There are several things we can do. Obviously, raising awareness and education is our job, and we're getting the word out there strongly. You should know that internationally, word about privacy by design is growing. As I mentioned, in 2010 it was made an international standard. If you go to our website, www.privacybydesign.ca, there's a lot of information that we share regularly.
Most organizations do PIAs, privacy impact assessments, when a new technology or a new best practice or process is introduced. You can require, or certainly request, that in the PIA process, privacy by design is reflected. If I can again encourage you to go to our website, last year we had a PBD PIA. PBD is privacy by design. This PIA was specifically developed to reflect the requirements of privacy by design in the PIA. It's one of the essential tools in any practice. When you have a new technology or business practice, you do a PIA to identify the privacy risks and address them before the program or business practice becomes operational.
By requiring the seven foundational principles of privacy by design to be reflected in the PIA, and thereby reflected in the new program or business practice, you can be assured, at least, that the issues are being addressed. The kind of data minimization you were speaking to earlier that would speak to preventing unintentional access to the data used for other purposes, the harms that arise when data are used in ways that were never intended—all the problems we are so concerned about—can be addressed right from the beginning. That's the beauty of privacy by design. It tries to identify the privacy harms right at the initial stages, when the technology is emerging or the program is just being developed.
If you embed privacy protective features at the nascent stage, right at the beginning, it's much easier to minimize the harm and address it before the program is operational or the technology is fully operational. It makes a big difference. I would point you to the PIA process as an ideal place. Also, we have it on a CD. I can send it to anyone who's interested.
How do you do privacy by design? I was asked in 2010, when privacy by design was made an international standard, if my office could offer some assistance to other regulators around the world on how to do this privacy by design thing. How do you actually operationalize it?
We developed a curriculum that I think is very accessible. It walks you through the various steps of the principles and how you would do it. I make that available to anyone who's interested. We've shared it with many universities and Intel and other companies. All the tech companies have it. It basically walks you through how you do privacy by design.