Edit

423.1 Security and privacy by design

Understand the difference between privacy by design and security by design — and why both are essential in ethical software architecture.

Targets

  • Distinguish between privacy by design and security by design

  • Explain how these principles influence software architecture

  • Identify situations where privacy and security goals align — or compete

Syllabus references

Secure software architecture

  • Use and explain the ‘privacy by design’ approach in the development of software solutions, including: – proactive, not reactive approach – embed privacy into design – respect for user privacy

Understanding the distinction

Privacy by design and security by design are related but distinct principles. Both aim to protect users and reduce harm, but they do so in different ways.

  • Privacy by design focuses on limiting what data is collected, stored, and shared

  • Security by design focuses on protecting data and systems from attack or misuse

Good software architecture includes both, but developers must understand how they interact and where tensions may arise.

Privacy by design

Privacy by design ensures that data collection and processing respect user autonomy and legal protections. It is a proactive approach: privacy is built in, not added later.

Examples of privacy by design:

  • Collecting only necessary user data

  • Giving users control over what’s shared

  • Anonymising or deleting personal information

  • Minimising third-party data exposure

Key questions architects ask:

  • Do we need to collect this information at all?

  • Can users opt in or out?

  • Who else can see this data?

Security by design

Security by design ensures that whatever data is collected is stored, accessed, and transmitted safely. It anticipates threats and builds defences into the system.

Examples of security by design:

  • Encrypting personal data in transit and at rest

  • Limiting access through authentication and authorisation

  • Validating input and guarding against injection attacks

  • Monitoring for misuse or unauthorised access

Key questions architects ask:

  • How could this data be exploited?

  • What controls are in place to protect it?

  • What happens if a component fails or is attacked?

Balancing privacy and security

These principles are not in conflict, but they must be balanced

  • Collecting more data may help detect threats (security), but can create privacy risk

  • Strong authentication protects access (security), but may make systems harder to use (privacy/usability)

  • Anonymising logs protects privacy, but may limit forensic analysis (security)

Secure, privacy-aware systems are designed with trade-offs in mind. Architecture choices should be documented and justified.

Privacy and security have different goals, but overlap in practice

Summary

  • Privacy by design limits what data is collected and how it is used

  • Security by design protects systems and data from misuse or attack

  • Secure, ethical software requires both, even when goals compete

  • Architects must evaluate trade-offs and justify decisions

Previous423 Security by design and user contextNext423.2 Security design patterns

Last updated

Was this helpful?