The industry has historically wanted to spend as little time thinking about data security and privacy as possible. The more time one spends thinking about security and privacy, the less time is spent actually pursuing insights!
This mentality is changing, though, for two reasons:
- Data is more integrated than ever, which significantly increases risk.
- Regulation (GDPR, specifically) is creating a set of accepted practices where there previously were none.
Often, posts on security and privacy are boring and high-level, which is why I don’t often link to them. This one, however, is excellent. It introduces a ton of concepts, all with links to explore in greater depth. It talks about work being done at universities and in industry. Highly recommended.
At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than as an addition.