Privacy- and Security-by-design
Privacy-by-design
Privacy-by-design (PbD) is a framework that was developed in the 1990s by Dr Ann Cavoukian and has since been adopted by the Global Privacy Assembly. PbD’s purpose is to protect data, the data owners, data custodians, and those who exchange data in digital environments. It is built on seven principles:
Proactive not reactive, preventative not remedial
Privacy as a default setting
Privacy embedded into design
Full functionality: positive-sum not zero-sum
End-to-end security – full lifecycle protection
Visibility and transparency – keep it open
Respect for user privacy – keep it user centric
PbD is not just about implementing these principles when designing and developing technology solutions, these principles should inform a company’s decision-making and business processes. By considering privacy at all stages of business development as well as privacy awareness with all staff, a company can strive to develop solutions that prevent privacy-related issues.
Meeco’s PbD Implementation
Meeco's Secure Value Exchange (SVX) platform is built with PbD in mind, we never read, mine or sell personal data. We provide the infrastructure for our partners to enable their customers to access, control and exchange their identity and personal data. We maintain user privacy by ensuring that all user data is end-to-end encrypted. This means that there is no way for anyone other than the data owner to view, edit, or manage the data without explicit consent of the owner.
The SVX Portal and Wallet application both demonstrate user-centric design. This is visible via their user interfaces (UIs) at each stage of a workflow where information is clearly conveyed to the user. By plainly stating why and where action is required, including consent methods, users can make informed decisions when sharing their data.
We hope that these PbD principles will be adopted by all of our customers when integrating with, implementing and utilising our APIs and supporting components.
Security-by-design
Security-by-design (SbD) is a concept that promotes the inclusion of security considerations at each stage of a product’s lifecycle. For example, instead of a product development team creating fixes or patches once a security threat has been identified, the entire team considers who, why and how a threat may occur at each stage of planning, design and development. By adopting this approach the final product delivered is more robust, less susceptible to data breaches, and generally more secure for users to engage with.
Meeco’s SbD Implementation
In August 2021, Meeco successfully passed the ISO27001 Security Audit and is now certified in Australia, Belgium and the UK. Meeco has successfully passed several major European and Australian retail bank security audits, along with an independent audit against the NIST Cybersecurity Framework by KPMG. We were able to achieve these outcomes by proving that SbD is implemented throughout our product lifecycle.
Examples of how we achieve SbD are listed below:
Secure Software Development Life Cycle
Security awareness and training
Static code analysis
Cybersecurity Mitigation Strategies
Information Security Manual (ISM) and Essential Eight
ISO 27001 Controls / Security Council
Azure Security Center / Defender for Cloud
Separation of Concerns
Separate development and operational teams
Last updated