or distributed approach to identity management can enhance privacy by allowing users to maintain control over their personal data and identity rather than creating new identities. Instead of a single centralised database, a decentralised identity system would distribute data across multiple sources, where data is already maintained, reducing the risk of breaches and the creation of new honeypots of data.
• Transparency: The identity system should be transparent, providing clear information about how data is collected, used, and stored, as well as who has access to it. This helps to build trust with users and ensures that they are fully informed about the identity system’s privacy policies and practices.

Overall, designing digital identity systems, such as ConnectID, with privacy at the heart requires a holistic approach that considers the technical, legal, and ethical dimensions of identity management. By prioritising privacy and adopting best practices, we can build more secure and user-friendly identity systems that protect personal data while enabling seamless and secure authentication.

Andrew Black is the managing director at ConnectID.