Oracle Information InDepth



Stay Connected

Database Security

Oracle on Twitter Oracle on Facebook Oracle Blog

Identity Management

Oracle Identity Management on Twitter Oracle Identity Management on Facebook Oracle Blog 

March 2013

Subscribe Forward

Back to the main page

Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian

Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian together with Oracle released a new white paper titled "Privacy and Security by Design: A Convergence of Paradigms." We took the opportunity to find out why the commissioner believes privacy and security must be embedded into every standard, protocol, and process that touches our lives.

Q. Please explain what your job entails as Ontario’s information and privacy commissioner.
A. I am an officer of the legislature reporting to the provincial legislature, and therefore independent of the government of the day. I perform two roles. First, I am responsible for freedom of information relating to the public’s access to government records. Second, I enforce compliance with privacy laws, providing guidance on the protection of personal information, and investigating privacy complaints. Along with these responsibilities, I also have a mandate to educate the public and conduct research on access and privacy-related issues.

Q. Can privacy be self-regulated or must it be legislated? Where are you focusing efforts in 2013?
A. The future of privacy can no longer be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation. My efforts are focused on educating organizations on the tremendous benefits of embedding privacy directly into the architecture of IT systems and business practices.

Privacy should not be bolted on after the fact as an add-on. When privacy is an integral part of the system, it becomes an enabler of innovation. By taking a proactive approach to privacy, organizations will see long-term benefits for their business interests and their customers, which comes from fostering consumer confidence and trust.

Q. You are the creator of the concept of Privacy by Design. Can you explain this term?
A. Privacy by Design seeks to proactively embed privacy into the design specifications of information technologies, organizational practices, and networked infrastructures. To achieve the strongest protection possible, privacy should be built in from the outset—when initiatives are in their nascent stages.

The objectives of Privacy by Design—ensuring privacy and gaining user control over one’s own information, and, for organizations, gaining a sustainable competitive advantage—may be accomplished by implementing the seven foundational principles of the framework.

I developed these some time ago, but in 2010, Privacy by Design was unanimously approved as an international framework for privacy and data protection, and has since been translated into 30 languages

Q. How do you approach balancing privacy concerns with business interests—for example, the privacy impact of targeted ads that leverage a user's social media activity to promote business?
A. Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum, win-win manner, not through the dated, zero-sum approach where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security or privacy vs. business. Rather, it demonstrates that it is indeed possible to have both.

Above all, it requires architects and operators to keep their practices user-centric by offering such measures as strong privacy defaults, appropriate notice, and empowering, user-friendly options. Research shows that the default condition is the one that will prevail. By making privacy the default setting, users have the choice to opt-in, building a relationship of trust. It’s all about transparency, personal control, and freedom of choice.

Q. You have argued for the benefits of converging privacy and security—that is, building them jointly into the design of systems and operations. Why does this lead to greater success?
A. Quite simply, good privacy equals good business. Privacy and security must be proactively incorporated into networked infrastructure, data systems, and information technologies—by default. Both concepts are integral to organizational priorities, project objectives, design processes, and planning operations. By viewing the two concepts as complementary, it is indeed possible (and far more desirable) to achieve both privacy and security. Why settle for one when you can have both?

The results will provide companies with an enormous competitive advantage and will deliver a long-term payoff. If you avoid breaches of privacy, you also avoid the ensuing consequences, which can be both costly and time consuming. It is better to aim for breach avoidance rather than breach notification and resolution.

As a follow up to this interview, Oracle is proud to host a live Twitter conversation with the Commissioner on Thursday, April 4 at 10 a.m. PT/1 p.m. ET. Follow @OracleIDM to get the latest updates and use #PrivQA to follow the live Twitter conversation. Submit your questions before or during the live event using #PrivQA.

Download the white paper "Privacy and Security by Design: A Convergence of Paradigms."

Read the press release: A Convergence of Privacy and Security Yields the Biggest Gains for Business.

Find out more about Dr. Ann Cavoukian.

Back to Top

Please send questions or comments to

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

  Hardware and Software, Engineered to Work Together Contact Us | Legal Notices and Terms of Use | Privacy Statement
Oracle Corporation


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.