MSECB logo in the brands color, dark red


Home → What we offer

Privacy by Design

Regulators, business leaders, and technologists all agree – an organization’s privacy efforts cannot be solely assured by compliance with regulations; privacy must become the default mode of an operation.

Privacy by Design: A Risk-Management Solution

Privacy by Design builds on the premise that privacy should be embedded into the design, operation, and management of IT systems, networks, and business practices to prevent privacy vulnerabilities and the potential for irreparable financial and reputational harm.

Originally developed by Dr. Ann Cavoukian, former Information and Privacy Commissioner of Ontario, Privacy by Design is now law under the EU’s General Data Protection Regulation (GDPR) and globally recognized as ISO 31700-1:2023 Consumer protection: Privacy by design for consumer goods and services.

Privacy by Design is structured around 7 Foundational Principles, which exist as a baseline for robust data protection.

Privacy by Design is structured around 7 Foundational Principles, which exist as a baseline for robust data protection:

Read More

Proactive not Reactive - Preventive not remedial

Organizations should take a proactive approach to data protection and privacy issues rather than a reactive approach.

Read more

Read More

Privacy as the Default Setting

Ensure that personal data is automatically protected in all IT systems and business practices.

Read more

Read More

Privacy Embedded into Design

Embed data protection into the design of any system, service, and product and business practice.

Read more

Read More

Full functionality,
Positive-sum, not Zero-sum

Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum approach...

Read more

Read More

End-to-End Security
Lifecycle protection

This principle emphasizes the continuous protection of personal data throughout the entire lifecycle of the data involved...

Read more

Read More

Visibility and Transparency
Keep It Open

This principle is about ensuring visibility and transparency to individuals, such as making sure that they know what data you process and for what purpose(s).

Read more

Read More

Respect for User Privacy
Keep It User-Centric

Privacy by Design requires architects and operators to keep the interests of the user as a priority, by offering strong privacy defaults, appropriate notice, user-centric and user-friendly interfaces.

Read more


Two-Step Process to Achieving Best-In-Class Privacy Standard:

1. Assessment

Taking a holistic, risk-based approach, KPMG assesses an organization’s product, service, process, or system using an assessment methodology structured around the 7 Foundational Principles of Privacy by Design, including Bill C-27, Law 25, international law (e.g. GDPR), regulatory expectations on facial recognition, artificial intelligence, and digital ID services, and ISO 31700-1:2023.

The assessment is conducted through a set of interviews with key stakeholders and a review of documentation. An organization’s current privacy controls and information handling practices are reviewed to assess whether the organization meets the applicable criteria.

KPMG issues an ISO 31700 Privacy by Design Assessment Report revealing a current state ‘snapshot’ of an organization’s privacy posture along with a roadmap that identifies gap remediations. Once the organization achieves a ‘clean report’, without any gaps or deficiencies, it can proceed to Step Two of the certification process.


2. Certification

An organization is eligible to be certified by MSECB, a third-party certification body, which reviews KPMG’s ISO 31700 Privacy by Design Assessment Report. If satisfied on its own criteria, MSECB will issue ISO 31700-1:2023 – Privacy by Design Certification Seal for the organization’s product, service, process, or system. The Certification Seal can be displayed on the company product offering for three years, if it continues to meet the obligations under Privacy by Design through MSECB’ attestation process (to ensure against material changes).

Compliance with ISO 31700-1:2023 – Privacy by Design allows an organization to achieve a “defensible” position. An ISO 31700-1:2023 – Privacy by Design Certification demonstrates an organization’s proactive, risk-based approach to achieving compliance and building a true due-diligence defense in the event of a privacy breach, investigation, and/or complaint.

To view the ISO 31700-1:2023 – Privacy by Design Certification Process,
please click here.

Implement the Solution;
Obtain the Results

Obtaining an ISO 31700-1:2023 – Privacy by Design Certification, as a risk-based solution, leads to positive results. Privacy by Design certification serves as a valuable tool to achieve a “defensible position” and demonstrates a proactive risk-based approach to minimize risk and achieve compliance. It also serves as a competitive advantage to earn consumer trust and loyalty with new technologies, services, or processes.