Are Designers Ready for Privacy by Design? Examining Perceptions of Privacy Among Information Systems Designers

Abstract

How do information systems designers handle privacy when designing systems? How do they perceive and interpret privacy? Privacy by Design (PbD) is the idea that designers should apply technological measures that aim to address privacy concerns, applied to the very same technology that might create the privacy risk. PbD requires system designers to apply inherent solutions for privacy issues, so to facilitate privacy within the system. PbD, and more generally information systems design, depends on the designers rather than on regulators or managers. Hence, the objective of this research is to explore designers' perceptions, attitudes, and prior knowledge as to privacy issues. To this end, we interviewed 27 experienced software designers from different domains in industry, including telecommunication, healthcare, and software infrastructure. Data were qualitatively analyzed in light the Fair Information Privacy Principles (FIPPs). Our findings indicate that software designers frame privacy mainly as a matter of information security; some refer also to secrecy and internal permission systems in the organization; other principles, such as notice, consent, and rectification, were hardly found as part of the designers' perception of privacy. Many of the designers perceive privacy as a theoretical-abstract concept, rather than an applicable principle in designing information systems. Moreover, they demonstrate an ambivalent attitude towards the issue whether they are responsible for addressing privacy concerns. In many cases, privacy is framed as a legal issue, handled by the organization's legal department, or as a data security issue, handled by security experts. In addition, designers report adopting organizational values and practices, specifically in cases where ignoring privacy concerns may benefit the business. We identified two important forces that affect privacy-related practices within organizations: (1) organizational policy, and (2) organizational climate, namely the norms and culture within the organization. These two forces can be aligned, as was frequently evident in the healthcare domain, and can, at times, be inconsistent, as we found in other domains, such as telecommunication. In the latter cases, designers reported that they comply with what they felt they were expected to do, namely with the organizational climate, rather than with the formal policy. The findings of this research shed some light onto the current state of privacy handling in new technologies, as well as point to obstacles for applying PbD. This, in turn, directs future steps to be taken in order to improve the protection of personal information. We believe that changing the organizational privacy climate to better support privacy in information systems would go a long way to improve design decision-making in this context. To this end, management commitment is an obligatory requirement, accompanied with the following activities: educating designers to be more familiar with the law and more aware of privacy issues and possible solutions; offering intra-organizational sources about privacy; forming a dedicated role within the organization to support designers when addressing privacy issues, such as a Chief Privacy Officer; and establishing technical internal review procedures to supervise and ensure that the design solutions fully and satisfactorily address relevant privacy policy.