Privacy by Design:  Thoughts from the CPO

[fa icon="calendar"] Apr 5, 2017 1:31:48 PM / by John Bliss

John Bliss


Privacy by Design is an approach to systems engineering which takes privacy into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., to take human values into account in a well-defined manner throughout the whole process and may have been derived from this.

Given recent events in the Market, embedding a design based approach to privacy is prudent:


US Financial Institutions maintain regulatory requirements across jurisdictions (state, federal and international) to protect the personal data of their customers and employees. The Federal Trade Commission has taken enforcement action in 60 cases against businesses that it charged with failing to provide reasonable and appropriate protections for consumers’ personal information.  These actions have resulted in significant fines and penalties and adverse publicity.


This becomes increasingly challenging as hackers infiltrate more and more systems despite robust security and privacy controls. Data breaches of financial institutions are on the rise and costly. According to the Ponemon Institute:

  • Data breaches are costing financial institutions $264 per capita!
  • Customer trust is eroded by even a minor data breach or inappropriate access to personal data.

 Most data breaches are caused by criminal and malicious attacks. Hacked personal data from banks and other institutions are sold on the black market to commit identity theft against bank patrons.

 Large institutions are not the only targets. Hacks, data breaches and identity theft are committed against small, medium and regional banks too!

 Desperately needed are affordable services to quickly ascertain the privacy “health” of a financial institution, and remediate identified weaknesses. Doing so will diminish the risk of damaging hacks and breaches. More importantly, preserving privacy health will ensure trust is maintained with banking customers.


This is why I’m pleased that our executive leadership and board of directors have demonstrated the foresight to authorize a full time privacy position at @Risk -- me!

 I’m further pleased that we are planning to roll out a privacy risk assessment score card that mirrors our cyber solution.

 While we are still in the planning stages, here’s a preview of what we’re building.  @Risk’s Privacy Service will identify and quickly remediate privacy risks in just a few easy steps:

  • You will complete our online Privacy Risk Assessment Form
  • We will immediately rank your institution’s privacy risk level based on a proprietary risk scoring algorithm that incorporates FIPs, state, federal and international norms and guidance, and Privacy by Design principles.
  • You may then elect to remediate in several ways, depending on the level of perceived institutional risk:
    • Receive a one-time Remediation Report which your Privacy and Security Teams can use as a roadmap to implement needed policies, procedures and controls
    • Receive a Quarterly Remediation Audit and Report from @Risk to ensure initially identified risks are being properly addressed
    • Where risk levels are high, complex, or where you are simply understaffed we provide a Chief Privacy Officer as a Service on a monthly basis.

 @RISK Technologies Privacy Services will be priced to not break the bank!  Our services will be user friendly, and you will be given extremely prompt attention to your privacy needs and concerns.

If you have any questions or thoughts about the product we are building, don’t hesitate to drop me a line or call me using the contact information below.

 Thanks for reading.

John Bliss
Chief Privacy Officer
@RISK Technologies.

(800) 426-0178 


Topics: Privacy by design, cyber

John Bliss

Written by John Bliss

Lawyer turned technologist and entrepreneur. An innovative and creative thinker, strategist and doer. I work, live and play in Boulder, Colorado where I am a privacy and government affairs advisor to technology startups. In former lives, I worked at the intersection of law, politics, technology and policy on or around Capitol Hill. When I'm not thinking about Big Data and privacy, I'm racing (or thinking of racing) my mountain or cyclocross bike. Specialties: Big Data, mobile, social, video, internet law and policy, privacy and civil liberties law and policy, national security policy and politics, government affairs, coalition/team building, strategy (corporate, legal, political), persuasion, and getting the most out of life.